On Wed, Apr 18, 2018 at 5:32 AM, Uros Bizjak <ubiz...@gmail.com> wrote:
> On Wed, Apr 18, 2018 at 2:09 PM, Jakub Jelinek <ja...@redhat.com> wrote:
>> On Wed, Apr 18, 2018 at 02:04:50PM +0200, Jakub Jelinek wrote:
>>> On Wed, Apr 18, 2018 at 04:57:41AM -0700, H.J. Lu wrote:
>>> > On Wed, Apr 18, 2018 at 4:55 AM, Uros Bizjak <ubiz...@gmail.com> wrote:
>>> > > On Wed, Apr 18, 2018 at 1:39 PM, H.J. Lu <hjl.to...@gmail.com> wrote:
>>> > >
>>> > >>>> Here is a patch to add -mnop and use it with -fcf-protection.
>>> > >>>
>>> > >>> +mnop
>>> > >>> +Target Report Var(flag_nop) Init(0)
>>> > >>> +Support multi-byte NOP code generation.
>>> > >>>
>>> > >>> the option name is incredibly bad and the documentation doesn't make
>>> > >>> it
>>> > >>> better either. The invoke.texi docs refer to duplicate {-mcet}.
>>> > >>>
>>> > >>> Isn't there a -fcf-protection sub-set that can be used to
>>> > >>> automatically
>>> > >>> enable this? Or simply do this mode by default when
>>> > >>> -fcf-protection is used but neither -mcet nor -mibt is enabled?
>>> > >>
>>> > >> Make -fcf-protection default to multi-byte NOPs works. Uros,
>>> > >> should I prepare a patch?
>>> > >
>>> > > Please make it an opt-in feature, so the compiler won't litter the
>>> > > executable with unnecessary nops without user consent.
>>> > >
>>> >
>>> > -fcf-protection is off by default. Users need to pass -fcf-protection
>>> > to enable it. I will work on such a patch.
>>>
>>> That is not true. When building gcc itself, config/cet.m4 makes
>>> -fcf-protection -mcet the default if assembler supports it.
>>> The request was to change --enable-cet configure option from having
>>> yes,no,default arguments with default autodetection and being a default
>>> if --enable-cet*/--disable-cet is not specified to say
>>> yes,no,auto arguments where no would be the default and auto would be the
>>> current default - enable it if as supports it, disable otherwise.
>>
>> So untested patch would be something like:
>
> Yes, this is what I think should be the most appropriate approach.
>
> Uros.
>
>> 2018-04-18 Jakub Jelinek <ja...@redhat.com>
>>
>> * config/cet.m4 (GCC_CET_FLAGS): Default to --disable-cet, replace
>> --enable-cet=default with --enable-cet=auto.
>>
>> * doc/install.texi: Document --disable-cet being the default and
>> --enable-cet=auto.
>>
>> --- gcc/config/cet.m4.jj 2018-02-19 19:57:05.221280084 +0100
>> +++ gcc/config/cet.m4 2018-04-18 14:05:31.514859185 +0200
>> @@ -3,14 +3,14 @@ dnl GCC_CET_FLAGS
>> dnl (SHELL-CODE_HANDLER)
>> dnl
>> AC_DEFUN([GCC_CET_FLAGS],[dnl
>> -GCC_ENABLE(cet, default, ,[enable Intel CET in target libraries],
>> - permit yes|no|default)
>> +GCC_ENABLE(cet, no, ,[enable Intel CET in target libraries],
>> + permit yes|no|auto)
>> AC_MSG_CHECKING([for CET support])
>>
>> case "$host" in
>> i[[34567]]86-*-linux* | x86_64-*-linux*)
>> case "$enable_cet" in
>> - default)
>> + auto)
>> # Check if target supports multi-byte NOPs
>> # and if assembler supports CET insn.
>> AC_COMPILE_IFELSE(
>> --- gcc/doc/install.texi.jj 2018-02-08 12:21:20.791749480 +0100
>> +++ gcc/doc/install.texi 2018-04-18 14:07:19.637901528 +0200
>> @@ -2103,10 +2103,11 @@ instrumentation, see @option{-fcf-protec
>> to add @option{-fcf-protection} and, if needed, other target
>> specific options to a set of building options.
>>
>> -The option is enabled by default on Linux/x86 if target binutils
>> -supports @code{Intel CET} instructions. In this case the target
>> -libraries are configured to get additional @option{-fcf-protection}
>> -and @option{-mcet} options.
>> +The option is disabled by default on Linux/x86. When
>> +@code{--enable-cet=auto} is used, it is enabled if target binutils
>> +supports @code{Intel CET} instructions and disabled otherwise.
>> +In this case the target libraries are configured to get additional
>> +@option{-fcf-protection} and @option{-mcet} options.
>> @end table
>>
>> @subheading Cross-Compiler-Specific Options
>>
>>
>> Jakub
Looks good to me.
Thanks.
--
H.J.
