From a637c04210868cfe737c9ec1717b751898baf046 Mon Sep 17 00:00:00 2001 From: Steve Pfister Date: Fri, 19 Apr 2024 07:17:19 -0700 Subject: [PATCH 1/4] Enable control flow guard for mono on windows Resolves binskim warnings for the runtime and aot compilers on windows. --- src/mono/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mono/CMakeLists.txt b/src/mono/CMakeLists.txt index 47dc6aecf82c6..5dfa77d57c1fc 100644 --- a/src/mono/CMakeLists.txt +++ b/src/mono/CMakeLists.txt @@ -283,6 +283,7 @@ elseif(CLR_CMAKE_HOST_OS STREQUAL "windows") add_compile_options($<$:/GF>) # enable string pooling add_compile_options($<$:/GL>) # whole program optimization add_compile_options($<$:/Zi>) # enable debugging information + add_link_options(/GUARD:cf) add_link_options(/LTCG) # link-time code generation add_link_options(/DEBUG) # enable debugging information add_link_options(/DEBUGTYPE:CV,FIXUP) # enable fixup debug information From a1c2e2a54a6d046a29d9c854d412b0047691f30d Mon Sep 17 00:00:00 2001 From: Steve Pfister Date: Fri, 19 Apr 2024 12:24:25 -0700 Subject: [PATCH 2/4] Add compiler flag too --- src/mono/CMakeLists.txt | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/mono/CMakeLists.txt b/src/mono/CMakeLists.txt index 5dfa77d57c1fc..b4398926d7011 100644 --- a/src/mono/CMakeLists.txt +++ b/src/mono/CMakeLists.txt @@ -272,18 +272,19 @@ elseif(CLR_CMAKE_HOST_OS STREQUAL "windows") set(MONO_ZERO_LEN_ARRAY 1) set(INTERNAL_ZLIB 1) set(CMAKE_MSVC_RUNTIME_LIBRARY "MultiThreaded$<$:Debug>") # statically link VC runtime library - add_compile_options($<$:/W4>) # set warning level 4 - add_compile_options($<$:/WX>) # treat warnings as errors - add_compile_options($<$:/wd4324>) # 'struct_name' : structure was padded due to __declspec(align()) - add_compile_options($<$:/EHsc>) # set exception handling behavior - add_compile_options($<$:/FC>) # use full pathnames in diagnostics + add_compile_options($<$:/W4>) # set warning level 4 + add_compile_options($<$:/WX>) # treat warnings as errors + add_compile_options($<$:/wd4324>) # 'struct_name' : structure was padded due to __declspec(align()) + add_compile_options($<$:/EHsc>) # set exception handling behavior + add_compile_options($<$:/FC>) # use full pathnames in diagnostics + add_compile_options($<$:/GUARD:cf) # Enable control flow guard add_link_options(/STACK:0x800000) # set stack size to 8MB (default is 1MB) + add_link_options(/GUARD:cf) if(CMAKE_BUILD_TYPE STREQUAL "Release") add_compile_options($<$:/Oi>) # enable intrinsics add_compile_options($<$:/GF>) # enable string pooling add_compile_options($<$:/GL>) # whole program optimization add_compile_options($<$:/Zi>) # enable debugging information - add_link_options(/GUARD:cf) add_link_options(/LTCG) # link-time code generation add_link_options(/DEBUG) # enable debugging information add_link_options(/DEBUGTYPE:CV,FIXUP) # enable fixup debug information From 2e9a97cc6d40377de64611183c841e5e7dc497b0 Mon Sep 17 00:00:00 2001 From: Steve Pfister Date: Sat, 20 Apr 2024 08:19:28 -0700 Subject: [PATCH 3/4] Case matters - add_compile_options didn't work, so append to C_FLAGS instead --- src/mono/CMakeLists.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mono/CMakeLists.txt b/src/mono/CMakeLists.txt index b4398926d7011..8e369af637268 100644 --- a/src/mono/CMakeLists.txt +++ b/src/mono/CMakeLists.txt @@ -277,9 +277,9 @@ elseif(CLR_CMAKE_HOST_OS STREQUAL "windows") add_compile_options($<$:/wd4324>) # 'struct_name' : structure was padded due to __declspec(align()) add_compile_options($<$:/EHsc>) # set exception handling behavior add_compile_options($<$:/FC>) # use full pathnames in diagnostics - add_compile_options($<$:/GUARD:cf) # Enable control flow guard + append("/guard:cf" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) # Enable control flow guard add_link_options(/STACK:0x800000) # set stack size to 8MB (default is 1MB) - add_link_options(/GUARD:cf) + add_link_options(/guard:cf) if(CMAKE_BUILD_TYPE STREQUAL "Release") add_compile_options($<$:/Oi>) # enable intrinsics add_compile_options($<$:/GF>) # enable string pooling From 124e8020e8a28bf438b018c0842e9dcfee93671d Mon Sep 17 00:00:00 2001 From: Jan Kotas Date: Sat, 20 Apr 2024 08:56:58 -0700 Subject: [PATCH 4/4] Update src/mono/CMakeLists.txt MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Alexander Köplinger --- src/mono/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mono/CMakeLists.txt b/src/mono/CMakeLists.txt index 8e369af637268..9fcbb6d821965 100644 --- a/src/mono/CMakeLists.txt +++ b/src/mono/CMakeLists.txt @@ -277,7 +277,7 @@ elseif(CLR_CMAKE_HOST_OS STREQUAL "windows") add_compile_options($<$:/wd4324>) # 'struct_name' : structure was padded due to __declspec(align()) add_compile_options($<$:/EHsc>) # set exception handling behavior add_compile_options($<$:/FC>) # use full pathnames in diagnostics - append("/guard:cf" CMAKE_C_FLAGS CMAKE_CXX_FLAGS) # Enable control flow guard + add_compile_options($<$:/guard:cf>) # Enable control flow guard add_link_options(/STACK:0x800000) # set stack size to 8MB (default is 1MB) add_link_options(/guard:cf) if(CMAKE_BUILD_TYPE STREQUAL "Release")