On 09/27/2017 06:27 AM, Tsimbalist, Igor V wrote:
Updated version #4.
[snip]
@@ -11348,6 +11349,31 @@ is used to link a program, the GCC driver
automatically links
against @file{libmpxwrappers}. See also @option{-static-libmpxwrappers}.
Enabled by default.
+@item -fcf-protection==@r{[}full@r{|}branch@r{|}return@r{|}none@r{]}
+@opindex fcf-protection
+Enable code instrumentation of control-flow transfers to increase
+program security by checking that target addresses of control-flow
+transfer instructions (such as indirect function call, function return,
+indirect jump) are valid. This prevents diverting the flow of control
+to an unexpected target. This is intended to protect against such
+threats as Return-oriented Programming (ROP), and similarly
+call/jmp-oriented programming (COP/JOP).
+
+For all targets, which do not support the @option{-fcf-protection}
+option, the option usage results in an error message.
Please take this sentence out. It's ungrammatical and verbose and
unnecessary.
Note that several of the other options described in this section are not
enabled on all targets either. E.g., I've just been looking at fixing
the nios2 backend to make -fstack-protector work, and there is nothing
in the manual to say that GCC issues an error if there's no target
support, even though that's what it does.
The patch is OK to commit with that change.
-Sandra