On Tue, Jun 18, 2024 at 12:53:09PM -0500, Peter Bergner wrote: > On 6/18/24 8:20 AM, Segher Boessenkool wrote: > > On Mon, Jun 17, 2024 at 08:54:46PM -0500, Peter Bergner wrote: > >> So we should be able to shrink-wrap in the presence of the ROP protection. > [snip] > > But do we want to? And, how far, in what cases not? > > My answer to the above would be "yes", "as far as we do today without > -mrop-protect" and "none". :-) I don't think -mrop-protect should affect > whether we shrink-wrap or not.
That is a good answer, and I agree :-) > I don't think shrink-wrapping call free > paths makes the compiled code less secure by not emitting the hashst/hashchk > insns on those paths, so why would we do anything different wrt > shrink-wrapping? >From my viewpoint, -mrop-protect should not change code generation at all, except of course it has to emit some hash* insns :-) If we want to have some functions noipa, then we should just put that attribute there in the code! Maybe some applications / libraries / kernels / whatever should do some of that, but the compiler cannot really help with policy questions like that. Segher
