This is an archive of the discontinued LLVM Phabricator instance.

[X86][CET] Support to build LLVM toolchain with CET enabled.
Needs ReviewPublic

Authored by xiongji90 on Jul 7 2021, 7:11 PM.

Download Raw Diff

Details

Reviewers

LuoYuanke
hjl.tools

Summary

This patch is the first one of a series of patches aiming to support to build llvm toolchain(compiler, tools, libraries) with CET enabled. Currently, CET has been implemented in x86 Linux target and in order to compile source code with CET enabled, "-fcf-protection=full" should be added. CET introduces 'IBT' which restricts the target of indirect jumps and 'SHSTK' is also introduced which aims to check the return address when a function is going to return to caller. This patch introduces the option "LLVM_BUILD_CET_ENABLE", if you want to build compiler and libraries with CET enabled, you can set this option to ON:
cmake -G "Unix Makefiles" -DLLVM_BUILD_CET_ENABLE=ON ...
The default value is OFF. Not all subprojects support building with CET, so we don't add any CET build option in this patch. For those subprojects which have already supported CET, they can add CET building option based on "LLVM_BUILD_CET_ENABLE" option.

Diff Detail

Event Timeline

xiongji90 created this revision.Jul 7 2021, 7:11 PM

Herald added subscribers: pengfei, mgorny. · View Herald TranscriptJul 7 2021, 7:11 PM

xiongji90 requested review of this revision.Jul 7 2021, 7:11 PM

Herald added a project: Restricted Project. · View Herald TranscriptJul 7 2021, 7:11 PM

Herald added a subscriber: llvm-commits. · View Herald Transcript

xiongji90 added a reviewer: hjl.tools.Jul 7 2021, 7:17 PM

Harbormaster completed remote builds in B112904: Diff 357113.Jul 7 2021, 7:45 PM

xiongji90 mentioned this in D105968: [libunwind][CET] Support exception handling stack unwind in CET environment.Jul 14 2021, 1:47 AM

manojgupta added a subscriber: manojgupta.Jul 16 2021, 10:24 AM

manojgupta added inline comments.Jul 19 2021, 10:13 AM

llvm/cmake/modules/HandleLLVMOptions.cmake
372	I am not an expert in CMake but I think we need to add support for this option per subproject as well since the projects can be built independent of LLVM e.g. : compiler-rt, libcxx, libcxxbi, libunwind can be built separately without compiling llvm.

xiongji90 added inline comments.Jul 20 2021, 12:23 AM

llvm/cmake/modules/HandleLLVMOptions.cmake
372	Hi, @manojgupta Agree on your suggestion. Enabling CET for each subproject one by one should be the correct practice. I will update the patch to remove adding CET compiling options here, do you think we can keep "LLVM_BUILD_CET_ENABLE" here? When all subprojects have been enabled CET building, we can use this option to build whole llvm toolchain with CET enabled. Thanks very much!

xiongji90 updated this revision to Diff 360689.Jul 21 2021, 8:45 PM

xiongji90 edited the summary of this revision. (Show Details)

Harbormaster completed remote builds in B115481: Diff 360689.Jul 21 2021, 9:25 PM

Revision Contents

Path

Size

llvm/

CMakeLists.txt

4 lines

cmake/

modules/

HandleLLVMOptions.cmake

11 lines

LLVMConfig.cmake.in

2 lines

docs/

CMake.rst

4 lines

Diff 357113

llvm/CMakeLists.txt

	Show First 20 Lines • Show All 507 Lines • ▼ Show 20 Lines

	# Define an option controlling whether we should build for 32-bit on 64-bit			# Define an option controlling whether we should build for 32-bit on 64-bit
	# platforms, where supported.			# platforms, where supported.
	if( CMAKE_SIZEOF_VOID_P EQUAL 8 AND NOT (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "AIX"))			if( CMAKE_SIZEOF_VOID_P EQUAL 8 AND NOT (WIN32 OR ${CMAKE_SYSTEM_NAME} MATCHES "AIX"))
	# TODO: support other platforms and toolchains.			# TODO: support other platforms and toolchains.
	option(LLVM_BUILD_32_BITS "Build 32 bits executables and libraries." OFF)			option(LLVM_BUILD_32_BITS "Build 32 bits executables and libraries." OFF)
	endif()			endif()

				if(NOT WIN32)
				option(LLVM_BUILD_CET_ENABLE "Build executables and libraries with CET enabled." OFF)
				endif()

	# Define the default arguments to use with 'lit', and an option for the user to			# Define the default arguments to use with 'lit', and an option for the user to
	# override.			# override.
	set(LIT_ARGS_DEFAULT "-sv")			set(LIT_ARGS_DEFAULT "-sv")
	if (MSVC_IDE OR XCODE)			if (MSVC_IDE OR XCODE)
	set(LIT_ARGS_DEFAULT "${LIT_ARGS_DEFAULT} --no-progress-bar")			set(LIT_ARGS_DEFAULT "${LIT_ARGS_DEFAULT} --no-progress-bar")
	endif()			endif()
	set(LLVM_LIT_ARGS "${LIT_ARGS_DEFAULT}" CACHE STRING "Default options for lit")			set(LLVM_LIT_ARGS "${LIT_ARGS_DEFAULT}" CACHE STRING "Default options for lit")

	▲ Show 20 Lines • Show All 626 Lines • Show Last 20 Lines

llvm/cmake/modules/HandleLLVMOptions.cmake

Show First 20 Lines • Show All 360 Lines • ▼ Show 20 Lines	if( LLVM_BUILD_32_BITS )
set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -m32")		set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} -m32")

# FIXME: CMAKE_SIZEOF_VOID_P is still 8		# FIXME: CMAKE_SIZEOF_VOID_P is still 8
add_definitions(-D_LARGEFILE_SOURCE)		add_definitions(-D_LARGEFILE_SOURCE)
add_definitions(-D_FILE_OFFSET_BITS=64)		add_definitions(-D_FILE_OFFSET_BITS=64)
endif( LLVM_BUILD_32_BITS )		endif( LLVM_BUILD_32_BITS )
endif( CMAKE_SIZEOF_VOID_P EQUAL 8 AND NOT WIN32 )		endif( CMAKE_SIZEOF_VOID_P EQUAL 8 AND NOT WIN32 )

		# To enable CET in compilation, "-fcf-protection=full" should
		# be added. Currently, CET has been implemented in x86 GNU/Linux target.
		if(NOT WIN32)
		if( LLVM_BUILD_CET_ENABLE)
		manojguptaUnsubmitted Not Done Reply Inline Actions I am not an expert in CMake but I think we need to add support for this option per subproject as well since the projects can be built independent of LLVM e.g. : compiler-rt, libcxx, libcxxbi, libunwind can be built separately without compiling llvm. manojgupta: I am not an expert in CMake but I think we need to add support for this option per subproject…
		xiongji90AuthorUnsubmitted Done Reply Inline Actions Hi, @manojgupta Agree on your suggestion. Enabling CET for each subproject one by one should be the correct practice. I will update the patch to remove adding CET compiling options here, do you think we can keep "LLVM_BUILD_CET_ENABLE" here? When all subprojects have been enabled CET building, we can use this option to build whole llvm toolchain with CET enabled. Thanks very much! xiongji90: Hi, @manojgupta Agree on your suggestion. Enabling CET for each subproject one by one should…
		add_flag_if_supported("-fcf-protection=full" CET)
		if((NOT C_SUPPORTS_CET) OR (NOT CXX_SUPPORTS_CET))
		message(FATAL_ERROR "The compiler used for building doesn't support CET!")
		endif()
		endif( LLVM_BUILD_CET_ENABLE)
		endif()

# If building on a GNU specific 32-bit system, make sure off_t is 64 bits		# If building on a GNU specific 32-bit system, make sure off_t is 64 bits
# so that off_t can stored offset > 2GB.		# so that off_t can stored offset > 2GB.
# Android until version N (API 24) doesn't support it.		# Android until version N (API 24) doesn't support it.
if (ANDROID AND (ANDROID_NATIVE_API_LEVEL LESS 24))		if (ANDROID AND (ANDROID_NATIVE_API_LEVEL LESS 24))
set(LLVM_FORCE_SMALLFILE_FOR_ANDROID TRUE)		set(LLVM_FORCE_SMALLFILE_FOR_ANDROID TRUE)
endif()		endif()
if( CMAKE_SIZEOF_VOID_P EQUAL 4 AND NOT LLVM_FORCE_SMALLFILE_FOR_ANDROID)		if( CMAKE_SIZEOF_VOID_P EQUAL 4 AND NOT LLVM_FORCE_SMALLFILE_FOR_ANDROID)
# FIXME: It isn't handled in LLVM_BUILD_32_BITS.		# FIXME: It isn't handled in LLVM_BUILD_32_BITS.
▲ Show 20 Lines • Show All 854 Lines • Show Last 20 Lines

llvm/cmake/modules/LLVMConfig.cmake.in

	Show First 20 Lines • Show All 68 Lines • ▼ Show 20 Lines
	set(LLVM_ENABLE_DIA_SDK @LLVM_ENABLE_DIA_SDK@)			set(LLVM_ENABLE_DIA_SDK @LLVM_ENABLE_DIA_SDK@)

	set(LLVM_NATIVE_ARCH @LLVM_NATIVE_ARCH@)			set(LLVM_NATIVE_ARCH @LLVM_NATIVE_ARCH@)

	set(LLVM_ENABLE_PIC @LLVM_ENABLE_PIC@)			set(LLVM_ENABLE_PIC @LLVM_ENABLE_PIC@)

	set(LLVM_BUILD_32_BITS @LLVM_BUILD_32_BITS@)			set(LLVM_BUILD_32_BITS @LLVM_BUILD_32_BITS@)

				set(LLVM_BUILD_CET_ENABLE @LLVM_BUILD_CET_ENABLE@)

	if (NOT "@LLVM_PTHREAD_LIB@" STREQUAL "")			if (NOT "@LLVM_PTHREAD_LIB@" STREQUAL "")
	set(LLVM_PTHREAD_LIB "@LLVM_PTHREAD_LIB@")			set(LLVM_PTHREAD_LIB "@LLVM_PTHREAD_LIB@")
	endif()			endif()

	set(LLVM_ENABLE_PLUGINS @LLVM_ENABLE_PLUGINS@)			set(LLVM_ENABLE_PLUGINS @LLVM_ENABLE_PLUGINS@)
	set(LLVM_EXPORT_SYMBOLS_FOR_PLUGINS @LLVM_EXPORT_SYMBOLS_FOR_PLUGINS@)			set(LLVM_EXPORT_SYMBOLS_FOR_PLUGINS @LLVM_EXPORT_SYMBOLS_FOR_PLUGINS@)
	set(LLVM_PLUGIN_EXT @LLVM_PLUGIN_EXT@)			set(LLVM_PLUGIN_EXT @LLVM_PLUGIN_EXT@)

	▲ Show 20 Lines • Show All 51 Lines • Show Last 20 Lines

llvm/docs/CMake.rst

Show First 20 Lines • Show All 244 Lines • ▼ Show 20 Lines	LLVM_APPEND_VC_REV:BOOL
``llvm/include/llvm/Support/VCSRevision.h``. Developers using git who don't		``llvm/include/llvm/Support/VCSRevision.h``. Developers using git who don't
need revision info can disable this option to avoid re-linking most binaries		need revision info can disable this option to avoid re-linking most binaries
after a branch switch. Defaults to ON.		after a branch switch. Defaults to ON.

LLVM_BUILD_32_BITS:BOOL		LLVM_BUILD_32_BITS:BOOL
Build 32-bit executables and libraries on 64-bit systems. This option is		Build 32-bit executables and libraries on 64-bit systems. This option is
available only on some 64-bit Unix systems. Defaults to OFF.		available only on some 64-bit Unix systems. Defaults to OFF.

		LLVM_BUILD_CET_ENABLE:BOOL
		Build executables and libraries with CET enabled. CET is currently implemented
		in x86 GNU/Linux target. Defaults to OFF.

LLVM_BUILD_BENCHMARKS:BOOL		LLVM_BUILD_BENCHMARKS:BOOL
Adds benchmarks to the list of default targets. Defaults to OFF.		Adds benchmarks to the list of default targets. Defaults to OFF.

LLVM_BUILD_DOCS:BOOL		LLVM_BUILD_DOCS:BOOL
Adds all enabled documentation targets (i.e. Doxgyen and Sphinx targets) as		Adds all enabled documentation targets (i.e. Doxgyen and Sphinx targets) as
dependencies of the default build targets. This results in all of the (enabled)		dependencies of the default build targets. This results in all of the (enabled)
documentation targets being as part of a normal build. If the ``install``		documentation targets being as part of a normal build. If the ``install``
target is run then this also enables all built documentation targets to be		target is run then this also enables all built documentation targets to be
▲ Show 20 Lines • Show All 666 Lines • Show Last 20 Lines