On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubiz...@gmail.com> wrote: > On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.to...@gmail.com> wrote: > >>>> Here is a patch to add -mnop and use it with -fcf-protection. >>> >>> +mnop >>> +Target Report Var(flag_nop) Init(0) >>> +Support multi-byte NOP code generation. >>> >>> the option name is incredibly bad and the documentation doesn't make it >>> better either. The invoke.texi docs refer to duplicate {-mcet}. >>> >>> Isn't there a -fcf-protection sub-set that can be used to automatically >>> enable this? Or simply do this mode by default when >>> -fcf-protection is used but neither -mcet nor -mibt is enabled? >> >> Make -fcf-protection default to multi-byte NOPs works. Uros, >> should I prepare a patch? > > Please make it an opt-in feature, so the compiler won't litter the > executable with unnecessary nops without user consent. >
-fcf-protection is off by default. Users need to pass -fcf-protection to enable it. I will work on such a patch. Thanks. -- H.J.