зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1618782 - Enable hardening on win64-aarch64 build when the compiler supports it. r=rstewart
We only enabled hardening with an explicit --enable-hardening because we needed a patch. That patch was applied to upstream clang 8.0.1, so we can now enable automatically whenever using the right version. The explicit --enable-hardening was also not applied to win64-aarch64 debug builds, and this indirectly enables it there too, matching other debug builds. This also avoids breaking debug builds when enabling winchecksec on cross builds. Differential Revision: https://phabricator.services.mozilla.com/D68161 --HG-- extra : moz-landing-system : lando
This commit is contained in:
Родитель
b750110af5
Коммит
f352b032de
|
@ -26,9 +26,3 @@ export MOZ_PACKAGE_JSSHELL=1
|
|||
if test -n "$MOZ_ARTIFACT_TASK_WIN32_OPT"; then
|
||||
ac_add_options --enable-eme=widevine
|
||||
fi
|
||||
|
||||
# Temporary signal to toolchain.configure that our compiler is patched to
|
||||
# support CFG, until such support can be assumed.
|
||||
if test -z "$USE_ARTIFACT"; then
|
||||
ac_add_options --enable-hardening
|
||||
fi
|
||||
|
|
|
@ -1635,10 +1635,8 @@ def security_hardening_cflags(hardening_flag, asan, debug, optimize, c_compiler,
|
|||
js_ldflags.append("-Wl,--dynamicbase")
|
||||
|
||||
# Control Flow Guard (CFG) ----------------------------
|
||||
# On aarch64, this is enabled only with explicit --enable-hardening
|
||||
# (roughly: automation) due to a dependency on a patched clang-cl.
|
||||
if c_compiler.type == 'clang-cl' and c_compiler.version >= '8' and \
|
||||
(target.cpu != 'aarch64' or hardening_flag):
|
||||
(target.cpu != 'aarch64' or c_compiler.version >= '8.0.1'):
|
||||
flags.append("-guard:cf")
|
||||
js_flags.append("-guard:cf")
|
||||
# nolongjmp is needed because clang doesn't emit the CFG tables of
|
||||
|
|
Загрузка…
Ссылка в новой задаче