Add options for enable code gen with CFI -fcf-protection=[full|branch|return|none] and -mcf-label-scheme=[unlabeled|func-sig]

kito-cheng · cmuellner · commit e0e93a42d3be · 2025-01-21T10:27:03.000+01:00
Resue the options defined by X86 CET, `-fcf-protection=[full|branch|return|none]`

`-fcf-protection=branch` for landing pad (`Zicfilp`), `-fcf-protection=return`
for landing pad (`Zicfiss`) and `-fcf-protection=full` for enable both
if possible, landing pad just require instrcution defined by base
extension, so compiler will emit landing pad even without `Zicfilp`
extension, but `-fcf-protection=return` will require at least `Zimop`
since the instrcution isn't included in base extension.

Also we defined another option for specify the labeling scheme: `unlabeled`
and `func-sig`.

The `unlabeled` scheme is always use `lpad 0`, and `func-sig` is based
on the function signature, the rule is defined in psABI.
diff --git a/src/toolchain-conventions.adoc b/src/toolchain-conventions.adoc
@@ -389,6 +389,29 @@ NOTE: This option does not affect inline assembly.
 The precedence among `-m[no]-scalar-strict-align`, `-m[no-]vector-strict-align`,
 and `-m[no-]strict-align` is determined by the last one specified.
 
+=== `-fcf-protection=[full|branch|return|none]`/`-fcf-protection`
+
+
+Enable control flow protection. The compiler will insert control flow integrity
+instructions to protect the program against control flow hijacking attacks.
+
+`-fcf-protection` is alias to `-fcf-protection=full`.
+
+- `none`: Disable control flow protection.
+- `full`: Protect all control flow instructions, will enable branch protection
+  and return protection if the `Zimop` extension is available.
+- `branch`: Protect branch instructions only by insert landing pad.
+- `return`: Protect return instructions only, this require `Zimop` extension.
+
+=== `-mcf-branch-label-scheme=[unlabeled|func-sig]`
+
+Specify the label scheme for the `-fcf-protection=branch`. The default is value
+is platform defined.
+
+- `unlabeled`: Use simple label scheme, the label is always `0`.
+- `func-sig`: Use function signature as the label, the label is generated by the
+  compiler, the rule is defined in psABI spec.
+
 == TODO
 
 - `-mdiv`, `-mno-div`, `-mfdiv`, `-mno-fdiv`, `-msave-restore`,
