Allow CFG guards to be generated with gn config.

This CL adds a gn flag "win_enable_cfg_guards" to allow CFG guard dispatch calls to be generated by the compiler. This also adds a test to verify that a guarded indirect call to an invalid location results in a 0xC0000409 fast fail. It also turns on the CFI linker for base_unittests and sbox_integration_tests. BUG=584575 Cq-Include-Trybots: luci.chromium.try:win7-rel Change-Id: I446d3a28733a46fa4d8f96f28cdfc7b132b10772 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2300634 Reviewed-by: Dirk Pranke <dpranke@google.com> Reviewed-by: Bruce Dawson <brucedawson@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Commit-Queue: Will Harris <wfh@chromium.org> Cr-Commit-Position: refs/heads/master@{#790525} GitOrigin-RevId: c218db2304ec87cea3b30349e4f8ab75d923495c
2020-07-21 20:20:57 +00:00 · 2020-07-21 20:20:57 +00:00 · 7f23710494
--- a/config/win/BUILD.gn
+++ b/config/win/BUILD.gn
@ -6,6 +6,7 @@ import("//build/config/chrome_build.gni")
 import("//build/config/clang/clang.gni")
 import("//build/config/compiler/compiler.gni")
 import("//build/config/sanitizers/sanitizers.gni")
+import("//build/config/win/control_flow_guard.gni")
 import("//build/config/win/visual_studio_version.gni")
 import("//build/timestamp.gni")
 import("//build/toolchain/goma.gni")
@ -89,11 +90,15 @@ config("compiler") {
    # Tell clang which version of MSVC to emulate.
    cflags += [ "-fmsc-version=1916" ]

-    # Emit table of address-taken functions for Control-Flow Guard (CFG). We
-    # don't emit the CFG checks themselves, but this enables the functions to
-    # be called by code that is built with those checks enabled, such as system
-    # libraries.
-    cflags += [ "/guard:cf,nochecks" ]
+    # Emit table of address-taken functions for Control-Flow Guard (CFG).
+    # This is needed to allow functions to be called by code that is built
+    # with CFG enabled, such as system libraries.
+    # The CFG guards are only emitted if |win_enable_cfg_guards| is enabled.
+    if (win_enable_cfg_guards) {
+      cflags += [ "/guard:cf" ]
+    } else {
+      cflags += [ "/guard:cf,nochecks" ]
+    }

    if (is_component_build) {
      cflags += [
--- a/config/win/control_flow_guard.gni
+++ b/config/win/control_flow_guard.gni
@ -0,0 +1,23 @@
+# Copyright 2020 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+import("//build/config/sanitizers/sanitizers.gni")
+
+declare_args() {
+  # Set this to true to enable generation of CFG indirect call dispatch
+  # guards.
+  win_enable_cfg_guards = false
+}
+
+if (win_enable_cfg_guards) {
+  # Control Flow Guard (CFG)
+  # https://msdn.microsoft.com/en-us/library/windows/desktop/mt637065.aspx
+  # /DYNAMICBASE (ASLR) is turned off in debug builds, therefore CFG can't be
+  # turned on either.
+  # ASan and CFG leads to slow process startup. Chromium's test runner uses
+  # lots of child processes, so this means things are really slow. Disable CFG
+  # for now. https://crbug.com/846966
+  assert(!is_debug && !is_asan,
+         "CFG does not work well in debug builds or with ASAN")
+}