Disable CFI only on incompatible variants.
Only disable CFI on incompatible variants rather than the base module.
Bug: 142157676
Test: Manual llvm-cfi-verify checks
Change-Id: I999e1dbcccc1ffb102b2fe01c47f1bda4df5e601
diff --git a/cc/sanitize.go b/cc/sanitize.go
index 6e809bf..a342cd2 100644
--- a/cc/sanitize.go
+++ b/cc/sanitize.go
@@ -995,11 +995,6 @@
modules[0].(*Module).sanitize.SetSanitizer(t, true)
} else if c.sanitize.isSanitizerEnabled(t) || c.sanitize.Properties.SanitizeDep {
isSanitizerEnabled := c.sanitize.isSanitizerEnabled(t)
- if mctx.Device() && t.incompatibleWithCfi() {
- // TODO: Make sure that cfi mutator runs "after" any of the sanitizers that
- // are incompatible with cfi
- c.sanitize.SetSanitizer(cfi, false)
- }
if c.static() || c.header() || t == asan || t == fuzzer {
// Static and header libs are split into non-sanitized and sanitized variants.
// Shared libs are not split. However, for asan and fuzzer, we split even for shared
@@ -1021,6 +1016,12 @@
modules[0].(*Module).sanitize.Properties.SanitizeDep = false
modules[1].(*Module).sanitize.Properties.SanitizeDep = false
+ if mctx.Device() && t.incompatibleWithCfi() {
+ // TODO: Make sure that cfi mutator runs "after" any of the sanitizers that
+ // are incompatible with cfi
+ modules[1].(*Module).sanitize.SetSanitizer(cfi, false)
+ }
+
// For cfi/scs/hwasan, we can export both sanitized and un-sanitized variants
// to Make, because the sanitized version has a different suffix in name.
// For other types of sanitizers, suppress the variation that is disabled.
@@ -1058,6 +1059,12 @@
if mctx.Device() && t == asan && isSanitizerEnabled {
modules[0].(*Module).sanitize.Properties.InSanitizerDir = true
}
+
+ if mctx.Device() && t.incompatibleWithCfi() {
+ // TODO: Make sure that cfi mutator runs "after" any of the sanitizers that
+ // are incompatible with cfi
+ modules[0].(*Module).sanitize.SetSanitizer(cfi, false)
+ }
}
}
c.sanitize.Properties.SanitizeDep = false