On Tue, Apr 17, 2018 at 8:42 PM, H.J. Lu <hongjiu...@intel.com> wrote:
> -fcf-protection -mcet can't be used with IFUNC features, like symbol
> multiversioning or target clone, since IBT/SHSTK are applied to the whole
> program and they may be disabled in some functions.  But -fcf-protection
> is implemented with multi-byte NOPs on all 64-bit processors as well as
> 32-bit processors starting with Pentium Pro.  If -fcf-protection requires
> -mcet, IFUNC features can't be used on Linux when -fcf-protection is
> enabled by default.
>
> This patch changes -fcf-protection to to enable the NOP portion of CET
> ISAs unless IBT and/or SHSTK are disabled explicitly.  The rest of CET
> ISAs, including intrinsics, still requires -mcet, -mibt or -mshstk.
>
> OK for trunk?

As said in the PR, NOP sequences have non-zero cost in the executable
(they enlarge the executable), so I don't think this feature should be
enabled by default.

There is always a configure option if someone wants their compiler to
always emit relevant multi-byte nops.

Uros.

Reply via email to