[PATCH] x86: Allow -fcf-protection with multi-byte NOPs
H.J. Lu
hjl.tools@gmail.com
Wed Apr 18 11:57:00 GMT 2018
On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubizjak@gmail.com> wrote:
> On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
>
>>>> Here is a patch to add -mnop and use it with -fcf-protection.
>>>
>>> +mnop
>>> +Target Report Var(flag_nop) Init(0)
>>> +Support multi-byte NOP code generation.
>>>
>>> the option name is incredibly bad and the documentation doesn't make it
>>> better either. The invoke.texi docs refer to duplicate {-mcet}.
>>>
>>> Isn't there a -fcf-protection sub-set that can be used to automatically
>>> enable this? Or simply do this mode by default when
>>> -fcf-protection is used but neither -mcet nor -mibt is enabled?
>>
>> Make -fcf-protection default to multi-byte NOPs works. Uros,
>> should I prepare a patch?
>
> Please make it an opt-in feature, so the compiler won't litter the
> executable with unnecessary nops without user consent.
>
-fcf-protection is off by default. Users need to pass -fcf-protection
to enable it. I will work on such a patch.
Thanks.
--
H.J.
More information about the Gcc-patches
mailing list