On Wed, Apr 18, 2018 at 12:30:03PM +0200, Richard Biener wrote:
> On Wed, 18 Apr 2018, Uros Bizjak wrote:
>
> > Hello!
> >
> > Currently, CET is enabled by default for linux if target supports
> > multi-byte NOPs and if assembler supports CET insn. Effectively, with
> > newer binutils, CET support is an opt-out feature.
> >
> > I don't think this should be the case, and I propose to consider CET
> > as an opt-in feature. Multi-byte NOPs have non-zero cost (at least
> > they increase the binary). If someone wants to enable the feature, it
> > can be done in less surprising way to --enable-cet during configure
> > time.
> >
> > I'd like to hear the opinion of RMs, if CET should remain to be an
> > opt-out feature by default?
>
> My personal opinion is that CET should be opt-in (I explicitely
> disable it for SUSE). I'm not sure if it doesn't go the way MPX
I agree it should be opt-in, have said that in the past already.
In Fedora it will not make a difference, as the whole distro is
built with -mcet -fcf-protection on i?86/x86_64.
Jakub
