Bug 1639318 - Stick to clang-9 levels of CFG on arm64 r=froydnj
authorDavid Major <dmajor@mozilla.com>
Thu, 21 May 2020 02:11:23 +0000
changeset 531455 a58f5a460cf1b27c141c7840cb44cc9c8a6962c1
parent 531454 f121c6c8aeb0c4b6f1e4a5c5d1b58648746a14da
child 531456 7daef473f5ebb2fce0b58a82972cf7b4a8079ae8
push id37439
push userbtara@mozilla.com
push dateThu, 21 May 2020 21:49:34 +0000
treeherdermozilla-central@92c11f0bf14b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfroydnj
bugs1639318, 1483885
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1639318 - Stick to clang-9 levels of CFG on arm64 r=froydnj The expanded checks in clang 10 made arm64 builds hit CFG crashes on nsXPTCStubBase vtables on startup. It's not clear why this doesn't happen on x86 builds. Given our current level of support for arm64, I can't really justify investigating this, although I suspect that fixing the underlying issue would be pretty much bug 1483885. As a get-unblocked stopgap, `-guard:cf,nochecks` in clang 10 gives the same behavior as `-guard:cf` in clang 9. Differential Revision: https://phabricator.services.mozilla.com/D76216
build/moz.configure/toolchain.configure
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1632,18 +1632,23 @@ def security_hardening_cflags(hardening_
         # mingw-clang build requires it to be explicitly enabled
         if mingw_clang:
             ldflags.append("-Wl,--dynamicbase")
             js_ldflags.append("-Wl,--dynamicbase")
 
         # Control Flow Guard (CFG) ----------------------------
         if c_compiler.type == 'clang-cl' and c_compiler.version >= '8' and \
            (target.cpu != 'aarch64' or c_compiler.version >= '8.0.1'):
-            flags.append("-guard:cf")
-            js_flags.append("-guard:cf")
+            if target.cpu == 'aarch64' and c_compiler.version >= '10.0.0':
+                # The added checks in clang 10 make arm64 builds crash. (Bug 1639318)
+                flags.append("-guard:cf,nochecks")
+                js_flags.append("-guard:cf,nochecks")
+            else:
+                flags.append("-guard:cf")
+                js_flags.append("-guard:cf")
             # nolongjmp is needed because clang doesn't emit the CFG tables of
             # setjmp return addresses https://bugs.llvm.org/show_bug.cgi?id=40057
             ldflags.append("-guard:cf,nolongjmp")
             js_ldflags.append("-guard:cf,nolongjmp")
 
     # ----------------------------------------------------------
     # If ASAN _is_ on, undefine FORTIFY_SOURCE just to be safe
     if asan: