On 12/11/18 9:03 AM, H.J. Lu wrote: > On Mon, Dec 3, 2018 at 5:45 AM H.J. Lu <hjl.to...@gmail.com> wrote: >> On Mon, Jun 18, 2018 at 2:20 AM Richard Biener >> <richard.guent...@gmail.com> wrote: >>> On Fri, Jun 15, 2018 at 2:59 PM H.J. Lu <hongjiu...@intel.com> wrote: >>>> Currently GCC inserts ENDBR instruction at entries of all non-static >>>> functions, unless LTO compilation is used. Marking all functions, >>>> which are not called indirectly with nocf_check attribute, is not >>>> ideal since 99% of functions in a program may be of this kind. >>>> >>>> This patch adds -mmanual-endbr and cf_check function attribute. They >>>> can be used together with -fcf-protection such that ENDBR instruction >>>> is inserted only at entries of functions with cf_check attribute. It >>>> can limit number of ENDBR instructions to reduce program size. >>>> >>>> OK for trubk? >>> I wonder if the linker could assist with ENDBR creation by >>> redirecting all non-direct call relocs to a linker-generated >>> stub with ENBR and a direct branch? >>> >> The goal of this patch is to add as few as ENDBR as possible >> to reduce program size as much as possible. Also there is no >> relocation for indirect branch via register. >> > Hi Honza, Jakub, Jeff, Richard, > > Here is the rebased patch. Can you guys take a look? > > Thanks. > > > -- H.J. > > > 0001-i386-Add-mmanual-endbr-and-cf_check-function-attribu.patch > > From 5934c6be6495b2d6f278646e25f9e684f6610e2b Mon Sep 17 00:00:00 2001 > From: "H.J. Lu" <hjl.to...@gmail.com> > Date: Thu, 14 Jun 2018 09:19:27 -0700 > Subject: [PATCH] i386; Add -mmanual-endbr and cf_check function attribute > > Currently GCC inserts ENDBR instruction at entries of all non-static > functions, unless LTO compilation is used. Marking all functions, > which are not called indirectly with nocf_check attribute, is not > ideal since 99% of functions in a program may be of this kind. > > This patch adds -mmanual-endbr and cf_check function attribute. They > can be used together with -fcf-protection such that ENDBR instruction > is inserted only at entries of functions with cf_check attribute. It > can limit number of ENDBR instructions to reduce program size. > > gcc/ > > * config/i386/i386.c (rest_of_insert_endbranch): Insert ENDBR > at the function entry only when -mmanual-endbr isn't used or > there is cf_check function attribute. > (ix86_attribute_table): Add cf_check. > * config/i386/i386.opt: Add -mmanual-endbr. > * doc/extend.texi: Document cf_check attribute. > * doc/invoke.texi: Document -mmanual-endbr. > > gcc/testsuite/ > > * gcc.target/i386/cf_check-1.c: New test. > * gcc.target/i386/cf_check-2.c: Likewise. > * gcc.target/i386/cf_check-3.c: Likewise. > * gcc.target/i386/cf_check-4.c: Likewise. > * gcc.target/i386/cf_check-5.c: Likewise. OK.
Though I'm not sure how valuable this is in practice. Yea, it saves some space at the start of functions, but I find myself wondering more and more if we should be pushing folks towards LTO for a variety of reasons. jeff
