workaround: disable CFG longjmp protection for Windows on Arm

LLD has a known code-generation defect around setjmp/longjmp on this platform. Temporarily workaround by passing /guard:cf,nolongjmp which should stop the crashing until LLD's fixed. Bug: 1126549 Change-Id: I26871b23428bcbeaff7cda7cd136cdd3414eaa54 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2405755 Commit-Queue: Richard Townsend <richard.townsend@arm.com> Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Bruce Dawson <brucedawson@chromium.org> Cr-Commit-Position: refs/heads/master@{#806301}

workaround: disable CFG longjmp protection for Windows on Arm
LLD has a known code-generation defect around setjmp/longjmp on this platform. Temporarily workaround by passing /guard:cf,nolongjmp which should stop the crashing until LLD's fixed. Bug: 1126549 Change-Id: I26871b23428bcbeaff7cda7cd136cdd3414eaa54 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2405755 Commit-Queue: Richard Townsend <richard.townsend@arm.com> Reviewed-by: Will Harris <wfh@chromium.org> Reviewed-by: Bruce Dawson <brucedawson@chromium.org> Cr-Commit-Position: refs/heads/master@{#806301}
c6261851 · Richard Townsend · Commit Bot · db40bb5e · c6261851 · c6261851
Commit c6261851 authored Sep 11, 2020 by Richard Townsend Committed by Commit Bot Sep 11, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 32 additions and 1 deletion

build/config/win/BUILD.gn build/config/win/BUILD.gn +7 -1

sandbox/win/tests/integration_tests/cfi_unittest.cc sandbox/win/tests/integration_tests/cfi_unittest.cc +25 -0

No files found.
--- a/build/config/win/BUILD.gn
+++ b/build/config/win/BUILD.gn
@@ -356,7 +356,13 @@ config("cfi_linker") {
  # for now. https://crbug.com/846966
  if (!is_debug && !is_asan) {
    # Turn on CFG bitmap generation and CFG load config.
-    ldflags = [ "/guard:cf" ]
+    if (target_cpu == "arm64") {
+      # longjmp protection is temporarily disabled on Windows on Arm64 due to
+      # a code-generation defect. https://crbug.com/1126549
+      ldflags = [ "/guard:cf,nolongjmp" ]
+    } else {
+      ldflags = [ "/guard:cf" ]
+    }
  }
 }


--- a/sandbox/win/tests/integration_tests/cfi_unittest.cc
+++ b/sandbox/win/tests/integration_tests/cfi_unittest.cc
@@ -7,6 +7,7 @@

 #include "base/files/file_path.h"
 #include "base/files/scoped_temp_dir.h"
+#include "base/notreached.h"
 #include "base/path_service.h"
 #include "base/win/windows_version.h"
 #include "build/build_config.h"
@@ -49,6 +50,30 @@ DWORD CALLBACK CopyProgressRoutine(LARGE_INTEGER total_file_size,

 }  // namespace

+static jmp_buf buf;
+
+__declspec(noinline) void PerformLongJump() {
+  // Inlining is explicitly disabled for this function because it
+  // would eliminate CFG protections.
+  longjmp(buf, 1);
+}
+
+// Windows on Arm is affected by an LLD code-generation defect around longjmp.
+// This regression test checks that using setjmp/longjmp with CFG doesn't
+// crash the browser (libjpeg-turbo uses this pattern for error reporting).
+TEST(CFGSupportTests, LongJmp) {
+  // Initially, setjmp returns zero indicating that the PC etc has been saved in
+  // buf.
+  if (setjmp(buf)) {
+    // Test passes if execution flow reaches here.
+    EXPECT_TRUE(true);
+    return;
+  }
+  // Call another function to perform the longjmp.
+  PerformLongJump();
+  NOTREACHED();
+}
+
 // Make sure Microsoft binaries compiled with CFG cannot call indirect pointers
 // not listed in the loader config for this test binary.
 TEST(CFGSupportTests, MsIndirectFailure) {