Add a build flavor to opt-out of BTCFI on OpenBSD. #80389
Conversation
To work-around swiftlang#80059, we need to stop return address signing and opt-out of BTCFI enforcement via enabling a platform linker option. We don't want to completely undo the BTCFI work in the rare case that we later figure out how to properly address the above issue, or allow users who might want to benefit from BTCFI enforcement and won't use Concurrency. To do this, condition the existing BTCFI flag enforcement into a configuration option that defaults to off for now. Because the new swift-driver needs to "know" whether the frontend is configured to opt-out or not, and since the new driver communicates with the frontend via the target info JSON to begin with, we add a field that emits the build flavor to signal the right behavior.
|
@swift-ci please test. |
On the swift side, we added a new build flavor in swiftlang/swift#80389 to opt-out of BTCFI as a way of working around swiftlang/swift#80059. We communicate this to swift-driver via the frontend with FrontendTargetInfo.
|
@swift-ci please test Windows platform. |
|
@swift-ci please smoke test macOS platform. |
|
(I don't believe the macOS CI failures are related to this pr.) |
|
@swift-ci please test macOS |
|
I'd love to better understand this comment
and whether it's a technical issue (there's nontrivial work to do) or a choice that we could undo. In other words, what kind of path do we have toward not needing this option in the future on OpenBSD? |
|
Right now, my suspicion is solely because of indications like |
Okay! It makes sense to get a toolchain building end-to-end first, then figure out how to get BTCFI enforcement working. |
|
@swift-ci please test macOS |
|
Please merge on my behalf when ready, thank you! |
Done! |
This was accidentally left off from swiftlang#80389, and will properly ensure BTCFI enforcement is disabled on the platform when required.
This was accidentally left off from swiftlang#80389, and will properly ensure BTCFI enforcement is disabled on the platform when required.
On the swift side, we added a new build flavor in swiftlang/swift#80389 to opt-out of BTCFI as a way of working around swiftlang/swift#80059. We communicate this to swift-driver via the frontend with FrontendTargetInfo.
To work-around #80059, we need to stop return address signing and opt-out of BTCFI enforcement via enabling a platform linker option.
We don't want to completely undo the BTCFI work in the rare case that we later figure out how to properly address the above issue, or allow users who might want to benefit from BTCFI enforcement and won't use Concurrency. To do this, condition the existing BTCFI flag enforcement into a configuration option that defaults to off for now.
Because the new swift-driver needs to "know" whether the frontend is configured to opt-out or not, and since the new driver communicates with the frontend via the target info JSON to begin with, we add a field that emits the build flavor to signal the right behavior.