On Wed, Apr 18, 2018 at 04:57:41AM -0700, H.J. Lu wrote: > On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubiz...@gmail.com> wrote: > > On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.to...@gmail.com> wrote: > > > >>>> Here is a patch to add -mnop and use it with -fcf-protection. > >>> > >>> +mnop > >>> +Target Report Var(flag_nop) Init(0) > >>> +Support multi-byte NOP code generation. > >>> > >>> the option name is incredibly bad and the documentation doesn't make it > >>> better either. The invoke.texi docs refer to duplicate {-mcet}. > >>> > >>> Isn't there a -fcf-protection sub-set that can be used to automatically > >>> enable this? Or simply do this mode by default when > >>> -fcf-protection is used but neither -mcet nor -mibt is enabled? > >> > >> Make -fcf-protection default to multi-byte NOPs works. Uros, > >> should I prepare a patch? > > > > Please make it an opt-in feature, so the compiler won't litter the > > executable with unnecessary nops without user consent. > > > > -fcf-protection is off by default. Users need to pass -fcf-protection > to enable it. I will work on such a patch.
That is not true. When building gcc itself, config/cet.m4 makes -fcf-protection -mcet the default if assembler supports it. The request was to change --enable-cet configure option from having yes,no,default arguments with default autodetection and being a default if --enable-cet*/--disable-cet is not specified to say yes,no,auto arguments where no would be the default and auto would be the current default - enable it if as supports it, disable otherwise. Jakub