Skip to content

Commit

Permalink
Add options for enable code gen with CFI `-fcf-protection=[full|branc…
Browse files Browse the repository at this point in the history 
…h|return|none]` and `-mcf-label-scheme=[unlabeled|func-sig]`

Resue the options defined by X86 CET, `-fcf-protection=[full|branch|return|none]`

`-fcf-protection=branch` for landing pad (`Zicfilp`), `-fcf-protection=return`
for landing pad (`Zicfiss`) and `-fcf-protection=full` for enable both
if possible, landing pad just require instrcution defined by base
extension, so compiler will emit landing pad even without `Zicfilp`
extension, but `-fcf-protection=return` will require at least `Zimop`
since the instrcution isn't included in base extension.

Also we defined another option for specify the labeling scheme: `unlabeled`
and `func-sig`.

The `unlabeled` scheme is always use `lpad 0`, and `func-sig` is based
on the function signature, the rule is defined in psABI.
  • Loading branch information
@kito-cheng
kito-cheng committed Sep 5, 2024
1 parent 602b398 commit 9f98db4
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions src/toolchain-conventions.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -406,6 +406,29 @@ NOTE: This option does not affect inline assembly.
The precedence among `-m[no]-scalar-strict-align`, `-m[no-]vector-strict-align`,
and `-m[no-]strict-align` is determined by the last one specified.

=== `-fcf-protection=[full|branch|return|none]`/`-fcf-protection`


Enable control flow protection. The compiler will insert control flow integrity
instructions to protect the program against control flow hijacking attacks.

`-fcf-protection` is alias to `-fcf-protection=full`.

- `none`: Disable control flow protection.
- `full`: Protect all control flow instructions, will enable branch protection
and return protection if the `Zimop` extension is available.
- `branch`: Protect branch instructions only by insert landing pad.
- `return`: Protect branch instructions only, this require `Zimop` extension.

=== `-mcf-branch-label-scheme=[unlabeled|func-sig]`

Specify the label scheme for the `-fcf-protection=branch`. The default is value
is platform defined.

- `unlabeled`: Use simple label scheme, the label is always `0`.
- `func-sig`: Use function signature as the label, the label is generated by the
compiler, the rule is defined in psABI spec.

== TODO

- `-mdiv`, `-mno-div`, `-mfdiv`, `-mno-fdiv`, `-msave-restore`,
Expand Down

0 comments on commit 9f98db4

Please sign in to comment.