CFI compatibility with static executables and nested archives
This CL makes the following changes:
(a) It disables diagnostics for CFI which requires the runtime ubsan
library (which isn't included in static executables).
(b) It applies the ar flags for CFI correctly for nested .a
archives.
(c) Applies the version script to export CFI shadow for non-static
binaries
(d) Doesn't apply cross-dso CFI for static executables
Bug: 30227045
Test: Static executables build correctly and do not complain about
missing symbols from the ubsan runtime library.
Test: Nested .a files correctly use the gold plugin.
Change-Id: Id8fe3c13f6b76565aafbf1266e95f50d1447a790
diff --git a/core/config_sanitizers.mk b/core/config_sanitizers.mk
index f5b45db..79604ac 100644
--- a/core/config_sanitizers.mk
+++ b/core/config_sanitizers.mk
@@ -235,6 +235,11 @@
# entire module.
LOCAL_ARM_MODE := thumb
my_cflags += $(CFI_EXTRA_CFLAGS)
+ # Only append the default visibility flag if -fvisibility has not already been
+ # set to hidden.
+ ifeq ($(filter -fvisibility=hidden,$(LOCAL_CFLAGS)),)
+ my_cflags += -fvisibility=default
+ endif
my_ldflags += $(CFI_EXTRA_LDFLAGS)
my_arflags += --plugin $(LLVM_PREBUILTS_PATH)/../lib64/LLVMgold.so
# Workaround for b/33678192. CFI jumptables need Thumb2 codegen. Revert when
@@ -242,6 +247,15 @@
ifneq ($(filter arm,$(TARGET_$(LOCAL_2ND_ARCH_VAR_PREFIX)ARCH)),)
my_ldflags += -march=armv7-a
endif
+
+ ifeq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
+ my_ldflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_ldflags))
+ my_cflags := $(filter-out -fsanitize-cfi-cross-dso,$(my_cflags))
+ else
+ # Apply the version script to non-static executables
+ my_ldflags += -Wl,--version-script,build/soong/cc/config/cfi_exports.map
+ LOCAL_ADDITIONAL_DEPENDENCIES += build/soong/cc/config/cfi_exports.map
+ endif
endif
# If local or global modules need ASAN, add linker flags.
@@ -293,11 +307,16 @@
endif
ifneq ($(my_sanitize_diag),)
- notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
- my_cflags += -fno-sanitize-trap=$(notrap_arg)
- # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
- ifeq ($(filter address thread,$(my_sanitize)),)
- # Does not have to be the first DT_NEEDED unlike ASan.
- my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
+ # TODO(vishwath): Add diagnostic support for static executables once
+ # we switch to clang-4393122 (which adds the static ubsan runtime
+ # that this depends on)
+ ifneq ($(LOCAL_FORCE_STATIC_EXECUTABLE),true)
+ notrap_arg := $(subst $(space),$(comma),$(my_sanitize_diag)),
+ my_cflags += -fno-sanitize-trap=$(notrap_arg)
+ # Diagnostic requires a runtime library, unless ASan or TSan are also enabled.
+ ifeq ($(filter address thread,$(my_sanitize)),)
+ # Does not have to be the first DT_NEEDED unlike ASan.
+ my_shared_libraries += $($(LOCAL_2ND_ARCH_VAR_PREFIX)UBSAN_RUNTIME_LIBRARY)
+ endif
endif
endif
diff --git a/core/definitions.mk b/core/definitions.mk
index d0009ee..f047114 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -1556,7 +1556,7 @@
filelist="$$filelist $$ldir/$$ext$$f"; \
done ; \
$($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_AR) $($(PRIVATE_2ND_ARCH_VAR_PREFIX)TARGET_GLOBAL_ARFLAGS) \
- $(2) $$filelist
+ $(PRIVATE_ARFLAGS) $(2) $$filelist
endef