From 1246a8d6e7466f39a6719debd0fce484b397f9ef Mon Sep 17 00:00:00 2001
From: Eric Christopher <echristo@gmail.com>
Date: Fri, 23 Feb 2018 20:12:24 +0000
Subject: [PATCH] Because of CVE-2018-6574, some compiler options and linker
 options are restricted to prevent arbitrary code execution.

https://github.com/golang/go/issues/23672

By this change, building a Go code with LLVM Go bindings causes a compilation error as follows.

  go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names

llvm-go tool generates cgo LDFLAGS directive from `llvm-config --ldflags` and it contains -Wl,option options. But -Wl,option is banned by default. To avoid this problem, we need to set $CGO_LDFLAGS_ALLOW environment variable to notify a compiler that the flags should be allowed.

  $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'

By default for go 1.10 and go 1.9.5 these options should appear in the accepted set of options, however, if you're running into the error it's useful to have this documented.

Patch by Ryuichi Hayashida

llvm-svn: 325946
---
 llvm/bindings/go/README.txt | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/llvm/bindings/go/README.txt b/llvm/bindings/go/README.txt
index 2fc4afa07715..6ed224d8280e 100644
--- a/llvm/bindings/go/README.txt
+++ b/llvm/bindings/go/README.txt
@@ -51,3 +51,11 @@ CGO_CPPFLAGS, CGO_CXXFLAGS and CGO_LDFLAGS environment variables:
     $ export CGO_CXXFLAGS=-std=c++11
     $ export CGO_LDFLAGS="`/path/to/llvm-build/bin/llvm-config --ldflags --libs --system-libs all`"
     $ go build -tags byollvm
+
+If you see a compilation error while compiling your code with Go 1.9.4 or later as follows,
+
+    go build llvm.org/llvm/bindings/go/llvm: invalid flag in #cgo LDFLAGS: -Wl,-headerpad_max_install_names
+
+you need to setup $CGO_LDFLAGS_ALLOW to allow a compiler to specify some linker options:
+
+    $ export CGO_LDFLAGS_ALLOW='-Wl,(-search_paths_first|-headerpad_max_install_names)'