0001-Part-1.-Add-generic-part-for-Intel-CET-enabling

["Tsimbalist, Igor V" <igor dot v dot tsimbalist at intel dot com>]

Part#1. Add generic part for Intel CET enabling.

The spec is available at

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf

High-level design.
------------------

A proposal is to introduce a target independent flag
-finstrument-control-flow with a semantic to instrument a code to
control validness or integrity of control-flow transfers using jump
and call instructions. The main goal is to detect and block a possible
malware execution through transfer the execution to unknown target
address. Implementation could be either software or target based. Any
target platforms can provide their implementation for instrumentation
under this option.

When the -finstrument-control-flow flag is set each implementation has
to check if a support exists for a target platform and report an error
if no support is found.

The compiler should instrument any control-flow transfer points in a
program (ex. call/jmp/ret) as well as any landing pads, which are
targets of for control-flow transfers.

A new 'notrack' attribute is introduced to provide hand tuning support.
The attribute directs the compiler to skip a call to a function and a
function's landing pad from instrumentation (tracking). The attribute
can be used for function and pointer to function types, otherwise it
will be ignored. The attribute is saved in a type and propagated to a
GIMPLE call statement and later to a call instruction.

Currently all platforms except i386 will report the error and do no
instrumentation. i386 will provide the implementation based on a
specification published by Intel for a new technology called
Control-flow Enforcement Technology (CET).

Attachment: 0001-Part-1.-Add-generic-part-for-Intel-CET-enabling.patch
Description: 0001-Part-1.-Add-generic-part-for-Intel-CET-enabling.patch