1
Fork 0

Rollup merge of #118013 - sivadeilra:user/ardavis/ehcont, r=wesleywiser

Enable Rust to use the EHCont security feature of Windows

In the future Windows will enable Control-flow Enforcement Technology (CET aka Shadow Stacks). To protect the path where the context is updated during exception handling, the binary is required to enumerate valid unwind entrypoints in a dedicated section which is validated when the context is being set during exception handling.

The required support for EHCONT Guard has already been merged into LLVM, long ago. This change simply adds the Rust codegen option to enable it.

Relevant LLVM change: https://reviews.llvm.org/D40223

This also adds a new `ehcont-guard` option to the bootstrap config which enables EHCont Guard when building std.

We at Microsoft have been using this feature for a significant period of time; we are confident that the LLVM feature, when enabled, generates well-formed code.

We currently enable EHCONT using a codegen feature, but I'm certainly open to refactoring this to be a target feature instead, or to use any appropriate mechanism to enable it.
This commit is contained in:
Michael Goulet 2023-11-22 09:28:50 -08:00 committed by GitHub
commit 1fb2624205
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 76 additions and 1 deletions

View file

@ -351,6 +351,16 @@ pub unsafe fn create_module<'ll>(
);
}
// Set module flag to enable Windows EHCont Guard (/guard:ehcont).
if sess.opts.unstable_opts.ehcont_guard {
llvm::LLVMRustAddModuleFlag(
llmod,
llvm::LLVMModFlagBehavior::Warning,
"ehcontguard\0".as_ptr() as *const _,
1,
)
}
// Insert `llvm.ident` metadata.
//
// On the wasm targets it will get hooked up to the "producer" sections