[Clang][RISCV] Support -fcf-protection=return for RISC-V #112477
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
llvmbot
added
clang
|
@llvm/pr-subscribers-backend-risc-v @llvm/pr-subscribers-clang Author: Jesse Huang (jaidTw) ChangesThis patches add a string attribute "hw-shadow-stack" to every function if Full diff: https://github.com/llvm/llvm-project/pull/112477.diff 2 Files Affected:
diff --git a/clang/lib/Basic/Targets/RISCV.h b/clang/lib/Basic/Targets/RISCV.h
index bf40edb8683b3e..3165623593fdf7 100644
--- a/clang/lib/Basic/Targets/RISCV.h
+++ b/clang/lib/Basic/Targets/RISCV.h
@@ -141,6 +141,12 @@ class RISCVTargetInfo : public TargetInfo {
return true;
}
+ bool checkCFProtectionReturnSupported(DiagnosticsEngine &Diags) const override {
+ if (ISAInfo->hasExtension("zimop"))
+ return true;
+ return TargetInfo::checkCFProtectionReturnSupported(Diags);
+ }
+
CFBranchLabelSchemeKind getDefaultCFBranchLabelScheme() const override {
return CFBranchLabelSchemeKind::FuncSig;
}
diff --git a/clang/lib/CodeGen/CodeGenFunction.cpp b/clang/lib/CodeGen/CodeGenFunction.cpp
index 2306043c90f406..d8f0f7c14f6b40 100644
--- a/clang/lib/CodeGen/CodeGenFunction.cpp
+++ b/clang/lib/CodeGen/CodeGenFunction.cpp
@@ -899,6 +899,10 @@ void CodeGenFunction::StartFunction(GlobalDecl GD, QualType RetTy,
if (CodeGenOpts.PointerAuth.IndirectGotos)
Fn->addFnAttr("ptrauth-indirect-gotos");
+ // Add return control flow integrity attributes.
+ if (CodeGenOpts.CFProtectionReturn)
+ Fn->addFnAttr("hw-shadow-stack");
+
// Apply xray attributes to the function (as a string, for now)
bool AlwaysXRayAttr = false;
if (const auto *XRayAttr = D ? D->getAttr<XRayInstrumentAttr>() : nullptr) {
|
|
✅ With the latest revision this PR passed the C/C++ code formatter. |
jaidTw
force-pushed
the
riscv-cf-protection-return
branch
from
2a7a6ef to
fe4a28f
Compare
mylai-mtk
reviewed
Oct 22, 2024
jaidTw
force-pushed
the
riscv-cf-protection-return
branch
from
449c0d9 to
7dc168a
Compare
|
LGTM, but please wait for others. I'm too junior to this community that I'm not sure if my words are enough 😂 |
jaidTw
force-pushed
the
riscv-cf-protection-return
branch
3 times, most recently
from
bb59a70 to
3cdb6c5
Compare
mylai-mtk
reviewed
Oct 24, 2024
mylai-mtk
reviewed
Oct 24, 2024
jaidTw
force-pushed
the
riscv-cf-protection-return
branch
from
3cdb6c5 to
42132c2
Compare
|
Addressed comments |
mylai-mtk
reviewed
Oct 25, 2024
kito-cheng
reviewed
Oct 25, 2024
mylai-mtk
reviewed
Oct 28, 2024
mylai-mtk
reviewed
Oct 28, 2024
|
After a meeting with Kito, we decided to use Zicfiss as the requirement in this patch. |
jaidTw
force-pushed
the
riscv-cf-protection-return
branch
from
421a369 to
f272724
Compare
|
@mylai-mtk could you take a look at the latest version? |
|
LGTM. Thanks. |
NoumanAmir657
pushed a commit
to NoumanAmir657/llvm-project
that referenced
this pull request
Nov 4, 2024
Enables the support of `-fcf-protection=return` on RISC-V, which requires Zicfiss. It also adds a string attribute "hw-shadow-stack" to every function if the option is set on RISC-V
jaidTw
added a commit
that referenced
this pull request
Nov 7, 2024
This patch follows #112477. Previously `-fsanitize=shadow-call-stack` (which get transform to `Attribute::ShadowCallStack`) is used for enable both hardware and software shadow stack, and another option `-force-sw-shadow-stack` is needed if the user wants to use the software shadow stack where hardware software shadow stack could be supported. It decouples both by using the string attribute `hw-shadow-stack` to distinguish from the software shadow stack attribute.
jaidTw
added a commit
that referenced
this pull request
Nov 8, 2024
This option was used to override the behavior of `-fsanitize=shadowcallstack` on RISC-V backend, which by default use a hardware implementation if possible, to use the software implementation instead. After #112477 and #112478, now two implementation is represented by independent options and we no longer need it.
Groverkss
pushed a commit
to iree-org/llvm-project
that referenced
this pull request
Nov 15, 2024
This patch follows llvm#112477. Previously `-fsanitize=shadow-call-stack` (which get transform to `Attribute::ShadowCallStack`) is used for enable both hardware and software shadow stack, and another option `-force-sw-shadow-stack` is needed if the user wants to use the software shadow stack where hardware software shadow stack could be supported. It decouples both by using the string attribute `hw-shadow-stack` to distinguish from the software shadow stack attribute.
Groverkss
pushed a commit
to iree-org/llvm-project
that referenced
this pull request
Nov 15, 2024
This option was used to override the behavior of `-fsanitize=shadowcallstack` on RISC-V backend, which by default use a hardware implementation if possible, to use the software implementation instead. After llvm#112477 and llvm#112478, now two implementation is represented by independent options and we no longer need it.
mylai-mtk
added a commit
that referenced
this pull request
Feb 19, 2025
The `-fcf-protection` flag is now also used to enable CFI features for the RISC-V target, so it's not suitable to define `__CET__` solely based on the flag anymore. This patch moves the definition of the `__CET__` macro into X86 target hook, so only X86 targets with the `-fcf-protection` flag would enable the `__CET__` macro. See #109784 and #112477 for the adoption of `-fcf-protection` flag for RISC-V targets.
github-actions bot
pushed a commit
to arm/arm-toolchain
that referenced
this pull request
Feb 19, 2025
…27616) The `-fcf-protection` flag is now also used to enable CFI features for the RISC-V target, so it's not suitable to define `__CET__` solely based on the flag anymore. This patch moves the definition of the `__CET__` macro into X86 target hook, so only X86 targets with the `-fcf-protection` flag would enable the `__CET__` macro. See llvm/llvm-project#109784 and llvm/llvm-project#112477 for the adoption of `-fcf-protection` flag for RISC-V targets.
Prakhar-Dixit
pushed a commit
to Prakhar-Dixit/llvm-project
that referenced
this pull request
Feb 19, 2025
The `-fcf-protection` flag is now also used to enable CFI features for the RISC-V target, so it's not suitable to define `__CET__` solely based on the flag anymore. This patch moves the definition of the `__CET__` macro into X86 target hook, so only X86 targets with the `-fcf-protection` flag would enable the `__CET__` macro. See llvm#109784 and llvm#112477 for the adoption of `-fcf-protection` flag for RISC-V targets.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patches enables the support of
-fcf-protection=returnon RISC-V, and add a string attribute "hw-shadow-stack" to every function if the option is set on RISC-V