[libc] [llvm] [libc] enable stack protectors and frame pointers on default (PR #86288)
Schrodinger ZHU Yifan via llvm-commits
llvm-commits at lists.llvm.org
Fri Mar 29 14:49:33 PDT 2024
https://github.com/SchrodingerZhu updated https://github.com/llvm/llvm-project/pull/86288
>From c5ee2f0135713c7767c4f18cdd112c7b1b3dd54d Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:11:18 -0400
Subject: [PATCH 1/4] [libc] enable stack protectors and frame pointers on
default
---
libc/CMakeLists.txt | 4 ++++
libc/cmake/modules/LLVMLibCCompileOptionRules.cmake | 9 +++++++++
.../bazel/llvm-project-overlay/libc/libc_build_rules.bzl | 9 +++++++--
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/libc/CMakeLists.txt b/libc/CMakeLists.txt
index a0d79858a896ad..0c1fdae04cf955 100644
--- a/libc/CMakeLists.txt
+++ b/libc/CMakeLists.txt
@@ -47,6 +47,10 @@ set(LIBC_NAMESPACE ${default_namespace}
CACHE STRING "The namespace to use to enclose internal implementations. Must start with '__llvm_libc'."
)
+# Codegen options.
+option(LLVM_LIBC_KEEP_FRAME_POINTER "Keep frame pointers in LLVM libc" ON)
+option(LLVM_LIBC_ENABLE_STACK_PROTECTOR "Enable stack protector for LLVM libc" ON)
+
if(LLVM_LIBC_FULL_BUILD OR LLVM_LIBC_GPU_BUILD)
if(NOT LIBC_HDRGEN_EXE)
# We need to set up hdrgen first since other targets depend on it.
diff --git a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
index 5bc0898298ce39..df7311f8ec6d9d 100644
--- a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
+++ b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
@@ -60,6 +60,15 @@ function(_get_common_compile_options output_var flags)
if (LIBC_CC_SUPPORTS_PATTERN_INIT)
list(APPEND compile_options "-ftrivial-auto-var-init=pattern")
endif()
+ if (LLVM_LIBC_KEEP_FRAME_POINTER)
+ list(APPEND compile_options "-fno-omit-frame-pointer")
+ if (LIBC_TARGET_ARCHITECTURE_IS_X86)
+ list(APPEND compile_options "-mno-omit-leaf-frame-pointer")
+ endif()
+ endif()
+ if (LLVM_LIBC_ENABLE_STACK_PROTECTOR)
+ list(APPEND compile_options "-fstack-protector-strong")
+ endif()
list(APPEND compile_options "-Wall")
list(APPEND compile_options "-Wextra")
# -DLIBC_WNO_ERROR=ON if you can't build cleanly with -Werror.
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 7d815bc4a2299c..89ac906e2f3afb 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -78,15 +78,20 @@ def libc_function(
its deps.
**kwargs: Other attributes relevant for a cc_library. For example, deps.
"""
-
+ # x86 targets have -mno-omit-leaf-frame-pointer.
+ copts = selects.with_or({
+ PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
+ "//conditions:default": []
+ })
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
- copts = copts or []
copts = copts + [
"-O3",
"-fno-builtin",
"-fno-lax-vector-conversions",
"-ftrivial-auto-var-init=pattern",
+ "-fno-omit-frame-pointer",
+ "-fstack-protector-strong",
]
# We compile the code twice, the first target is suffixed with ".__internal__" and contains the
>From db54ba12b3cd0dda2da8b4510bd5cd568da12b11 Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:20:54 -0400
Subject: [PATCH 2/4] fix bazel
---
.../llvm-project-overlay/libc/libc_build_rules.bzl | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 89ac906e2f3afb..12c8145e9b06e7 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -78,11 +78,6 @@ def libc_function(
its deps.
**kwargs: Other attributes relevant for a cc_library. For example, deps.
"""
- # x86 targets have -mno-omit-leaf-frame-pointer.
- copts = selects.with_or({
- PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
- "//conditions:default": []
- })
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
copts = copts + [
@@ -93,6 +88,12 @@ def libc_function(
"-fno-omit-frame-pointer",
"-fstack-protector-strong",
]
+ # x86 targets have -mno-omit-leaf-frame-pointer.
+ platform_copts = selects.with_or({
+ PLATFORM_CPU_X86_64: ["-mno-omit-leaf-frame-pointer"],
+ "//conditions:default": []
+ })
+ copts = copts + platform_copts
# We compile the code twice, the first target is suffixed with ".__internal__" and contains the
# C++ functions in the "LIBC_NAMESPACE" namespace. This allows us to test the function in the
>From 943b2347b72850f8fbb1de1c54139b1c26354469 Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 22 Mar 2024 10:22:25 -0400
Subject: [PATCH 3/4] fix bazel
---
utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl | 1 +
1 file changed, 1 insertion(+)
diff --git a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
index 12c8145e9b06e7..7dc12bade2605a 100644
--- a/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
+++ b/utils/bazel/llvm-project-overlay/libc/libc_build_rules.bzl
@@ -80,6 +80,7 @@ def libc_function(
"""
# We use the explicit equals pattern here because append and += mutate the
# original list, where this creates a new list and stores it in deps.
+ copts = copts or []
copts = copts + [
"-O3",
"-fno-builtin",
>From da205637efadf762272a115dd82c4a4b3596307f Mon Sep 17 00:00:00 2001
From: Schrodinger ZHU Yifan <yifanzhu at rochester.edu>
Date: Fri, 29 Mar 2024 17:47:44 -0400
Subject: [PATCH 4/4] use config.json instead
---
libc/CMakeLists.txt | 4 ----
libc/cmake/modules/LLVMLibCCompileOptionRules.cmake | 4 ++--
libc/config/config.json | 10 ++++++++++
libc/docs/configure.rst | 3 +++
4 files changed, 15 insertions(+), 6 deletions(-)
diff --git a/libc/CMakeLists.txt b/libc/CMakeLists.txt
index 0c1fdae04cf955..a0d79858a896ad 100644
--- a/libc/CMakeLists.txt
+++ b/libc/CMakeLists.txt
@@ -47,10 +47,6 @@ set(LIBC_NAMESPACE ${default_namespace}
CACHE STRING "The namespace to use to enclose internal implementations. Must start with '__llvm_libc'."
)
-# Codegen options.
-option(LLVM_LIBC_KEEP_FRAME_POINTER "Keep frame pointers in LLVM libc" ON)
-option(LLVM_LIBC_ENABLE_STACK_PROTECTOR "Enable stack protector for LLVM libc" ON)
-
if(LLVM_LIBC_FULL_BUILD OR LLVM_LIBC_GPU_BUILD)
if(NOT LIBC_HDRGEN_EXE)
# We need to set up hdrgen first since other targets depend on it.
diff --git a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
index df7311f8ec6d9d..40a1cfda060e6f 100644
--- a/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
+++ b/libc/cmake/modules/LLVMLibCCompileOptionRules.cmake
@@ -60,13 +60,13 @@ function(_get_common_compile_options output_var flags)
if (LIBC_CC_SUPPORTS_PATTERN_INIT)
list(APPEND compile_options "-ftrivial-auto-var-init=pattern")
endif()
- if (LLVM_LIBC_KEEP_FRAME_POINTER)
+ if (LIBC_CONF_KEEP_FRAME_POINTER)
list(APPEND compile_options "-fno-omit-frame-pointer")
if (LIBC_TARGET_ARCHITECTURE_IS_X86)
list(APPEND compile_options "-mno-omit-leaf-frame-pointer")
endif()
endif()
- if (LLVM_LIBC_ENABLE_STACK_PROTECTOR)
+ if (LIBC_CONF_ENABLE_STACK_PROTECTOR)
list(APPEND compile_options "-fstack-protector-strong")
endif()
list(APPEND compile_options "-Wall")
diff --git a/libc/config/config.json b/libc/config/config.json
index b73c47b1a14bc7..d6ef891b9f260f 100644
--- a/libc/config/config.json
+++ b/libc/config/config.json
@@ -30,5 +30,15 @@
"value": false,
"doc": "Inserts prefetch for write instructions (PREFETCHW) for memset on x86 to recover performance when hardware prefetcher is disabled."
}
+ },
+ "codegen": {
+ "LIBC_CONF_KEEP_FRAME_POINTER": {
+ "value": true,
+ "doc": "Keep frame pointer in functions for better debugging experience."
+ },
+ "LIBC_CONF_ENABLE_STRONG_STACK_PROTECTOR": {
+ "value": true,
+ "doc": "Enable -fstack-protector-strong to defend against stack smashing attack."
+ }
}
}
diff --git a/libc/docs/configure.rst b/libc/docs/configure.rst
index a177550647bd91..8f8c44caa11539 100644
--- a/libc/docs/configure.rst
+++ b/libc/docs/configure.rst
@@ -25,6 +25,9 @@ See the main ``config/config.json``, and the platform and architecture specific
overrides in ``config/<platform>/config.json`` and ``config/<platform>/<arch>/config.json,``
to learn about the defaults for your platform and target.
+* **"codegen" options**
+ - ``LIBC_CONF_ENABLE_STRONG_STACK_PROTECTOR``: Enable -fstack-protector-strong to defend against stack smashing attack.
+ - ``LIBC_CONF_KEEP_FRAME_POINTER``: Keep frame pointer in functions for better debugging experience.
* **"printf" options**
- ``LIBC_CONF_PRINTF_DISABLE_FIXED_POINT``: Disable printing fixed point values in printf and friends.
- ``LIBC_CONF_PRINTF_DISABLE_FLOAT``: Disable printing floating point values in printf and friends.
More information about the llvm-commits
mailing list