https://github.com/kovdan01 created
https://github.com/llvm/llvm-project/pull/113152
Most ptrauth flags are ABI-affecting, so allow them only for Linux and
Darwin OS which explicitly support pointer authentication. Leave
`-faarch64-jump-table-hardening` available for all AArch64 targets since
it's not ABI-affecting.
>From 887883458d28afc8a45643bc27cd84b2e242bbe6 Mon Sep 17 00:00:00 2001
From: Daniil Kovalev <dkova...@accesssoftek.com>
Date: Mon, 21 Oct 2024 12:18:56 +0300
Subject: [PATCH] [PAC][Driver] Support ptrauth flags only on AArch64 Linux and
ARM64 Darwin
Most ptrauth flags are ABI-affecting, so allow them only for Linux and
Darwin OS which explicitly support pointer authentication. Leave
`-faarch64-jump-table-hardening` available for all AArch64 targets since
it's not ABI-affecting.
---
clang/include/clang/Driver/ToolChain.h | 3 ++
clang/lib/Driver/ToolChain.cpp | 42 ++++++++++++++++
clang/lib/Driver/ToolChains/Clang.cpp | 28 -----------
clang/lib/Driver/ToolChains/Darwin.cpp | 3 ++
clang/lib/Driver/ToolChains/Linux.cpp | 8 ++-
clang/test/Driver/aarch64-ptrauth.c | 67 +++++++++++++++++---------
6 files changed, 97 insertions(+), 54 deletions(-)
diff --git a/clang/include/clang/Driver/ToolChain.h
b/clang/include/clang/Driver/ToolChain.h
index 5347e29be91439..0c0fccec4b933b 100644
--- a/clang/include/clang/Driver/ToolChain.h
+++ b/clang/include/clang/Driver/ToolChain.h
@@ -240,6 +240,9 @@ class ToolChain {
llvm::opt::ArgStringList &CC1Args,
ArrayRef<StringRef> Paths);
+ static void addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+ llvm::opt::ArgStringList &CC1Args);
+
static std::string concat(StringRef Path, const Twine &A, const Twine &B =
"",
const Twine &C = "", const Twine &D = "");
///@}
diff --git a/clang/lib/Driver/ToolChain.cpp b/clang/lib/Driver/ToolChain.cpp
index 016db9469c6bec..9c53986756caaa 100644
--- a/clang/lib/Driver/ToolChain.cpp
+++ b/clang/lib/Driver/ToolChain.cpp
@@ -1264,6 +1264,48 @@ void ToolChain::addExternCSystemIncludeIfExists(const
ArgList &DriverArgs,
}
}
+/*static*/ void
+ToolChain::addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+ llvm::opt::ArgStringList &CC1Args) {
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_intrinsics,
+ options::OPT_fno_ptrauth_intrinsics);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_calls,
+ options::OPT_fno_ptrauth_calls);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_returns,
+ options::OPT_fno_ptrauth_returns);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_auth_traps,
+ options::OPT_fno_ptrauth_auth_traps);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_vtable_pointer_address_discrimination,
+ options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_vtable_pointer_type_discrimination,
+ options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
+ options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_function_pointer_type_discrimination,
+ options::OPT_fno_ptrauth_function_pointer_type_discrimination);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_indirect_gotos,
+ options::OPT_fno_ptrauth_indirect_gotos);
+
+ DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_init_fini,
+ options::OPT_fno_ptrauth_init_fini);
+
+ DriverArgs.addOptInFlag(
+ CC1Args, options::OPT_fptrauth_init_fini_address_discrimination,
+ options::OPT_fno_ptrauth_init_fini_address_discrimination);
+}
+
/*static*/ std::string ToolChain::concat(StringRef Path, const Twine &A,
const Twine &B, const Twine &C,
const Twine &D) {
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp
b/clang/lib/Driver/ToolChains/Clang.cpp
index 84bb77d451641a..fdfc0787098a48 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -1784,34 +1784,6 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
AddUnalignedAccessWarning(CmdArgs);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,
- options::OPT_fno_ptrauth_intrinsics);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_calls,
- options::OPT_fno_ptrauth_calls);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_returns,
- options::OPT_fno_ptrauth_returns);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_auth_traps,
- options::OPT_fno_ptrauth_auth_traps);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_vtable_pointer_address_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_vtable_pointer_type_discrimination,
- options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
- options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
- Args.addOptInFlag(
- CmdArgs, options::OPT_fptrauth_function_pointer_type_discrimination,
- options::OPT_fno_ptrauth_function_pointer_type_discrimination);
-
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_indirect_gotos,
- options::OPT_fno_ptrauth_indirect_gotos);
- Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_init_fini,
- options::OPT_fno_ptrauth_init_fini);
- Args.addOptInFlag(CmdArgs,
- options::OPT_fptrauth_init_fini_address_discrimination,
- options::OPT_fno_ptrauth_init_fini_address_discrimination);
Args.addOptInFlag(CmdArgs, options::OPT_faarch64_jump_table_hardening,
options::OPT_fno_aarch64_jump_table_hardening);
}
diff --git a/clang/lib/Driver/ToolChains/Darwin.cpp
b/clang/lib/Driver/ToolChains/Darwin.cpp
index 87380869f6fdab..3874cc3d98e80a 100644
--- a/clang/lib/Driver/ToolChains/Darwin.cpp
+++ b/clang/lib/Driver/ToolChains/Darwin.cpp
@@ -3137,6 +3137,9 @@ void Darwin::addClangTargetOptions(
if (!RequiresSubdirectorySearch)
CC1Args.push_back("-fno-modulemap-allow-subdirectory-search");
}
+
+ if (getTriple().isAArch64())
+ addPointerAuthFlags(DriverArgs, CC1Args);
}
void Darwin::addClangCC1ASTargetOptions(
diff --git a/clang/lib/Driver/ToolChains/Linux.cpp
b/clang/lib/Driver/ToolChains/Linux.cpp
index ae5abf44fb5566..9f38adbd691c27 100644
--- a/clang/lib/Driver/ToolChains/Linux.cpp
+++ b/clang/lib/Driver/ToolChains/Linux.cpp
@@ -529,8 +529,12 @@ void Linux::addClangTargetOptions(const llvm::opt::ArgList
&DriverArgs,
llvm::opt::ArgStringList &CC1Args,
Action::OffloadKind DeviceOffloadKind) const
{
llvm::Triple Triple(ComputeEffectiveClangTriple(DriverArgs));
- if (Triple.isAArch64() && Triple.getEnvironment() == llvm::Triple::PAuthTest)
- handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+ if (Triple.isAArch64()) {
+ addPointerAuthFlags(DriverArgs, CC1Args);
+ if (Triple.getEnvironment() == llvm::Triple::PAuthTest)
+ handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+ }
+
Generic_ELF::addClangTargetOptions(DriverArgs, CC1Args, DeviceOffloadKind);
}
diff --git a/clang/test/Driver/aarch64-ptrauth.c
b/clang/test/Driver/aarch64-ptrauth.c
index 88841ee0b0b7bb..b16fb1ea3b1aca 100644
--- a/clang/test/Driver/aarch64-ptrauth.c
+++ b/clang/test/Driver/aarch64-ptrauth.c
@@ -4,7 +4,7 @@
// NONE: "-cc1"
// NONE-NOT: "-fptrauth-
-// RUN: %clang -### -c --target=aarch64 \
+// RUN: %clang -### -c --target=aarch64-linux \
// RUN: -fno-ptrauth-intrinsics -fptrauth-intrinsics \
// RUN: -fno-ptrauth-calls -fptrauth-calls \
// RUN: -fno-ptrauth-returns -fptrauth-returns \
@@ -17,7 +17,20 @@
// RUN: -fno-ptrauth-init-fini-address-discrimination
-fptrauth-init-fini-address-discrimination \
// RUN: -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
// RUN: %s 2>&1 | FileCheck %s --check-prefix=ALL
-// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls"
"-fptrauth-returns" "-fptrauth-auth-traps"
"-fptrauth-vtable-pointer-address-discrimination"
"-fptrauth-vtable-pointer-type-discrimination"
"-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos"
"-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination"
"-faarch64-jump-table-hardening"
+// RUN: %clang -### -c --target=arm64-darwin \
+// RUN: -fno-ptrauth-intrinsics -fptrauth-intrinsics \
+// RUN: -fno-ptrauth-calls -fptrauth-calls \
+// RUN: -fno-ptrauth-returns -fptrauth-returns \
+// RUN: -fno-ptrauth-auth-traps -fptrauth-auth-traps \
+// RUN: -fno-ptrauth-vtable-pointer-address-discrimination
-fptrauth-vtable-pointer-address-discrimination \
+// RUN: -fno-ptrauth-vtable-pointer-type-discrimination
-fptrauth-vtable-pointer-type-discrimination \
+// RUN: -fno-ptrauth-type-info-vtable-pointer-discrimination
-fptrauth-type-info-vtable-pointer-discrimination \
+// RUN: -fno-ptrauth-indirect-gotos -fptrauth-indirect-gotos \
+// RUN: -fno-ptrauth-init-fini -fptrauth-init-fini \
+// RUN: -fno-ptrauth-init-fini-address-discrimination
-fptrauth-init-fini-address-discrimination \
+// RUN: -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
+// RUN: %s 2>&1 | FileCheck %s --check-prefix=ALL
+// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls"
"-fptrauth-returns" "-fptrauth-auth-traps"
"-fptrauth-vtable-pointer-address-discrimination"
"-fptrauth-vtable-pointer-type-discrimination"
"-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos"
"-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination"{{.*}}
"-faarch64-jump-table-hardening"
// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest %s 2>&1 |
FileCheck %s --check-prefix=PAUTHABI1
// RUN: %clang -### -c --target=aarch64-linux-pauthtest %s 2>&1 | FileCheck %s
--check-prefix=PAUTHABI1
@@ -40,7 +53,7 @@
// RUN: -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s
--check-prefix=PAUTHABI2
//// Non-linux OS: pauthtest ABI has no effect in terms of passing ptrauth cc1
flags.
-//// An error about unsupported ABI will be emitted later in pipeline (see
ERR2 below)
+//// An error about unsupported ABI will be emitted later in pipeline (see
ERR3 below)
// RUN: %clang -### -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s
--check-prefix=PAUTHABI2
// PAUTHABI2: "-cc1"
@@ -55,7 +68,13 @@
// PAUTHABI3-NOT: "-fptrauth-
// PAUTHABI3-NOT: "-faarch64-jump-table-hardening"
-// RUN: not %clang -### -c --target=x86_64 -fptrauth-intrinsics
-fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+//// Non-AArch64.
+// RUN: not %clang -### -c --target=x86_64-linux -fptrauth-intrinsics
-fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+// RUN: -fptrauth-vtable-pointer-address-discrimination
-fptrauth-vtable-pointer-type-discrimination \
+// RUN: -fptrauth-type-info-vtable-pointer-discrimination
-fptrauth-indirect-gotos -fptrauth-init-fini \
+// RUN: -fptrauth-init-fini-address-discrimination
-faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefixes=ERR1,ERR2
+//// Non-linux and non-Darwin OS.
+// RUN: not %clang -### -c --target=aarch64 -fptrauth-intrinsics
-fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
// RUN: -fptrauth-vtable-pointer-address-discrimination
-fptrauth-vtable-pointer-type-discrimination \
// RUN: -fptrauth-type-info-vtable-pointer-discrimination
-fptrauth-indirect-gotos -fptrauth-init-fini \
// RUN: -fptrauth-init-fini-address-discrimination
-faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=ERR1
@@ -69,50 +88,50 @@
// ERR1-NEXT: error: unsupported option '-fptrauth-indirect-gotos' for target
'{{.*}}'
// ERR1-NEXT: error: unsupported option '-fptrauth-init-fini' for target
'{{.*}}'
// ERR1-NEXT: error: unsupported option
'-fptrauth-init-fini-address-discrimination' for target '{{.*}}'
-// ERR1-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for
target '{{.*}}'
+// ERR2-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for
target '{{.*}}'
-// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s
--check-prefix=ERR2
+// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s
--check-prefix=ERR3
//// The ABI is not specified explicitly, and for non-Linux pauthtest
environment does not correspond
//// to pauthtest ABI (each OS target defines this behavior separately). Do
not emit an error.
// RUN: %clang -c --target=aarch64-pauthtest %s -o /dev/null
-// ERR2: error: unknown target ABI 'pauthtest'
+// ERR3: error: unknown target ABI 'pauthtest'
//// PAuth ABI is encoded as environment part of the triple, so don't allow to
explicitly set other environments.
-// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1
| FileCheck %s --check-prefix=ERR3
-// ERR3: error: unsupported option '-mabi=pauthtest' for target
'aarch64-unknown-linux-gnu'
+// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1
| FileCheck %s --check-prefix=ERR4
+// ERR4: error: unsupported option '-mabi=pauthtest' for target
'aarch64-unknown-linux-gnu'
// RUN: %clang -### -c --target=aarch64-linux-pauthtest -mabi=pauthtest %s
//// The only branch protection option compatible with PAuthABI is BTI.
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest
-mbranch-protection=pac-ret %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR4
+// RUN: FileCheck %s --check-prefix=ERR5
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest
-mbranch-protection=pac-ret %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR4
-// ERR4: error: unsupported option '-mbranch-protection=pac-ret' for target
'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR5
+// ERR5: error: unsupported option '-mbranch-protection=pac-ret' for target
'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest
-mbranch-protection=gcs %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR5
+// RUN: FileCheck %s --check-prefix=ERR6
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest
-mbranch-protection=gcs %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR5
-// ERR5: error: unsupported option '-mbranch-protection=gcs' for target
'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR6
+// ERR6: error: unsupported option '-mbranch-protection=gcs' for target
'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest
-mbranch-protection=standard %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR6
+// RUN: FileCheck %s --check-prefix=ERR7
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest
-mbranch-protection=standard %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR6
-// ERR6: error: unsupported option '-mbranch-protection=standard' for target
'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR7
+// ERR7: error: unsupported option '-mbranch-protection=standard' for target
'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest
-msign-return-address=all %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR7
+// RUN: FileCheck %s --check-prefix=ERR8
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest
-msign-return-address=all %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR7
-// ERR7: error: unsupported option '-msign-return-address=all' for target
'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR8
+// ERR8: error: unsupported option '-msign-return-address=all' for target
'aarch64-unknown-linux-pauthtest'
// RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest
-msign-return-address=non-leaf %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR8
+// RUN: FileCheck %s --check-prefix=ERR9
// RUN: not %clang -### -c --target=aarch64-linux-pauthtest
-msign-return-address=non-leaf %s 2>&1 | \
-// RUN: FileCheck %s --check-prefix=ERR8
-// ERR8: error: unsupported option '-msign-return-address=non-leaf' for target
'aarch64-unknown-linux-pauthtest'
+// RUN: FileCheck %s --check-prefix=ERR9
+// ERR9: error: unsupported option '-msign-return-address=non-leaf' for target
'aarch64-unknown-linux-pauthtest'
// RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest
-msign-return-address=none %s
// RUN: %clang -### -c --target=aarch64-linux-pauthtest
-msign-return-address=none %s
_______________________________________________
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
