On 10/12/2017 02:12 AM, Tsimbalist, Igor V wrote: >> Seems reasonable. As a result something like >> check_missing_nocf_check_attribute is going to just go away along with the >> code in *-typeck.c which called it, right? If so that seems like a nice >> cleanup. > Yes, you are right. > > Updated patch is attached. > > > High-level design. > ------------------ > > A proposal is to introduce a target independent flag > -fcf-protection=[none|branch|return|full] with a semantic to > instrument a code to control validness or integrity of control-flow > transfers using jump and call instructions. The main goal is to detect > and block a possible malware execution through transfer the execution > to unknown target address. Implementation could be either software or > target based. Any target platforms can provide their implementation > for instrumentation under this option. > > When the -fcf-protection flag is set each implementation has > to check if a support exists for a target platform and report an error > if no support is found. > > The compiler should instrument any control-flow transfer points in a > program (ex. call/jmp/ret) as well as any landing pads, which are > targets of control-flow transfers. > > A new 'nocf_check' attribute is introduced to provide hand tuning > support. The attribute directs the compiler to skip a call to a > function and a function's landing pad from instrumentation. The > attribute can be used for function and pointer to function types, > otherwise it will be ignored. The attribute is saved in a type and > propagated to a GIMPLE call statement and later to a call instruction. > > Currently all platforms except i386 will report the error and do no > instrumentation. i386 will provide the implementation based on a > specification published by Intel for a new technology called > Control-flow Enforcement Technology (CET). > > gcc/c-family/ > * c-attribs.c (handle_nocf_check_attribute): New function. > (c_common_attribute_table): Add 'nocf_check' handling. > > gcc/c/ > * gimple-parser.c: Add second argument NULL to > gimple_build_call_from_tree. > > gcc/ > * attrib.c (comp_type_attributes): Check nocf_check attribute. > * cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for > call insn. > * combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling. > * common.opt: Add fcf-protection flag. > * emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling. > * flag-types.h: Add enum cf_protection_level. > * gimple.c (gimple_build_call_from_tree): Add second parameter. > Add 'nocf_check' attribute propagation to gimple call. > * gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK. > (gimple_build_call_from_tree): Update prototype. > (gimple_call_nocf_check_p): New function. > (gimple_call_set_nocf_check): Likewise. > * gimplify.c: Add second argument to gimple_build_call_from_tree. > * ipa-icf.c: Add nocf_check attribute in statement hash. > * recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling. > * reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK). > * toplev.c (process_options): Add flag_cf_protection handling. OK. Sorry about the long delays.
jeff
