mozilla-central: changeset 585905:181a2776e2655857ca03904170fd9cd59cfe80d7

author	Bob Owen <bobowencode@gmail.com>
	Mon, 19 Jul 2021 07:36:19 +0000
changeset 585905	181a2776e2655857ca03904170fd9cd59cfe80d7
parent 585904	4c5225386044d1a351bcb55949b9ae44ecd71933
child 585906	7aab3ebb7aa78a3ce17cbdbc2c03caac43f91a58
push id	38623
push user	abutkovits@mozilla.com
push date	Mon, 19 Jul 2021 15:46:04 +0000
treeherder	mozilla-central@86d0c64032ca [default view] [failures only]
perfherder	[talos] [build metrics] [platform microbench] (compared to previous push)
reviewers	glandium
bugs	1716024
milestone	92.0a1
first release with	nightly linux32 9c579e2ce174 / 92.0a1 / 20210719215029 / files nightly linux64 9c579e2ce174 / 92.0a1 / 20210719215029 / files nightly mac 9c579e2ce174 / 92.0a1 / 20210719215029 / files nightly win32 9c579e2ce174 / 92.0a1 / 20210719215029 / files nightly win64 9c579e2ce174 / 92.0a1 / 20210719215029 / files
last release without	nightly linux32 c75f4ae44937 / 92.0a1 / 20210719093934 / files nightly linux64 c75f4ae44937 / 92.0a1 / 20210719093934 / files nightly mac c75f4ae44937 / 92.0a1 / 20210719093934 / files nightly win32 c75f4ae44937 / 92.0a1 / 20210719093934 / files nightly win64 c75f4ae44937 / 92.0a1 / 20210719093934 / files

--- a/browser/app/moz.build
+++ b/browser/app/moz.build
@@ -89,16 +89,20 @@ if CONFIG["OS_ARCH"] == "WINNT":
         libpath_flag = "-LIBPATH:"
     else:
         libpath_flag = "-L"
 
     WIN32_EXE_LDFLAGS += [
         libpath_flag + OBJDIR + "/winlauncher/freestanding",
     ]
 
+    # Don't build firefox.exe with CETCOMPAT, because we need to be able to
+    # only enable it for processes that are not using JIT in xul.dll.
+    LINK_FLAGS["CETCOMPAT"] = []
+
 if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_ARCH"] == "Darwin":
     USE_LIBS += [
         "mozsandbox",
     ]
 
 if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_ARCH"] == "WINNT":
     # For sandbox includes and the include dependencies those have
     LOCAL_INCLUDES += [

--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1942,16 +1942,34 @@ def security_hardening_cflags(
 
 
 set_config("MOZ_HARDENING_CFLAGS", security_hardening_cflags.flags)
 set_config("MOZ_HARDENING_LDFLAGS", security_hardening_cflags.ldflags)
 set_config("MOZ_HARDENING_CFLAGS_JS", security_hardening_cflags.js_flags)
 set_config("MOZ_HARDENING_LDFLAGS_JS", security_hardening_cflags.js_ldflags)
 
 
+# Intel Control-flow Enforcement Technology
+# ==============================================================
+# We keep this separate from the hardening flags above, because we want to be
+# able to easily remove the flags in the build files for certain executables.
+@depends(c_compiler, target)
+def cet_ldflags(c_compiler, target):
+    ldflags = []
+    if (
+        c_compiler.type == "clang-cl"
+        and c_compiler.version >= "11"
+        and target.cpu == "x86_64"
+    ):
+        ldflags.append("-CETCOMPAT")
+    return ldflags
+
+
+set_config("MOZ_CETCOMPAT_LDFLAGS", cet_ldflags)
+
 # Frame pointers
 # ==============================================================
 @depends(c_compiler)
 def frame_pointer_flags(compiler):
     if compiler.type == "clang-cl":
         return namespace(
             enable=["-Oy-"],
             disable=["-Oy"],

--- a/ipc/app/moz.build
+++ b/ipc/app/moz.build
@@ -52,16 +52,20 @@ if CONFIG["OS_ARCH"] == "WINNT":
     OS_LIBS += [
         "ntdll",
     ]
 
     DELAYLOAD_DLLS += [
         "xul.dll",
     ]
 
+    # Don't build plugin-container.exe with CETCOMPAT for the moment, so that
+    # we can enable it using a pref during testing.
+    LINK_FLAGS["CETCOMPAT"] = []
+
 if CONFIG["MOZ_SANDBOX"] and CONFIG["OS_TARGET"] == "Darwin":
     # For sandbox includes and the include dependencies those have
     LOCAL_INCLUDES += [
         "/security/sandbox/chromium",
         "/security/sandbox/chromium-shim",
     ]
     USE_LIBS += [
         "mozsandbox",

--- a/js/xpconnect/shell/moz.build
+++ b/js/xpconnect/shell/moz.build
@@ -54,11 +54,15 @@ if CONFIG["OS_ARCH"] == "WINNT":
     OS_LIBS += [
         "ntdll",
     ]
 
     DELAYLOAD_DLLS += [
         "xul.dll",
     ]
 
+    # Don't build xpcshell.exe with CETCOMPAT, because we need to be able to
+    # only enable it for processes that are not using JIT in xul.dll.
+    LINK_FLAGS["CETCOMPAT"] = []
+
 CFLAGS += CONFIG["TK_CFLAGS"]
 CXXFLAGS += CONFIG["TK_CFLAGS"]
 OS_LIBS += CONFIG["TK_LIBS"]

--- a/python/mozbuild/mozbuild/frontend/context.py
+++ b/python/mozbuild/mozbuild/frontend/context.py
@@ -460,16 +460,25 @@ class LinkFlags(BaseCompileFlags):
                 "OPTIMIZE",
                 (
                     context.config.substs.get("MOZ_OPTIMIZE_LDFLAGS", [])
                     if context.config.substs.get("MOZ_OPTIMIZE")
                     else []
                 ),
                 ("LDFLAGS",),
             ),
+            (
+                "CETCOMPAT",
+                (
+                    context.config.substs.get("MOZ_CETCOMPAT_LDFLAGS")
+                    if context.config.substs.get("NIGHTLY_BUILD")
+                    else []
+                ),
+                ("LDFLAGS",),
+            ),
         )
         BaseCompileFlags.__init__(self, context)
 
     def _os_ldflags(self):
         flags = self._context.config.substs.get("OS_LDFLAGS", [])[:]
 
         if self._context.config.substs.get(
             "MOZ_DEBUG"

browser/app/moz.build		file \| annotate \| diff \| comparison \| revisions
build/moz.configure/toolchain.configure		file \| annotate \| diff \| comparison \| revisions
ipc/app/moz.build		file \| annotate \| diff \| comparison \| revisions
js/xpconnect/shell/moz.build		file \| annotate \| diff \| comparison \| revisions
python/mozbuild/mozbuild/frontend/context.py		file \| annotate \| diff \| comparison \| revisions