Auto merge of #98208 - ivanloz:master, r=nagisa

Add support for LLVM ShadowCallStack. LLVMs ShadowCallStack provides backward edge control flow integrity protection by using a separate shadow stack to store and retrieve a function's return address. LLVM currently only supports this for AArch64 targets. The x18 register is used to hold the pointer to the shadow stack, and therefore this only works on ABIs which reserve x18. Further details are available in the [LLVM ShadowCallStack](https://clang.llvm.org/docs/ShadowCallStack.html) docs. # Usage `-Zsanitizer=shadow-call-stack` # Comments/Caveats * Currently only enabled for the aarch64-linux-android target * Requires the platform to define a runtime to initialize the shadow stack, see the [LLVM docs](https://clang.llvm.org/docs/ShadowCallStack.html) for more detail.
2022-07-23 20:01:07 +00:00 · 2022-07-23 20:01:07 +00:00 · 93ffde6f04
commit 93ffde6f04
parent 0e7c843da4 adf61e3b2b
14 changed files with 57 additions and 4 deletions
--- a/compiler/rustc_codegen_llvm/src/attributes.rs
+++ b/compiler/rustc_codegen_llvm/src/attributes.rs
@ -69,6 +69,9 @@ pub fn sanitize_attrs<'ll>(
    if enabled.contains(SanitizerSet::HWADDRESS) {
        attrs.push(llvm::AttributeKind::SanitizeHWAddress.create_attr(cx.llcx));
    }
+    if enabled.contains(SanitizerSet::SHADOWCALLSTACK) {
+        attrs.push(llvm::AttributeKind::ShadowCallStack.create_attr(cx.llcx));
+    }
    if enabled.contains(SanitizerSet::MEMTAG) {
        // Check to make sure the mte target feature is actually enabled.
        let features = cx.tcx.global_backend_features(());
--- a/compiler/rustc_codegen_llvm/src/llvm/ffi.rs
+++ b/compiler/rustc_codegen_llvm/src/llvm/ffi.rs
@ -192,6 +192,7 @@ pub enum AttributeKind {
    NoUndef = 33,
    SanitizeMemTag = 34,
    NoCfCheck = 35,
+    ShadowCallStack = 36,
 }

 /// LLVMIntPredicate