On 09/27/2017 06:27 AM, Tsimbalist, Igor V wrote:
Updated version #4.[snip] @@ -11348,6 +11349,31 @@ is used to link a program, the GCC driver automatically links against @file{libmpxwrappers}. See also @option{-static-libmpxwrappers}. Enabled by default. +@item -fcf-protection==@r{[}full@r{|}branch@r{|}return@r{|}none@r{]} +@opindex fcf-protection +Enable code instrumentation of control-flow transfers to increase +program security by checking that target addresses of control-flow +transfer instructions (such as indirect function call, function return, +indirect jump) are valid. This prevents diverting the flow of control +to an unexpected target. This is intended to protect against such +threats as Return-oriented Programming (ROP), and similarly +call/jmp-oriented programming (COP/JOP). + +For all targets, which do not support the @option{-fcf-protection} +option, the option usage results in an error message.
Please take this sentence out. It's ungrammatical and verbose and unnecessary.
Note that several of the other options described in this section are not enabled on all targets either. E.g., I've just been looking at fixing the nios2 backend to make -fstack-protector work, and there is nothing in the manual to say that GCC issues an error if there's no target support, even though that's what it does.
The patch is OK to commit with that change. -Sandra
