Add support for generating the EHCont section
In the future Windows will enable Control-flow Enforcement Technology (CET aka Shadow Stacks). To protect the path where the context is updated during exception handling, the binary is required to enumerate valid unwind entrypoints in a dedicated section which is validated when the context is being set during exception handling. The required support for EHCONT has already been merged into LLVM, long ago. This change adds the Rust codegen option to enable it. Reference: * https://reviews.llvm.org/D40223 This also adds a new `ehcont-guard` option to the bootstrap config which enables EHCont Guard when building std.
This commit is contained in:
Arlie Davis
parent
2f8d81f9db
commit
e11d8d147b
10 changed files with 76 additions and 2 deletions
|
|
@ -350,6 +350,15 @@ pub unsafe fn create_module<'ll>(
|
|||
1,
|
||||
);
|
||||
}
|
||||
// Set module flag to enable Windows EHCont Guard (/guard:ehcont).
|
||||
if sess.opts.cg.ehcont_guard {
|
||||
llvm::LLVMRustAddModuleFlag(
|
||||
llmod,
|
||||
llvm::LLVMModFlagBehavior::Warning,
|
||||
"ehcontguard\0".as_ptr() as *const _,
|
||||
1,
|
||||
)
|
||||
}
|
||||
|
||||
// Insert `llvm.ident` metadata.
|
||||
//
|
||||
|
|
|
|||
|
|
@ -2378,6 +2378,11 @@ fn add_order_independent_options(
|
|||
cmd.control_flow_guard();
|
||||
}
|
||||
|
||||
// OBJECT-FILES-NO, AUDIT-ORDER
|
||||
if sess.opts.cg.ehcont_guard {
|
||||
cmd.ehcont_guard();
|
||||
}
|
||||
|
||||
add_rpath_args(cmd, sess, codegen_results, out_filename);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -185,6 +185,7 @@ pub trait Linker {
|
|||
fn optimize(&mut self);
|
||||
fn pgo_gen(&mut self);
|
||||
fn control_flow_guard(&mut self);
|
||||
fn ehcont_guard(&mut self);
|
||||
fn debuginfo(&mut self, strip: Strip, natvis_debugger_visualizers: &[PathBuf]);
|
||||
fn no_crt_objects(&mut self);
|
||||
fn no_default_libraries(&mut self);
|
||||
|
|
@ -605,6 +606,8 @@ impl<'a> Linker for GccLinker<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn debuginfo(&mut self, strip: Strip, _: &[PathBuf]) {
|
||||
// MacOS linker doesn't support stripping symbols directly anymore.
|
||||
if self.sess.target.is_like_osx {
|
||||
|
|
@ -914,6 +917,12 @@ impl<'a> Linker for MsvcLinker<'a> {
|
|||
self.cmd.arg("/guard:cf");
|
||||
}
|
||||
|
||||
fn ehcont_guard(&mut self) {
|
||||
if self.sess.target.pointer_width == 64 {
|
||||
self.cmd.arg("/guard:ehcont");
|
||||
}
|
||||
}
|
||||
|
||||
fn debuginfo(&mut self, strip: Strip, natvis_debugger_visualizers: &[PathBuf]) {
|
||||
match strip {
|
||||
Strip::None => {
|
||||
|
|
@ -1127,6 +1136,8 @@ impl<'a> Linker for EmLinker<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn debuginfo(&mut self, _strip: Strip, _: &[PathBuf]) {
|
||||
// Preserve names or generate source maps depending on debug info
|
||||
// For more information see https://emscripten.org/docs/tools_reference/emcc.html#emcc-g
|
||||
|
|
@ -1319,6 +1330,8 @@ impl<'a> Linker for WasmLd<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn no_crt_objects(&mut self) {}
|
||||
|
||||
fn no_default_libraries(&mut self) {}
|
||||
|
|
@ -1472,6 +1485,8 @@ impl<'a> Linker for L4Bender<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn no_crt_objects(&mut self) {}
|
||||
}
|
||||
|
||||
|
|
@ -1613,6 +1628,8 @@ impl<'a> Linker for AixLinker<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn debuginfo(&mut self, strip: Strip, _: &[PathBuf]) {
|
||||
match strip {
|
||||
Strip::None => {}
|
||||
|
|
@ -1835,6 +1852,8 @@ impl<'a> Linker for PtxLinker<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn export_symbols(&mut self, _tmpdir: &Path, _crate_type: CrateType, _symbols: &[String]) {}
|
||||
|
||||
fn subsystem(&mut self, _subsystem: &str) {}
|
||||
|
|
@ -1931,6 +1950,8 @@ impl<'a> Linker for BpfLinker<'a> {
|
|||
|
||||
fn control_flow_guard(&mut self) {}
|
||||
|
||||
fn ehcont_guard(&mut self) {}
|
||||
|
||||
fn export_symbols(&mut self, tmpdir: &Path, _crate_type: CrateType, symbols: &[String]) {
|
||||
let path = tmpdir.join("symbols");
|
||||
let res: io::Result<()> = try {
|
||||
|
|
|
|||
|
|
@ -1387,6 +1387,8 @@ options! {
|
|||
"allow the linker to link its default libraries (default: no)"),
|
||||
dlltool: Option<PathBuf> = (None, parse_opt_pathbuf, [UNTRACKED],
|
||||
"import library generation tool (ignored except when targeting windows-gnu)"),
|
||||
ehcont_guard: bool = (false, parse_bool, [TRACKED],
|
||||
"generate Windows EHCont Guard tables"),
|
||||
embed_bitcode: bool = (true, parse_bool, [TRACKED],
|
||||
"emit bitcode in rlibs (default: yes)"),
|
||||
extra_filename: String = (String::new(), parse_string, [UNTRACKED],
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue