From 156fbe11e6378bd764180c0058f839446c760e52 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 31 Mar 2025 12:21:28 +0200 Subject: [PATCH 01/14] [SYCL] Fix AddSecurityFlags having no side effects (#17690) CMake has a notion of scopes for variables and we fell into a pitfall of setting local variables instead of applying changes globally to the whole project. For reference, see: - https://cmake.org/cmake/help/v3.20/command/set.html - https://cmake.org/cmake/help/v3.20/command/include.html --- llvm/cmake/modules/AddSecurityFlags.cmake | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index 774ca47b5cd6e..d43b35cbd4f30 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -31,7 +31,7 @@ macro(add_link_option_ext flag name) endif() endmacro() -function(append_common_extra_security_flags) +macro(append_common_extra_security_flags) if( LLVM_ON_UNIX ) # Fortify Source (strongly recommended): if (CMAKE_BUILD_TYPE STREQUAL "Debug") @@ -70,7 +70,7 @@ function(append_common_extra_security_flags) CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) endif() -endfunction() +endmacro() if ( EXTRA_SECURITY_FLAGS ) if (EXTRA_SECURITY_FLAGS STREQUAL "none") From eac6c882d690f459c4a2a57666f950d67d9b216e Mon Sep 17 00:00:00 2001 From: Nikita Kornev Date: Tue, 13 May 2025 16:03:43 +0200 Subject: [PATCH 02/14] [SYCL] Refresh hardening flags applied to the project (#18398) Co-authored-by: Alexey Sachkov --- llvm/cmake/modules/AddSecurityFlags.cmake | 244 +++++++++++++++++----- 1 file changed, 189 insertions(+), 55 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index d43b35cbd4f30..7f49778e0a5b1 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -1,7 +1,7 @@ macro(add_compile_option_ext flag name) - cmake_parse_arguments(ARG "" "" "" ${ARGN}) + cmake_parse_arguments(ARG "" "" "" ${ARGN}) set(CHECK_STRING "${flag}") - if (MSVC) + if(MSVC) set(CHECK_STRING "/WX ${CHECK_STRING}") else() set(CHECK_STRING "-Werror ${CHECK_STRING}") @@ -9,7 +9,7 @@ macro(add_compile_option_ext flag name) check_c_compiler_flag("${CHECK_STRING}" "C_SUPPORTS_${name}") check_cxx_compiler_flag("${CHECK_STRING}" "CXX_SUPPORTS_${name}") - if (C_SUPPORTS_${name} AND CXX_SUPPORTS_${name}) + if(C_SUPPORTS_${name} AND CXX_SUPPORTS_${name}) message(STATUS "Building with ${flag}") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${flag}") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${flag}") @@ -31,73 +31,207 @@ macro(add_link_option_ext flag name) endif() endmacro() +set(is_gcc FALSE) +set(is_clang FALSE) +set(is_msvc FALSE) +set(is_icpx FALSE) + +if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + set(is_clang TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "GNU") + set(is_gcc TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "IntelLLVM") + set(is_icpx TRUE) +endif() +if(CMAKE_CXX_COMPILER_ID MATCHES "MSVC") + set(is_msvc TRUE) +endif() + macro(append_common_extra_security_flags) - if( LLVM_ON_UNIX ) + # Compiler Warnings and Error Detection + # Note: in intel/llvm we build both linux and win with --ci-defaults. + # This flag also enables -Werror or /WX. + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Wall" WALL) + add_compile_option_ext("-Wextra" WEXTRA) + elseif(is_icpx) + add_compile_option_ext("/Wall" WALL) + elseif(is_msvc) + add_compile_option_ext("/W4" WALL) + endif() + + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Wconversion" WCONVERSION) + add_compile_option_ext("-Wimplicit-fallthrough" WIMPLICITFALLTHROUGH) + endif() + endif() + + # Control Flow Integrity + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-fcf-protection=full" FCFPROTECTION) + elseif(is_icpx) + add_compile_option_ext("/Qcf-protection:full" FCFPROTECTION) + elseif(is_msvc) + add_link_option_ext("/LTCG" LTCG CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + add_compile_option_ext("/sdl" SDL) + add_compile_option_ext("/guard:cf" GUARDCF) + add_link_option_ext("/CETCOMPAT" CETCOMPAT CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + + # Format String Defense + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Wformat" WFORMAT) + add_compile_option_ext("-Wformat-security" WFORMATSECURITY) + elseif(is_icpx) + add_compile_option_ext("/Wformat" WFORMAT) + add_compile_option_ext("/Wformat-security" WFORMATSECURITY) + elseif(is_msvc) + add_compile_option_ext("/analyze" ANALYZE) + endif() + + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-Werror=format-security" WERRORFORMATSECURITY) + endif() + endif() + + # Inexecutable Stack + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_link_option_ext( + "-Wl,-z,noexecstack" NOEXECSTACK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + endif() + + # Position Independent Code + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + add_compile_option_ext("-fPIC" FPIC) + elseif(is_msvc) + add_compile_option_ext("/Gy" GY) + endif() + + # Position Independent Execution + if(is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + # The project should be configured with -DCMAKE_POSITION_INDEPENDENT_CODE=ON + add_compile_option_ext("-fPIE" FPIE) + add_link_option_ext("-pie" PIE CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + elseif(is_msvc) + add_link_option_ext("/DYNAMICBASE" DYNAMICBASE CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + + if(CMAKE_BUILD_TYPE MATCHES "Release") + if(is_msvc) + add_link_option_ext("/NXCOMPAT" NXCOMPAT CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() + endif() + + # Stack Protection + if(is_msvc) + add_compile_option_ext("/GS" GS) + elseif( + is_gcc + OR is_clang + OR (is_icpx AND MSVC)) + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + add_compile_option_ext("-fstack-protector" FSTACKPROTECTOR) + elseif(CMAKE_BUILD_TYPE MATCHES "Release") + add_compile_option_ext("-fstack-protector-strong" FSTACKPROTECTORSTRONG) + add_compile_option_ext("-fstack-clash-protection" FSTACKCLASHPROTECTION) + endif() + endif() + + if(LLVM_ON_UNIX) # Fortify Source (strongly recommended): - if (CMAKE_BUILD_TYPE STREQUAL "Debug") - message(WARNING - "-D_FORTIFY_SOURCE=2 can only be used with optimization.") - message(WARNING "-D_FORTIFY_SOURCE=2 is not supported.") + if(CMAKE_BUILD_TYPE STREQUAL "Debug") + message(WARNING "-D_FORTIFY_SOURCE=3 can only be used with optimization.") + message(WARNING "-D_FORTIFY_SOURCE=3 is not supported.") else() - # Sanitizers do not work with checked memory functions, - # such as __memset_chk. We do not build release packages - # with sanitizers, so just avoid -D_FORTIFY_SOURCE=2 - # under LLVM_USE_SANITIZER. - if (NOT LLVM_USE_SANITIZER) - message(STATUS "Building with -D_FORTIFY_SOURCE=2") - add_definitions(-D_FORTIFY_SOURCE=2) + # Sanitizers do not work with checked memory functions, such as + # __memset_chk. We do not build release packages with sanitizers, so just + # avoid -D_FORTIFY_SOURCE=3 under LLVM_USE_SANITIZER. + if(NOT LLVM_USE_SANITIZER) + message(STATUS "Building with -D_FORTIFY_SOURCE=3") + add_definitions(-D_FORTIFY_SOURCE=3) else() - message(WARNING - "-D_FORTIFY_SOURCE=2 dropped due to LLVM_USE_SANITIZER.") + message( + WARNING "-D_FORTIFY_SOURCE=3 dropped due to LLVM_USE_SANITIZER.") endif() endif() - # Format String Defense - add_compile_option_ext("-Wformat" WFORMAT) - add_compile_option_ext("-Wformat-security" WFORMATSECURITY) - add_compile_option_ext("-Werror=format-security" WERRORFORMATSECURITY) - - # Stack Protection - add_compile_option_ext("-fstack-protector-strong" FSTACKPROTECTORSTRONG) + if(LLVM_ENABLE_ASSERTIONS) + add_definitions(-D_GLIBCXX_ASSERTIONS) + endif() # Full Relocation Read Only - add_link_option_ext("-Wl,-z,relro" ZRELRO - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) + if(CMAKE_BUILD_TYPE MATCHES "Release") + add_link_option_ext("-Wl,-z,relro" ZRELRO CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() # Immediate Binding (Bindnow) - add_link_option_ext("-Wl,-z,now" ZNOW - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) + if(CMAKE_BUILD_TYPE MATCHES "Release") + add_link_option_ext("-Wl,-z,now" ZNOW CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + add_link_option_ext("-Wl,-z,nodlopen" ZDLOPEN CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + endif() endif() endmacro() -if ( EXTRA_SECURITY_FLAGS ) - if (EXTRA_SECURITY_FLAGS STREQUAL "none") +if(EXTRA_SECURITY_FLAGS) + if(EXTRA_SECURITY_FLAGS STREQUAL "none") # No actions. - elseif (EXTRA_SECURITY_FLAGS STREQUAL "default") - append_common_extra_security_flags() - elseif (EXTRA_SECURITY_FLAGS STREQUAL "sanitize") - append_common_extra_security_flags() - if (CMAKE_CXX_COMPILER_ID MATCHES "Clang") - add_compile_option_ext("-fsanitize=cfi" FSANITIZE_CFI) - add_link_option_ext("-fsanitize=cfi" FSANITIZE_CFI_LINK - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) - # Recommended option although linking a DSO with SafeStack is not currently supported by compiler. - #add_compile_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK) - #add_link_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK_LINK - # CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - # CMAKE_SHARED_LINKER_FLAGS) - else() - add_compile_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION) - # need to align compile and link option set, link now is set unconditionally - add_link_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION_LINK - CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS - CMAKE_SHARED_LINKER_FLAGS) - endif() + elseif(EXTRA_SECURITY_FLAGS STREQUAL "default") + append_common_extra_security_flags() + elseif(EXTRA_SECURITY_FLAGS STREQUAL "sanitize") + append_common_extra_security_flags() + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + add_compile_option_ext("-fsanitize=cfi" FSANITIZE_CFI) + add_link_option_ext( + "-fsanitize=cfi" FSANITIZE_CFI_LINK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) + # Recommended option although linking a DSO with SafeStack is not + # currently supported by compiler. + # add_compile_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK) + # add_link_option_ext("-fsanitize=safe-stack" FSANITIZE_SAFESTACK_LINK + # CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS + # CMAKE_SHARED_LINKER_FLAGS) else() - message(FATAL_ERROR "Unsupported value of EXTRA_SECURITY_FLAGS: ${EXTRA_SECURITY_FLAGS}") + add_compile_option_ext("-fcf-protection=full -mcet" FCF_PROTECTION) + # need to align compile and link option set, link now is set + # unconditionally + add_link_option_ext( + "-fcf-protection=full -mcet" FCF_PROTECTION_LINK CMAKE_EXE_LINKER_FLAGS + CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) endif() + else() + message( + FATAL_ERROR + "Unsupported value of EXTRA_SECURITY_FLAGS: ${EXTRA_SECURITY_FLAGS}") + endif() endif() - From 9307ed8a4bdcec1a991a0659b226b90bed132459 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Wed, 2 Jul 2025 11:08:20 +0200 Subject: [PATCH 03/14] [SYCL][CMAKE] Refactor `-fPIE` handling (#19235) CMake is capable of setting `-fPIE` correctly and we don't need to intervene with that. Without the patch, I see the following errors: ``` FAILED: lib/libze_trace_collector.so : && /usr/bin/clang++ -fPIC -fPIC -fno-semantic-interposition -fvisibility-inlines-hidden -Werror=date-time -Werror=unguarded-availability-new -Wall -Wextra -Wno-unused-parameter -Wwrite -strings -Wcast-qual -Wmissing-field-initializers -pedantic -Wno-long-long -Wc++98-compat-extra-semi -Wimplicit-fallthrough -Wcovered-switch-default -Wno-noexcept-type -Wnon-virtual-dtor -Wdelete-non-virtual-dtor -Wsuggest-override -Wstring-conversion -Wmisleading-indentation -Wctad-maybe-unsupported -fdiagnostics-color -ffunction-sections -fdata-sections -Wall -Wextra -fcf-protection=full -Wformat -Wformat-security -fPIC -fPIE -Wno-covered-switch-default -Wall -Wextra -Werror -O2 -g -DNDEBUG -Wl,-z,defs -Wl,-z,nodelete -pie -shared -Wl,-soname,libze_ trace_collector.so -o lib/libze_trace_collector.so tools/sycl/tools/sycl-trace/CMakeFiles/ze_trace_collector.dir/ze_trace_collector.cpp.o -Wl,-rpath,build/lib: lib/libxptifw.so -ldl && : clang++: error: argument unused during compilation: '-pie' [-Werror,-Wunused-command-line-argument] ``` --- llvm/cmake/modules/AddSecurityFlags.cmake | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index 7f49778e0a5b1..45179178e8800 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -131,14 +131,13 @@ macro(append_common_extra_security_flags) endif() # Position Independent Execution - if(is_gcc - OR is_clang - OR (is_icpx AND MSVC)) - # The project should be configured with -DCMAKE_POSITION_INDEPENDENT_CODE=ON - add_compile_option_ext("-fPIE" FPIE) - add_link_option_ext("-pie" PIE CMAKE_EXE_LINKER_FLAGS - CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) - elseif(is_msvc) + # We rely on CMake to set the right -fPIE flags for us, but it must be + # explicitly requested + if (NOT CMAKE_POSITION_INDEPENDENT_CODE) + message(FATAL_ERROR "To enable all necessary security flags, CMAKE_POSITION_INDEPENDENT_CODE must be set to ON") + endif() + + if(is_msvc) add_link_option_ext("/DYNAMICBASE" DYNAMICBASE CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) endif() From a72b0dea0db72527e3ecf86917eeef409e3982f2 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Wed, 9 Jul 2025 15:59:45 +0200 Subject: [PATCH 04/14] [SYCL][CMAKE] Drop `nodlopen` from hardening flags (#19357) We can't have this flag being applied globally, because it then affects SYCL RT which has plenty of libraries that are supposed to be `dlopen`ed by design. It probably makes sense to apply `nodlopen` for some of our executables, but that should be done on a case-by-case basis. For now, let's just fix the toolchain with hardening flags applied, any improvements can be done as a follow-up later. --- llvm/cmake/modules/AddSecurityFlags.cmake | 2 -- 1 file changed, 2 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index 45179178e8800..fb6c87e96b374 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -196,8 +196,6 @@ macro(append_common_extra_security_flags) if(CMAKE_BUILD_TYPE MATCHES "Release") add_link_option_ext("-Wl,-z,now" ZNOW CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) - add_link_option_ext("-Wl,-z,nodlopen" ZDLOPEN CMAKE_EXE_LINKER_FLAGS - CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) endif() endif() endmacro() From 72642354218e6d7a1e476f6fdc85fd1596906b82 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Wed, 9 Jul 2025 16:26:30 +0200 Subject: [PATCH 05/14] [SYCL][CMAKE] Fix _FORTIFY_SOURCE=3 (#19268) The problem here is that the macro is actually handled by glibc and value `3` isn't supported with older compiler/glibc combinations, causing warnings about the macro redefinition. We still have to support older compilers/glibc and therefore two changes were made: - UR skips setting their own `_FORTIFY_SOURCE` in favor of a global one if it is built as part of LLVM (i.e. not standalone) - Before setting `_FORTIFY_SOURCE` globally we check the compiler and fallback to value `2` for older gcc --- llvm/cmake/modules/AddSecurityFlags.cmake | 31 +++++++++++++++++------ unified-runtime/cmake/helpers.cmake | 8 +++++- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index fb6c87e96b374..ca8c03a3dbf94 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -164,24 +164,39 @@ macro(append_common_extra_security_flags) endif() endif() - if(LLVM_ON_UNIX) - # Fortify Source (strongly recommended): + # Fortify Source (strongly recommended): + if (NOT WIN32) + # Strictly speaking, _FORTIFY_SOURCE is a glibc feature and not a compiler + # feature. However, we experienced some issues (warnings about redefined macro + # which are problematic under -Werror) when setting it to value '3' with older + # gcc versions. Hence the check. + # Value '3' became supported in glibc somewhere around gcc 12, so that is + # what we are looking for. + if (is_gcc AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 12) + set(FORTIFY_SOURCE "-D_FORTIFY_SOURCE=2") + else() + # Assuming that the problem is not reproducible with other compilers + set(FORTIFY_SOURCE "-D_FORTIFY_SOURCE=3") + endif() + if(CMAKE_BUILD_TYPE STREQUAL "Debug") - message(WARNING "-D_FORTIFY_SOURCE=3 can only be used with optimization.") - message(WARNING "-D_FORTIFY_SOURCE=3 is not supported.") + message(WARNING "${FORTIFY_SOURCE} can only be used with optimization.") + message(WARNING "${FORTIFY_SOURCE} is not supported.") else() # Sanitizers do not work with checked memory functions, such as # __memset_chk. We do not build release packages with sanitizers, so just - # avoid -D_FORTIFY_SOURCE=3 under LLVM_USE_SANITIZER. + # avoid -D_FORTIFY_SOURCE=N under LLVM_USE_SANITIZER. if(NOT LLVM_USE_SANITIZER) - message(STATUS "Building with -D_FORTIFY_SOURCE=3") - add_definitions(-D_FORTIFY_SOURCE=3) + message(STATUS "Building with ${FORTIFY_SOURCE}") + add_definitions(${FORTIFY_SOURCE}) else() message( - WARNING "-D_FORTIFY_SOURCE=3 dropped due to LLVM_USE_SANITIZER.") + WARNING "${FORTIFY_SOURCE} dropped due to LLVM_USE_SANITIZER.") endif() endif() + endif() + if(LLVM_ON_UNIX) if(LLVM_ENABLE_ASSERTIONS) add_definitions(-D_GLIBCXX_ASSERTIONS) endif() diff --git a/unified-runtime/cmake/helpers.cmake b/unified-runtime/cmake/helpers.cmake index f2df76b0d8098..680f6e6f637c5 100644 --- a/unified-runtime/cmake/helpers.cmake +++ b/unified-runtime/cmake/helpers.cmake @@ -88,7 +88,13 @@ endif() function(add_ur_target_compile_options name) if(NOT MSVC) - target_compile_definitions(${name} PRIVATE -D_FORTIFY_SOURCE=2) + if (NOT LLVM_ENABLE_PROJECTS) + # If UR is built as part of LLVM (i.e. as part of SYCL), then + # _FORTIFY_SOURCE will be set globally in advance to a potentially + # different value. To avoid redefinition errors, only set the + # macro for a "standalone" build. + target_compile_definitions(${name} PRIVATE -D_FORTIFY_SOURCE=2) + endif() target_compile_options(${name} PRIVATE # Warning options -Wall From df6fafa4eb924aef9070a105b8a7479d4b2470d8 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Fri, 11 Jul 2025 15:04:11 +0200 Subject: [PATCH 06/14] [SYCL][CMAKE] Drop extra warnings for now --- llvm/cmake/modules/AddSecurityFlags.cmake | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index ca8c03a3dbf94..0547c4e7e7a3b 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -50,29 +50,6 @@ if(CMAKE_CXX_COMPILER_ID MATCHES "MSVC") endif() macro(append_common_extra_security_flags) - # Compiler Warnings and Error Detection - # Note: in intel/llvm we build both linux and win with --ci-defaults. - # This flag also enables -Werror or /WX. - if(is_gcc - OR is_clang - OR (is_icpx AND MSVC)) - add_compile_option_ext("-Wall" WALL) - add_compile_option_ext("-Wextra" WEXTRA) - elseif(is_icpx) - add_compile_option_ext("/Wall" WALL) - elseif(is_msvc) - add_compile_option_ext("/W4" WALL) - endif() - - if(CMAKE_BUILD_TYPE MATCHES "Release") - if(is_gcc - OR is_clang - OR (is_icpx AND MSVC)) - add_compile_option_ext("-Wconversion" WCONVERSION) - add_compile_option_ext("-Wimplicit-fallthrough" WIMPLICITFALLTHROUGH) - endif() - endif() - # Control Flow Integrity if(is_gcc OR is_clang From 3322d255c409c6f15f1e9e787b8bf4bd4ff2d715 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Fri, 11 Jul 2025 15:08:00 +0200 Subject: [PATCH 07/14] Automatically enable CMAKE_POSITION_INDEPENDENT_CODE for hardening flags --- buildbot/configure.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildbot/configure.py b/buildbot/configure.py index 0d54bd96ada65..b47cd1c96fd43 100644 --- a/buildbot/configure.py +++ b/buildbot/configure.py @@ -236,6 +236,8 @@ def do_configure(args, passthrough_args): cmake_cmd += args.cmake_opt if args.add_security_flags: + if args.add_security_flags != 'none': + cmake_cmd.extend(["-DCMAKE_POSITION_INDEPENDENT_CODE=ON"]) cmake_cmd.extend(["-DEXTRA_SECURITY_FLAGS={}".format(args.add_security_flags)]) # Add path to root CMakeLists.txt From b8519cb12292adb1f439dc4bf6ffbc432884de97 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Fri, 11 Jul 2025 17:14:21 +0200 Subject: [PATCH 08/14] Drop /sdl flag - LLVM isn't warning-free so we can't apply it globally --- llvm/cmake/modules/AddSecurityFlags.cmake | 1 - 1 file changed, 1 deletion(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index 0547c4e7e7a3b..dc579e2523acc 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -60,7 +60,6 @@ macro(append_common_extra_security_flags) elseif(is_msvc) add_link_option_ext("/LTCG" LTCG CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) - add_compile_option_ext("/sdl" SDL) add_compile_option_ext("/guard:cf" GUARDCF) add_link_option_ext("/CETCOMPAT" CETCOMPAT CMAKE_EXE_LINKER_FLAGS CMAKE_MODULE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS) From 00eb54ce397d92aeab13fea77b9fe4033757c0e5 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 14 Jul 2025 11:52:47 +0200 Subject: [PATCH 09/14] Silence weird warning on Windows --- .../sycl/ext/oneapi/experimental/device_architecture.hpp | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp b/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp index a411e759825b5..a395653cb13bd 100644 --- a/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp +++ b/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp @@ -355,6 +355,12 @@ static constexpr ext::oneapi::experimental::architecture // target name is specified via "-fsycl-targets", the associated invocation of // the device compiler will set this variable to false, and that will trigger // an error for code that uses "if_architecture_is". +#pragma warning(push) +// By some reason the following diagnostic is emitted which breaks -Werror (/WX) +// build. Preprocessed code looks like (0 == 1) || (0 == 1) || ..., so it looks +// like a bug in the MSVC compiler, hence disabling it. +// ( || ) is always a non-zero constant. Did you intend to use the bitwise-and operator? +#pragma warning(disable: 6285) static constexpr bool is_allowable_aot_mode = (__SYCL_TARGET_INTEL_X86_64__ == 1) || (__SYCL_TARGET_INTEL_GPU_BDW__ == 1) || @@ -443,6 +449,7 @@ static constexpr bool is_allowable_aot_mode = (__SYCL_TARGET_AMD_GPU_GFX1151__ == 1) || (__SYCL_TARGET_AMD_GPU_GFX1200__ == 1) || (__SYCL_TARGET_AMD_GPU_GFX1201__ == 1); +#pragma warning(pop) constexpr static std::optional get_current_architecture_aot() { From da704f2f3ac410da2f766d40e9e5f2501717336f Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 14 Jul 2025 12:14:05 +0200 Subject: [PATCH 10/14] Disable -Werror on windows if hardening flags are enabled --- buildbot/configure.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/buildbot/configure.py b/buildbot/configure.py index b47cd1c96fd43..e7159b3748759 100644 --- a/buildbot/configure.py +++ b/buildbot/configure.py @@ -170,6 +170,11 @@ def do_configure(args, passthrough_args): install_dir = os.path.join(abs_obj_dir, "install") + if args.add_security_flags and args.add_security_flags != 'none': + # Our codebase isn't ready for those new warnings just yet + if platform.system() == "Windows": + sycl_werror = "OFF" + cmake_cmd = [ "cmake", "-G", From 5ac46563e3834d2ba0c8e110da1360b361bb6548 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 14 Jul 2025 12:14:17 +0200 Subject: [PATCH 11/14] Revert "Silence weird warning on Windows" This reverts commit 00eb54ce397d92aeab13fea77b9fe4033757c0e5. --- .../sycl/ext/oneapi/experimental/device_architecture.hpp | 7 ------- 1 file changed, 7 deletions(-) diff --git a/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp b/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp index a395653cb13bd..a411e759825b5 100644 --- a/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp +++ b/sycl/include/sycl/ext/oneapi/experimental/device_architecture.hpp @@ -355,12 +355,6 @@ static constexpr ext::oneapi::experimental::architecture // target name is specified via "-fsycl-targets", the associated invocation of // the device compiler will set this variable to false, and that will trigger // an error for code that uses "if_architecture_is". -#pragma warning(push) -// By some reason the following diagnostic is emitted which breaks -Werror (/WX) -// build. Preprocessed code looks like (0 == 1) || (0 == 1) || ..., so it looks -// like a bug in the MSVC compiler, hence disabling it. -// ( || ) is always a non-zero constant. Did you intend to use the bitwise-and operator? -#pragma warning(disable: 6285) static constexpr bool is_allowable_aot_mode = (__SYCL_TARGET_INTEL_X86_64__ == 1) || (__SYCL_TARGET_INTEL_GPU_BDW__ == 1) || @@ -449,7 +443,6 @@ static constexpr bool is_allowable_aot_mode = (__SYCL_TARGET_AMD_GPU_GFX1151__ == 1) || (__SYCL_TARGET_AMD_GPU_GFX1200__ == 1) || (__SYCL_TARGET_AMD_GPU_GFX1201__ == 1); -#pragma warning(pop) constexpr static std::optional get_current_architecture_aot() { From 847d4422cfcda5beafca89fc31ce6897ff86c9df Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 14 Jul 2025 15:19:50 +0200 Subject: [PATCH 12/14] Also disable -Werror for XPTI on Windows --- buildbot/configure.py | 1 + 1 file changed, 1 insertion(+) diff --git a/buildbot/configure.py b/buildbot/configure.py index e7159b3748759..6f47c8b65a9c5 100644 --- a/buildbot/configure.py +++ b/buildbot/configure.py @@ -174,6 +174,7 @@ def do_configure(args, passthrough_args): # Our codebase isn't ready for those new warnings just yet if platform.system() == "Windows": sycl_werror = "OFF" + xpti_enable_werror = "OFF" cmake_cmd = [ "cmake", From a34584e3435e5f5e1de1aab518d5d6ad95277f46 Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Mon, 14 Jul 2025 17:25:40 +0200 Subject: [PATCH 13/14] Drop /analyze instead of /WX --- buildbot/configure.py | 6 ------ llvm/cmake/modules/AddSecurityFlags.cmake | 2 -- 2 files changed, 8 deletions(-) diff --git a/buildbot/configure.py b/buildbot/configure.py index 6f47c8b65a9c5..b47cd1c96fd43 100644 --- a/buildbot/configure.py +++ b/buildbot/configure.py @@ -170,12 +170,6 @@ def do_configure(args, passthrough_args): install_dir = os.path.join(abs_obj_dir, "install") - if args.add_security_flags and args.add_security_flags != 'none': - # Our codebase isn't ready for those new warnings just yet - if platform.system() == "Windows": - sycl_werror = "OFF" - xpti_enable_werror = "OFF" - cmake_cmd = [ "cmake", "-G", diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index dc579e2523acc..aeafac33549b4 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -74,8 +74,6 @@ macro(append_common_extra_security_flags) elseif(is_icpx) add_compile_option_ext("/Wformat" WFORMAT) add_compile_option_ext("/Wformat-security" WFORMATSECURITY) - elseif(is_msvc) - add_compile_option_ext("/analyze" ANALYZE) endif() if(CMAKE_BUILD_TYPE MATCHES "Release") From 4c5bd04493b263d937191f15c44d450ec475131d Mon Sep 17 00:00:00 2001 From: Alexey Sachkov Date: Tue, 15 Jul 2025 21:16:31 +0200 Subject: [PATCH 14/14] [SYCL][CMake] Properly enable `-pie` hardening flag (#19447) We rely on CMake to set the right set of compliation and link flags to enable positition independent code and position independent execution. Before this commit, necessary compliation flags were applied just fine, but link flags were missing. To get link flags, some extra CMake functions should be called. --- llvm/cmake/modules/AddSecurityFlags.cmake | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/llvm/cmake/modules/AddSecurityFlags.cmake b/llvm/cmake/modules/AddSecurityFlags.cmake index aeafac33549b4..4a1c7742c9dde 100644 --- a/llvm/cmake/modules/AddSecurityFlags.cmake +++ b/llvm/cmake/modules/AddSecurityFlags.cmake @@ -107,7 +107,10 @@ macro(append_common_extra_security_flags) # Position Independent Execution # We rely on CMake to set the right -fPIE flags for us, but it must be # explicitly requested - if (NOT CMAKE_POSITION_INDEPENDENT_CODE) + if (CMAKE_POSITION_INDEPENDENT_CODE) + include(CheckPIESupported) + check_pie_supported() + else() message(FATAL_ERROR "To enable all necessary security flags, CMAKE_POSITION_INDEPENDENT_CODE must be set to ON") endif()