Bug 1302891 - Part 1 - Add --enable-cfi configuration flag; r?glandium
MozReview-Commit-ID: 6uEubI6QDnR
--- a/build/moz.configure/old.configure
+++ b/build/moz.configure/old.configure
@@ -159,16 +159,17 @@ def old_configure_options(*options):
'--enable-accessibility',
'--enable-address-sanitizer',
'--enable-alsa',
'--enable-android-omx',
'--enable-b2g-bt',
'--enable-b2g-camera',
'--enable-b2g-ril',
'--enable-bundled-fonts',
+ '--enable-cfi',
'--enable-clang-plugin',
'--enable-content-sandbox',
'--enable-cookies',
'--enable-cpp-rtti',
'--enable-crashreporter',
'--enable-dbus',
'--enable-debug-js-modules',
'--enable-directshow',
--- a/js/src/old-configure.in
+++ b/js/src/old-configure.in
@@ -88,16 +88,37 @@ fi
case "$target" in
*-apple-darwin*)
MOZ_IOS_SDK
;;
esac
dnl ========================================================
+dnl = Use Control-Flow Integrity in Clang
+dnl ========================================================
+MOZ_ARG_ENABLE_BOOL(cfi,
+[ --enable-cfi Enable CFI (default=no)],
+ MOZ_CFI=1,
+ MOZ_CFI= )
+if test -n "$MOZ_CFI"; then
+ # add vcall cfi flags
+ CFLAGS="$CFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso"
+ CXXFLAGS="$CXXFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso"
+ LDFLAGS="$LDFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso -ldl"
+
+ # enable/disable code based on this flag
+ CFLAGS="$CFLAGS -DMOZ_CFI"
+ AC_DEFINE(MOZ_CFI)
+
+ # prevent undefined reference __cfi_check errors
+ MOZ_NO_WLZDEFS=1
+fi
+
+dnl ========================================================
dnl Checks for compilers.
dnl ========================================================
dnl AR_FLAGS set here so HOST_AR_FLAGS can be set correctly (see bug 538269)
AR_FLAGS='crs $@'
if test "$COMPILE_ENVIRONMENT"; then
--- a/old-configure.in
+++ b/old-configure.in
@@ -194,16 +194,84 @@ case "$target" in
;;
esac
AC_SUBST(ANDROID_SOURCE)
AC_SUBST(ANDROID_PACKAGE_NAME)
AC_SUBST(OBJCOPY)
dnl ========================================================
+dnl = Use Control-Flow Integrity in Clang
+dnl ========================================================
+MOZ_ARG_ENABLE_BOOL(cfi,
+[ --enable-cfi Enable CFI (default=no)],
+ MOZ_CFI=1,
+ MOZ_CFI= )
+if test -n "$MOZ_CFI"; then
+ # add vcall cfi flags
+ CFLAGS="$CFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso"
+ CXXFLAGS="$CXXFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso"
+ LDFLAGS="$LDFLAGS -flto -fsanitize=cfi-vcall -fsanitize-cfi-cross-dso -ldl"
+
+ # enable/disable code based on this flag
+ CFLAGS="$CFLAGS -DMOZ_CFI"
+ AC_DEFINE(MOZ_CFI)
+
+ # prevent undefined reference __cfi_check errors
+ MOZ_NO_WLZDEFS=1
+
+ if $CC -Wl,--version 2>&1 | grep -q "GNU gold" ; then
+ echo "ld is ld.gold"
+ else
+ # Try to set ld.gold
+ LD_GOLD=$(which ld.gold)
+ if test -n "$LD_GOLD"; then
+ # Copy ld.gold to ld in the directory where ld.gold resides
+ LD_LINKER="${LD_GOLD%.*}"
+ cp "$LD_GOLD" "$LD_LINKER"
+ else
+ echo "Could not find ld.gold. Please add path of ld.gold to PATH env."
+ exit 1
+ fi
+
+ if $CC -Wl,--version 2>&1 | grep -q "GNU gold" ; then
+ echo "ld is ld.gold"
+ else
+ echo "Could not set ld.gold as the linker."
+ echo "Please ensure that ld is the gold linker (ld.gold)."
+ exit 1
+ fi
+ fi
+
+
+ LLVM_NM=$(which llvm-nm)
+ GNU_NM=$(which nm)
+ if test -n "$LLVM_NM"; then
+ cp "$LLVM_NM" "$GNU_NM"
+ else
+ echo "Could not find llvm-nm. Please add path of llvm/bin to PATH env."
+ exit 1
+ fi
+
+# if test -n "$LD_GOLD"; then
+# mkdir -p $_objdir/build/unix/gold
+# rm -f $_objdir/build/unix/gold/ld
+# ln -s "$LD_GOLD" $_objdir/build/unix/gold/ld
+# if $CC -B $_objdir/build/unix/gold -Wl,--version 2>&1 | grep -q "GNU gold"; then
+# LDFLAGS="$LDFLAGS -B $_objdir/build/unix/gold"
+# else
+# rm -rf $_objdir/build/unix/gold
+# fi
+#
+# # use ld gold for everything
+# cp $LD_GOLD /usr/bin/ld
+# fi
+fi
+
+dnl ========================================================
dnl Checks for compilers.
dnl ========================================================
dnl AR_FLAGS set here so HOST_AR_FLAGS can be set correctly (see bug 538269)
AR_FLAGS='crs $@'
if test "$COMPILE_ENVIRONMENT"; then