Skip to content

Commit

Permalink
Add options for enable code gen with CFI `-fcf-protection=[full|branc…
Browse files Browse the repository at this point in the history 
…h|return|none]` and `-mcf-label-scheme=[simple|func-sig]`

Resue the options defined by X86 CET, `-fcf-protection=[full|branch|return|none]`

`-fcf-protection=branch` for landing pad (`Zicfilp`), `-fcf-protection=return`
for landing pad (`Zicfiss`) and `-fcf-protection=full` for enable both
if possible, landing pad just require instrcution defined by base
extension, so compiler will emit landing pad even without `Zicfilp`
extension, but `-fcf-protection=return` will require at least `Zimop`
since the instrcution isn't included in base extension.

Also we defined another option for specify the labeling scheme: `simple`
and `func-sig`.

The `simple` scheme is always use `lpad 0`, and `func-sig` is based
on the function signature, the rule is defined in psABI.
  • Loading branch information
@kito-cheng
kito-cheng committed Aug 15, 2024
1 parent e207d2e commit ce3e2dd
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions README.mkd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -445,6 +445,28 @@ NOTE: This option does not affect inline assembly.
The precedence among `-m[no]-scalar-strict-align`, `-m[no-]vector-strict-align`,
and `-m[no-]strict-align` is determined by the last one specified.

### `-fcf-protection=[full|branch|return|none]`/`-fcf-protection`

Enable control flow protection. The compiler will insert control flow integrity
instructions to protect the program against control flow hijacking attacks.

`-fcf-protection` is alias to `-fcf-protection=full`.

- `none`: Disable control flow protection.
- `full`: Protect all control flow instructions, will enable branch protection
and return protection if the `Zimop` extension is available.
- `branch`: Protect branch instructions only by insert landing pad.
- `return`: Protect branch instructions only, this require `Zimop` extension.

### `-mcf-label-scheme=[simple|func-sig]`

Specify the label scheme for the `-fcf-protectio=branch`. The default is value
is platform defined.

- `simple`: Use simple label scheme, the label is always `0`.
- `func-sig`: Use function signature as the label, the label is generated by the
compiler, the rule is defined in psABI spec.

## TODO

* `-mdiv`, `-mno-div`, `-mfdiv`, `-mno-fdiv`, `-msave-restore`,
Expand Down

0 comments on commit ce3e2dd

Please sign in to comment.