> -----Original Message----- > From: Sandra Loosemore [mailto:san...@codesourcery.com] > Sent: Friday, September 29, 2017 6:57 AM > To: Tsimbalist, Igor V <igor.v.tsimbal...@intel.com>; 'gcc- > patc...@gcc.gnu.org' <gcc-patches@gcc.gnu.org> > Cc: Jeff Law <l...@redhat.com> > Subject: Re: 0002-Part-2.-Document-finstrument-control-flow-and-notrack > attribute > > On 09/27/2017 06:27 AM, Tsimbalist, Igor V wrote: > > Updated version #4. > > > > [snip] > > @@ -11348,6 +11349,31 @@ is used to link a program, the GCC driver > > automatically links against @file{libmpxwrappers}. See also @option{- > static-libmpxwrappers}. > > Enabled by default. > > > > +@item -fcf- > protection==@r{[}full@r{|}branch@r{|}return@r{|}none@r{]} > > +@opindex fcf-protection > > +Enable code instrumentation of control-flow transfers to increase > > +program security by checking that target addresses of control-flow > > +transfer instructions (such as indirect function call, function > > +return, indirect jump) are valid. This prevents diverting the flow > > +of control to an unexpected target. This is intended to protect > > +against such threats as Return-oriented Programming (ROP), and > > +similarly call/jmp-oriented programming (COP/JOP). > > + > > +For all targets, which do not support the @option{-fcf-protection} > > +option, the option usage results in an error message. > > Please take this sentence out. It's ungrammatical and verbose and > unnecessary.
Removed. > Note that several of the other options described in this section are not > enabled on all targets either. E.g., I've just been looking at fixing the > nios2 > backend to make -fstack-protector work, and there is nothing in the manual > to say that GCC issues an error if there's no target support, even though > that's what it does. > > The patch is OK to commit with that change. Thanks, Igor > -Sandra
