On Thu, 11 Nov 2021 14:43:59 GMT, Andrew Dinn <ad...@openjdk.org> wrote:
>> src/hotspot/cpu/aarch64/globals_aarch64.hpp line 115: >> >>> 113: range(-1, 4096) >>> \ >>> 114: product(bool, UseROPProtection, false, >>> \ >>> 115: "Use ROP based branch protection") >>> \ >> >> The description is not correct. It's protection against certain ROP-based >> attack techniques. > > I don't agree that this is incorrect, at least not for the stated reason. The > flag switches on a protection mechanism that guards against ROP attacks. To > my reading that does not imply it guards against all such attacks, merely > that this is the nature of the protection it offers. > > The description might still be considered incorrect for an unrelated reason. > Its use of the adjectival phrase ROP based constitutes a transferred epithet, > conflating the symptom with the medicine. In other words, the protection > offered is not ROP based i.e. does not rely on an ROP technique. What it does > is protect against ROP attacks. So, I'd suggest rewording to > > "Enable protection of branches against ROP attacks". > > Florian, if you want to argue for rewording that to "Enable protection of > branches against some categories of ROP attacks" or some other equivalently > qualified variant please feel free to make a case. However, I don't think see > any need to add that rider, nor any precedent in any of the other short > descriptions provided in globals.hpp. I did mean the description, not the flag name. ------------- PR: https://git.openjdk.java.net/jdk/pull/6334
