$ clang-12: error: -fstack-clash-protection is not supported on Windows or Mac OS X
Details
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
clang/include/clang/Basic/DiagnosticDriverKinds.td | ||
---|---|---|
276–277 | There are more OSes than Linux, Windows or OSX. |
clang/include/clang/Basic/DiagnosticDriverKinds.td | ||
---|---|---|
276–277 |
I second that one. | |
clang/lib/Driver/ToolChains/Clang.cpp | ||
3074–3076 | In that case you should probably allow explicitly the different Linux flavors here |
Can we add a test that the feature can be enabled on an OS other than Linux / Windows / Darwin?
Windows has effectively always had stack clash protection: we've always emitted those little chkstk probe calls for stack frames larger than a page. Would it make more sense to ignore this flag on Windows, since it opts into always-on behavior? If so, this doesn't seem like the right place to ignore it.
I see your comment here, but I don't really understand it:
https://reviews.llvm.org/D92100#2422729
What goes wrong on Windows? Can it be made to just work instead? It should be simple.
How do things go wrong on Darwin? I was under the impression that this was implemented in LLVM as strictly inline code, no runtime support required.
How do things go wrong on Darwin? I was under the impression that this was implemented in LLVM as strictly inline code, no runtime support required.
That is my impression as well (although it seems that an earlier version might have emitted calls to a stack probe routine?)
The original security advisory doesn't mention Darwin, but there's nothing specific to Darwin in the stack clash protection implementation, so I'm fine with allowing it for Darwin too.
@sylvestre.ledru I: double checked and there's nothing in the original advisory against Darwin, but nothing that clearly states it's protected either (unlike Windows-based system). And there's also nothing specific to Darwin in the stack clash protection implementation, I think it's ok to only warn on Windows.
This seems to break all tests on all platforms: http://45.33.8.238/linux/35854/step_7.txt
As far as I can tell, RenderSCPOptions is called unconditinoally and the error message is emitted at its start, before any Args.hasFlag checks -- so it's emitted every time a windows triple is passed.
There are more OSes than Linux, Windows or OSX.
Maybe it's somewhat better to say "-fstack-clash-protection is not supported on %0", with the targeted OS being fed in.
If that is not easily possible, maybe just say "-fstack-clash-protection is not supported on the targeted OS"?