Bug 1485016 CFG try: -b do -p win64 -u all -t none draft
authorTom Ritter <tom@mozilla.com>
Sun, 18 Nov 2018 01:05:02 -0600
changeset 1766905 621cde07aab5a8c2b367a331485c4eb134f6a1b1
parent 1766904 a37a1641e7b63c29ac5628030e9c2b8f3a460450
child 1908335 a6875a7ced208736e6037bbfafe5a4b9a52b7611
push id317012
push userdmajor@mozilla.com
push dateWed, 21 Nov 2018 17:27:30 +0000
treeherdertry@621cde07aab5 [default view] [failures only]
bugs1485016
milestone65.0a1
Bug 1485016 CFG try: -b do -p win64 -u all -t none
build/moz.configure/toolchain.configure
js/src/old-configure.in
old-configure.in
--- a/build/moz.configure/toolchain.configure
+++ b/build/moz.configure/toolchain.configure
@@ -1560,30 +1560,38 @@ option('--enable-hardening', env='MOZ_SE
 
 @depends('--enable-hardening', '--enable-address-sanitizer',
          '--enable-optimize', c_compiler, target)
 def security_hardening_cflags(hardening_flag, asan, optimize, c_compiler, target):
     compiler_is_gccish = c_compiler.type in ('gcc', 'clang')
 
     flags = []
     js_flags = []
+    ldflags = []
+    js_ldflags = []
 
     # FORTIFY_SOURCE ------------------------------------
     # If hardening is explicitly enabled, or not explicitly disabled
     if hardening_flag.origin == "default" or hardening_flag:
         # Require optimization for FORTIFY_SOURCE. See Bug 1417452
         # Also, undefine it before defining it just in case a distro adds it, see Bug 1418398
         if compiler_is_gccish and optimize and not asan:
             # Don't enable FORTIFY_SOURCE on Android on the top-level, but do enable in js/
             if target.os != 'Android':
                 flags.append("-U_FORTIFY_SOURCE")
                 flags.append("-D_FORTIFY_SOURCE=2")
             js_flags.append("-U_FORTIFY_SOURCE")
             js_flags.append("-D_FORTIFY_SOURCE=2")
 
+        if c_compiler.type == 'clang-cl':
+            flags.append("-guard:cf")
+            js_flags.append("-guard:cf")
+            ldflags.append("-guard:cf,nolongjmp")
+            js_ldflags.append("-guard:cf,nolongjmp")
+
     # If ASAN _is_ on, undefine FOTIFY_SOURCE just to be safe
     if asan:
         flags.append("-U_FORTIFY_SOURCE")
         js_flags.append("-U_FORTIFY_SOURCE")
 
     # fstack-protector ------------------------------------
     # Enable only if --enable-hardening is passed and ASAN is
     # not on as ASAN will catch the crashes for us
@@ -1595,22 +1603,26 @@ def security_hardening_cflags(hardening_
     if asan:
         # clang-cl does not recognize the flag, it must be passed down to clang
         if c_compiler.type == 'clang-cl':
             flags.append("-Xclang")
         flags.append("-fno-common")
 
     return namespace(
         flags=flags,
+        ldflags=ldflags,
         js_flags=js_flags,
+        js_ldflags=js_ldflags,
     )
 
 
 add_old_configure_assignment('MOZ_HARDENING_CFLAGS', security_hardening_cflags.flags)
+add_old_configure_assignment('MOZ_HARDENING_LDFLAGS', security_hardening_cflags.ldflags)
 add_old_configure_assignment('MOZ_HARDENING_CFLAGS_JS', security_hardening_cflags.js_flags)
+add_old_configure_assignment('MOZ_HARDENING_LDFLAGS_JS', security_hardening_cflags.js_ldflags)
 
 # Code Coverage
 # ==============================================================
 
 js_option('--enable-coverage', env='MOZ_CODE_COVERAGE',
           help='Enable code coverage')
 
 
--- a/js/src/old-configure.in
+++ b/js/src/old-configure.in
@@ -560,16 +560,17 @@ MOZ_DOING_LTO(lto_is_enabled)
 
 dnl ========================================================
 dnl Add optional and non-optional hardening flags from toolchain.configure
 dnl ========================================================
 
 CFLAGS="$CFLAGS $MOZ_HARDENING_CFLAGS_JS"
 CPPFLAGS="$CPPFLAGS $MOZ_HARDENING_CFLAGS_JS"
 CXXFLAGS="$CXXFLAGS $MOZ_HARDENING_CFLAGS_JS"
+LDFLAGS="$CFLAGS $MOZ_HARDENING_LDFLAGS_JS"
 
 dnl ========================================================
 dnl System overrides of the defaults for target
 dnl ========================================================
 
 case "$target" in
 *-darwin*)
     MOZ_OPTIMIZE_FLAGS="-O3 -fno-stack-protector"
--- a/old-configure.in
+++ b/old-configure.in
@@ -459,16 +459,17 @@ fi
 
 dnl ========================================================
 dnl Add optional and non-optional hardening flags
 dnl ========================================================
 
 CFLAGS="$CFLAGS $MOZ_HARDENING_CFLAGS"
 CPPFLAGS="$CPPFLAGS $MOZ_HARDENING_CFLAGS"
 CXXFLAGS="$CXXFLAGS $MOZ_HARDENING_CFLAGS"
+LDFLAGS="$CFLAGS $MOZ_HARDENING_LDFLAGS"
 
 dnl ========================================================
 dnl GNU specific defaults
 dnl ========================================================
 if test "$GNU_CC"; then
     MMX_FLAGS="-mmmx"
     SSE_FLAGS="-msse"
     SSE2_FLAGS="-msse2"