On Wed, Apr 18, 2018 at 5:08 AM, Uros Bizjak <ubiz...@gmail.com> wrote:
> On Wed, Apr 18, 2018 at 1:57 PM, H.J. Lu <hjl.to...@gmail.com> wrote:
>> On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubiz...@gmail.com> wrote:
>>> On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.to...@gmail.com> wrote:
>>>
>>>>>> Here is a patch to add -mnop and use it with -fcf-protection.
>>>>>
>>>>> +mnop
>>>>> +Target Report Var(flag_nop) Init(0)
>>>>> +Support multi-byte NOP code generation.
>>>>>
>>>>> the option name is incredibly bad and the documentation doesn't make it
>>>>> better either. The invoke.texi docs refer to duplicate {-mcet}.
>>>>>
>>>>> Isn't there a -fcf-protection sub-set that can be used to automatically
>>>>> enable this? Or simply do this mode by default when
>>>>> -fcf-protection is used but neither -mcet nor -mibt is enabled?
>>>>
>>>> Make -fcf-protection default to multi-byte NOPs works. Uros,
>>>> should I prepare a patch?
>>>
>>> Please make it an opt-in feature, so the compiler won't litter the
>>> executable with unnecessary nops without user consent.
>>>
>>
>> -fcf-protection is off by default. Users need to pass -fcf-protection
>> to enable it. I will work on such a patch.
>
> Please note that currently all libraries are compiled with
> "-fcf-protection -mcet" by default, even without using --enable-cet
> during configure. The CET instrumentation of libraries should be put
> under strict user control, so please remove the "default" from
> config/cet.m4.
>
Igor, please prepare such a patch to config/cet.m4.
--
H.J.
