diff options
| author | Russ Cox <rsc@golang.org> | 2024-11-05 13:51:32 -0500 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2024-11-13 01:25:15 +0000 |
| commit | 239dbd7dbac883d6f9b6522774a0dfd519f77fa8 (patch) | |
| tree | 1275ae3fd7f8fc487636bce39f31a3e9094b579e /src/cmd/compile/internal/walk | |
| parent | 7eeb0a188eb644486da9f77bae0375d91433d0bf (diff) | |
| download | go-239dbd7dbac883d6f9b6522774a0dfd519f77fa8.tar.xz | |
cmd/compile, cmd/link: add FIPS verification support
For FIPS init-time code+data verification, we need to arrange to
put the FIPS symbols into contiguous regions of the executable
and then record those sections along with the expected checksum.
The cmd/internal/obj changes identify the FIPS symbols and give
them distinguished types, which the linker then places in contiguous
regions. The linker also writes out information to use at run time
to find the FIPS sections, along with the expected hash.
See cmd/internal/obj/fips.go and cmd/link/internal/ld/fips.go
for more details.
The code is disabled in this commit.
CL 625998 and 625999 adds tests.
CL 626000 enables the code.
For #69536.
Change-Id: I48da6db94bc0bea7428c43d4abcf999527bccfcd
Reviewed-on: https://go-review.googlesource.com/c/go/+/625997
Auto-Submit: Russ Cox <rsc@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Diffstat (limited to 'src/cmd/compile/internal/walk')
| -rw-r--r-- | src/cmd/compile/internal/walk/complit.go | 5 | ||||
| -rw-r--r-- | src/cmd/compile/internal/walk/order.go | 7 |
2 files changed, 10 insertions, 2 deletions
diff --git a/src/cmd/compile/internal/walk/complit.go b/src/cmd/compile/internal/walk/complit.go index cfdc8becfe..70750ab037 100644 --- a/src/cmd/compile/internal/walk/complit.go +++ b/src/cmd/compile/internal/walk/complit.go @@ -153,7 +153,10 @@ func isStaticCompositeLiteral(n ir.Node) bool { case ir.OLITERAL, ir.ONIL: return true case ir.OCONVIFACE: - // See staticassign's OCONVIFACE case for comments. + // See staticinit.Schedule.StaticAssign's OCONVIFACE case for comments. + if base.Ctxt.IsFIPS() && base.Ctxt.Flag_shared { + return false + } n := n.(*ir.ConvExpr) val := ir.Node(n) for val.Op() == ir.OCONVIFACE { diff --git a/src/cmd/compile/internal/walk/order.go b/src/cmd/compile/internal/walk/order.go index 896088901e..613edf497b 100644 --- a/src/cmd/compile/internal/walk/order.go +++ b/src/cmd/compile/internal/walk/order.go @@ -220,7 +220,12 @@ func (o *orderState) safeExpr(n ir.Node) ir.Node { // // n.Left = o.addrTemp(n.Left) func (o *orderState) addrTemp(n ir.Node) ir.Node { - if n.Op() == ir.OLITERAL || n.Op() == ir.ONIL { + // Note: Avoid addrTemp with static assignment for literal strings + // when compiling FIPS packages. + // The problem is that panic("foo") ends up creating a static RODATA temp + // for the implicit conversion of "foo" to any, and we can't handle + // the relocations in that temp. + if n.Op() == ir.ONIL || (n.Op() == ir.OLITERAL && !base.Ctxt.IsFIPS()) { // TODO: expand this to all static composite literal nodes? n = typecheck.DefaultLit(n, nil) types.CalcSize(n.Type()) |