This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] x86: Allow -fcf-protection with multi-byte NOPs
On Wed, Apr 18, 2018 at 04:57:41AM -0700, H.J. Lu wrote:
> On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubizjak@gmail.com> wrote:
> > On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
> >
> >>>> Here is a patch to add -mnop and use it with -fcf-protection.
> >>>
> >>> +mnop
> >>> +Target Report Var(flag_nop) Init(0)
> >>> +Support multi-byte NOP code generation.
> >>>
> >>> the option name is incredibly bad and the documentation doesn't make it
> >>> better either. The invoke.texi docs refer to duplicate {-mcet}.
> >>>
> >>> Isn't there a -fcf-protection sub-set that can be used to automatically
> >>> enable this? Or simply do this mode by default when
> >>> -fcf-protection is used but neither -mcet nor -mibt is enabled?
> >>
> >> Make -fcf-protection default to multi-byte NOPs works. Uros,
> >> should I prepare a patch?
> >
> > Please make it an opt-in feature, so the compiler won't litter the
> > executable with unnecessary nops without user consent.
> >
>
> -fcf-protection is off by default. Users need to pass -fcf-protection
> to enable it. I will work on such a patch.
That is not true. When building gcc itself, config/cet.m4 makes
-fcf-protection -mcet the default if assembler supports it.
The request was to change --enable-cet configure option from having
yes,no,default arguments with default autodetection and being a default
if --enable-cet*/--disable-cet is not specified to say
yes,no,auto arguments where no would be the default and auto would be the
current default - enable it if as supports it, disable otherwise.
Jakub