[llvm] [BOLT][binary-analysis] Fix pac-ret scanner's "major limitation" (PR #136664)
Kristof Beyls via llvm-commits
llvm-commits at lists.llvm.org
Thu Apr 24 02:46:34 PDT 2025
Gergely =?utf-8?q?Bálint?=,Gergely Balint <gergely.balint at arm.com>,Gergely
Balint <gergely.balint at arm.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/136664 at github.com>
================
@@ -632,8 +635,15 @@ bool CFIReaderWriter::fillCFIInfoFor(BinaryFunction &Function) const {
// DW_CFA_GNU_window_save and DW_CFA_GNU_NegateRAState just use the same
// id but mean different things. The latter is used in AArch64.
if (Function.getBinaryContext().isAArch64()) {
- Function.addCFIInstruction(
- Offset, MCCFIInstruction::createNegateRAState(nullptr));
+ // llvm-bolt-binary-analysis and llvm-heatmap do not need this CFI, as
+ // they are not producing a binary. For other tools, we should refuse
+ // processing the binary, until PAC support is added.
+ if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
+ BC.errs() << "BOLT-ERROR: pointer authentication is not supported "
+ "yet. Please compile "
+ "your target binary using '-mbranch-protection=none'.\n";
----------------
kbeyls wrote:
I would not recommend users to turn of a security hardening feature in an error message.
Maybe it'd be better to instead say something like
```
"BOLT-ERROR: binaries using pac-ret hardening (e.g. as produced by '-mbranch-protection=pac-ret') are currently not supported by BOLT\n";
```
https://github.com/llvm/llvm-project/pull/136664
More information about the llvm-commits
mailing list