diff --git a/buildbot/configure.py b/buildbot/configure.py index 0d54bd96ada65..b47cd1c96fd43 100644 --- a/buildbot/configure.py +++ b/buildbot/configure.py @@ -236,6 +236,8 @@ def do_configure(args, passthrough_args): cmake_cmd += args.cmake_opt if args.add_security_flags: + if args.add_security_flags != 'none': + cmake_cmd.extend(["-DCMAKE_POSITION_INDEPENDENT_CODE=ON"]) cmake_cmd.extend(["-DEXTRA_SECURITY_FLAGS={}".format(args.add_security_flags)]) # Add path to root CMakeLists.txt diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index 774ca47b5cd6e..4a1c7742c9dde 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -1,7 +1,7 @@ macro(add_compile_option_ext flag name) - cmake_parse_arguments(ARG "" "" "" ${ARGN}) + cmake_parse_arguments(ARG "" "" "" ${ARGN}) set(CHECK_STRING "${flag}") - if (MSVC) + if(MSVC) set(CHECK_STRING "/WX ${CHECK_STRING}") else() set(CHECK_STRING "-Werror ${CHECK_STRING}") @@ -9,7 +9,7 @@ macro(add_compile_option_ext flag name) check_c_compiler_flag("${CHECK_STRING}" "C_SUPPORTS_${name}") check_cxx_compiler_flag("${CHECK_STRING}" "CXX_SUPPORTS_${name}") - if (C_SUPPORTS_${name} AND CXX_SUPPORTS_${name}) + if(C_SUPPORTS_${name} AND CXX_SUPPORTS_${name}) message(STATUS "Building with ${flag}") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${flag}") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${flag}") @@ -31,73 +31,196 @@ macro(add_link_option_ext flag name) endif() endmacro() -function(append_common_extra_security_flags) - if( LLVM_ON_UNIX ) - # Fortify Source (strongly recommended): - if (CMAKE_BUILD_TYPE STREQUAL "Debug") - message(WARNING - "-D_FORTIFY_SOURCE=2 can only be used with optimization.") - message(WARNING "-D_FORTIFY_SOURCE=2 is not supported.") +set(is_gcc FALSE) +set(is_clang FALSE) +set(is_msvc FALSE) +set(is_icpx FALSE) + +if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set(is_clang TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "GNU") + set(is_gcc TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "IntelLLVM") + set(is_icpx TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "MSVC") + set(is_msvc TRUE) +endif() + +macro(append_common_extra_security_flags) + # Control Flow Integrity + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-fcf-protection=full" FCFPROTECTION) + elseif(is_icpx) + add_compile_option_ext("/Qcf-protection:full" FCFPROTECTION) + elseif(is_msvc) + add_link_option_ext("/LTCG" LTCG CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + add_compile_option_ext("/guard:cf" GUARDCF) + add_link_option_ext("/CETCOMPAT" CETCOMPAT CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + + # Format String Defense + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Wformat" WFORMAT) + add_compile_option_ext("-Wformat-security" WFORMATSECURITY) + elseif(is_icpx) + add_compile_option_ext("/Wformat" WFORMAT) + add_compile_option_ext("/Wformat-security" WFORMATSECURITY) + endif() + + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Werror=format-security" WERRORFORMATSECURITY) + endif() + endif() + + # Inexecutable Stack + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_link_option_ext( + "-Wl,-z,noexecstack" NOEXECSTACK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + endif() + + # Position Independent Code + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-fPIC" FPIC) + elseif(is_msvc) + add_compile_option_ext("/Gy" GY) + endif() + + # Position Independent Execution + # We rely on CMake to set the right -fPIE flags for us, but it must be + # explicitly requested + if (CMAKE_POSITION_INDEPENDENT_CODE) + include(CheckPIESupported) + check_pie_supported() + else() + message(FATAL_ERROR "To enable all necessary security flags, CMAKE_POSITION_INDEPENDENT_CODE must be set to ON") + endif() + + if(is_msvc) + add_link_option_ext("/DYNAMICBASE" DYNAMICBASE CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_msvc) + add_link_option_ext("/NXCOMPAT" NXCOMPAT CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + endif() + + # Stack Protection + if(is_msvc) + add_compile_option_ext("/GS" GS) + elseif( + is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + add_compile_option_ext("-fstack-protector" FSTACKPROTECTOR) + elseif(CMAKE_BUILD_TYPE MATCHES "Release") + add_compile_option_ext("-fstack-protector-strong" FSTACKPROTECTORSTRONG) + add_compile_option_ext("-fstack-clash-protection" FSTACKCLASHPROTECTION) + endif() + endif() + + # Fortify Source (strongly recommended): + if (NOT WIN32) + # Strictly speaking, _FORTIFY_SOURCE is a glibc feature and not a compiler + # feature. However, we experienced some issues (warnings about redefined macro + # which are problematic under -Werror) when setting it to value '3' with older + # gcc versions. Hence the check. + # Value '3' became supported in glibc somewhere around gcc 12, so that is + # what we are looking for. + if (is_gcc AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 12) + set(FORTIFY_SOURCE "-D_FORTIFY_SOURCE=2") + else() + # Assuming that the problem is not reproducible with other compilers + set(FORTIFY_SOURCE "-D_FORTIFY_SOURCE=3") + endif() + + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + message(WARNING "${FORTIFY_SOURCE} can only be used with optimization.") + message(WARNING "${FORTIFY_SOURCE} is not supported.") else() - # Sanitizers do not work with checked memory functions, - # such as __memset_chk. We do not build release packages - # with sanitizers, so just avoid -D_FORTIFY_SOURCE=2 - # under LLVM_USE_SANITIZER. - if (NOT LLVM_USE_SANITIZER) - message(STATUS "Building with -D_FORTIFY_SOURCE=2") - add_definitions(-D_FORTIFY_SOURCE=2) + # Sanitizers do not work with checked memory functions, such as + # __memset_chk. We do not build release packages with sanitizers, so just + # avoid -D_FORTIFY_SOURCE=N under LLVM_USE_SANITIZER. + if(NOT LLVM_USE_SANITIZER) + message(STATUS "Building with ${FORTIFY_SOURCE}") + add_definitions(${FORTIFY_SOURCE}) else() - message(WARNING - "-D_FORTIFY_SOURCE=2 dropped due to LLVM_USE_SANITIZER.") + message( + WARNING "${FORTIFY_SOURCE} dropped due to LLVM_USE_SANITIZER.") endif() endif() + endif() - # Format String Defense - add_compile_option_ext("-Wformat" WFORMAT) - add_compile_option_ext("-Wformat-security" WFORMATSECURITY) - add_compile_option_ext("-Werror=format-security" WERRORFORMATSECURITY) - - # Stack Protection - add_compile_option_ext("-fstack-protector-strong" FSTACKPROTECTORSTRONG) + if(LLVM_ON_UNIX) + if(LLVM_ENABLE_ASSERTIONS) + add_definitions(-D_GLIBCXX_ASSERTIONS) + endif() # Full Relocation Read Only - add_link_option_ext("-Wl,-z,relro" ZRELRO - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) + if(CMAKE_BUILD_TYPE MATCHES "Release") + add_link_option_ext("-Wl,-z,relro" ZRELRO CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() # Immediate Binding (Bindnow) - add_link_option_ext("-Wl,-z,now" ZNOW - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) + if(CMAKE_BUILD_TYPE MATCHES "Release") + add_link_option_ext("-Wl,-z,now" ZNOW CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() endif() -endfunction() +endmacro() -if ( EXTRA_SECURITY_FLAGS ) - if (EXTRA_SECURITY_FLAGS STREQUAL "none") +if(EXTRA_SECURITY_FLAGS) + if(EXTRA_SECURITY_FLAGS STREQUAL "none") # No actions. - elseif (EXTRA_SECURITY_FLAGS STREQUAL "default") - append_common_extra_security_flags() - elseif (EXTRA_SECURITY_FLAGS STREQUAL "sanitize") - append_common_extra_security_flags() - if (CMAKE_CXX_COMPILER_ID MATCHES "Clang") - add_compile_option_ext("-fsanitize=cfi" FSANITIZE_CFI) - add_link_option_ext("-fsanitize=cfi" FSANITIZE_CFI_LINK - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) - # Recommended option although linking a DSO with SafeStack is not currently supported by compiler. - #add_compile_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK) - #add_link_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK_LINK - # CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - # CMAKE_SHARED_LINKER_FLAGS) - else() - add_compile_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION) - # need to align compile and link option set, link now is set unconditionally - add_link_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION_LINK - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) - endif() + elseif(EXTRA_SECURITY_FLAGS STREQUAL "default") + append_common_extra_security_flags() + elseif(EXTRA_SECURITY_FLAGS STREQUAL "sanitize") + append_common_extra_security_flags() + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_option_ext("-fsanitize=cfi" FSANITIZE_CFI) + add_link_option_ext( + "-fsanitize=cfi" FSANITIZE_CFI_LINK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + # Recommended option although linking a DSO with SafeStack is not + # currently supported by compiler. + # add_compile_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK) + # add_link_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK_LINK + # CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS + # CMAKE_SHARED_LINKER_FLAGS) else() - message(FATAL_ERROR "Unsupported value of EXTRA_SECURITY_FLAGS: ${EXTRA_SECURITY_FLAGS}") + add_compile_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION) + # need to align compile and link option set, link now is set + # unconditionally + add_link_option_ext( + "-fcf-protection=full -mcet" FCF_PROTECTION_LINK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) endif() + else() + message( + FATAL_ERROR + "Unsupported value of EXTRA_SECURITY_FLAGS: ${EXTRA_SECURITY_FLAGS}") + endif() endif() - diff --git a/unified-runtime/cmake/helpers.cmake b/unified-runtime/cmake/helpers.cmake index f2df76b0d8098..680f6e6f637c5 100644 --- a/unified-runtime/cmake/helpers.cmake +++ b/unified-runtime/cmake/helpers.cmake @@ -88,7 +88,13 @@ endif() function(add_ur_target_compile_options name) if(NOT MSVC) - target_compile_definitions(${name} PRIVATE -D_FORTIFY_SOURCE=2) + if (NOT LLVM_ENABLE_PROJECTS) + # If UR is built as part of LLVM (i.e. as part of SYCL), then + # _FORTIFY_SOURCE will be set globally in advance to a potentially + # different value. To avoid redefinition errors, only set the + # macro for a "standalone" build. + target_compile_definitions(${name} PRIVATE -D_FORTIFY_SOURCE=2) + endif() target_compile_options(${name} PRIVATE # Warning options -Wall