Please use GitHub pull requests for new patches. Avoid migrating existing patches. Phabricator shutdown timeline
Changeset View
Standalone View
clang/test/CodeGen/X86/x86-cf-protection.c
| // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=return %s | FileCheck %s --check-prefix=RETURN | // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=return %s | FileCheck %s --check-prefix=RETURN | ||||
| // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=branch %s | FileCheck %s --check-prefix=BRANCH | // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=branch %s | FileCheck %s --check-prefix=BRANCH | ||||
| // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=full %s | FileCheck %s --check-prefix=FULL | // RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=full %s | FileCheck %s --check-prefix=FULL | ||||
| // RUN: %clang -target i386-unknown-unknown -o - -emit-llvm -S -fcf-protection=branch -mibt-seal -flto %s | FileCheck %s --check-prefixes=CFPROT,IBTSEAL | |||||
pengfei: Is `-flto` is required? | |||||
Yes, we can only suppress ENDBR if we are sure the given function is not address taken in all other translation units. joaomoreira: Yes, we can only suppress ENDBR if we are sure the given function is not address taken in all… | |||||
Sorry, let me make sure here. what is the "translation units" here mean? Does it means another binary file (e.g. *.so , *.a)? xiangzhangllvm: Sorry, let me make sure here. what is the "translation units" here mean? Does it means another… | |||||
Translation unit means a source file translated into an object file. When compiling the kernel, we have different .c files that are translated into different .o files. Each .c translated into .o is a translation unit. Because a function might not be address taken in the translation unit where it is defined but could be address taken in a different one, we need to emit ENDBRs to all non-local (static) functions. With LTO this changes, because we can look at all to-be-generated objects and be sure that a given function is not address taken in any of the translation units. This optimization is kernel-specific because in user-space code non-local functions can be reached through the PLT of a different dynamically linked library (.so) or through dlsym, and this is impossible to predict in compilation time. In kernel, exported symbols are implicitly address taken. This way, if a module tries to take the address of an exported function, this would be ok. The optimization will mostly rule-out non-static functions that are not exported from receiving an ENDBR. The numeric benefits of the optimization are shown in https://reviews.llvm.org/D116070 joaomoreira: Translation unit means a source file translated into an object file. When compiling the kernel… | |||||
| // RUN: %clang -target i386-unknown-unknown -o - -emit-llvm -S -fcf-protection=branch -flto %s | FileCheck %s --check-prefixes=CFPROT,NOIBTSEAL | |||||
| // RUN: %clang -target i386-unknown-unknown -o - -emit-llvm -S -fcf-protection=branch -mibt-seal %s | FileCheck %s --check-prefixes=CFPROT,NOIBTSEAL | |||||
I think we can use NOIBTSEAL here too. pengfei: I think we can use `NOIBTSEAL` here too. | |||||
| // RETURN: #define __CET__ 2 | // RETURN: #define __CET__ 2 | ||||
| // BRANCH: #define __CET__ 1 | // BRANCH: #define __CET__ 1 | ||||
| // FULL: #define __CET__ 3 | // FULL: #define __CET__ 3 | ||||
| // CFPROT: "cf-protection-branch", i32 1 | |||||
| // IBTSEAL: "ibt-seal", i32 1 | |||||
Can we add another RUN without -mibt-seal amd check no such flags? pengfei: Can we add another RUN without `-mibt-seal` amd check no such flags? | |||||
Sure, I'll work on this try to track the possible bug mentioned by @aaron.ballman, then I'll update the diff. joaomoreira: Sure, I'll work on this try to track the possible bug mentioned by @aaron.ballman, then I'll… | |||||
| // NOIBTSEAL-NOT: "ibt-seal", i32 1 | |||||
| void foo() {} | void foo() {} | ||||
Is -flto is required?