diff options
| author | Dylan DPC <dylan.dpc@gmail.com> | 2020-02-11 16:36:57 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-11 16:36:57 +0100 |
| commit | c8c2b2bc547f4fc0e36ced79cd7f64d514cc5329 (patch) | |
| tree | d73400050270e15af3d04ed364ecb8ffce0f87f7 /src/doc | |
| parent | b6024c47663c92f43a125bcafd7f6fffd058d2c1 (diff) | |
| parent | 87df124ba77a2ce64e11782bddeadae85d26603d (diff) | |
| download | rust-c8c2b2bc547f4fc0e36ced79cd7f64d514cc5329.tar.gz rust-c8c2b2bc547f4fc0e36ced79cd7f64d514cc5329.zip | |
Rollup merge of #68824 - ajpaverd:cfguard-rustbuild, r=Mark-Simulacrum
Enable Control Flow Guard in rustbuild Now that Rust supports Control Flow Guard (#68180), add a config.toml option to build the standard library with CFG enabled. r? @nagisa
Diffstat (limited to 'src/doc')
| -rw-r--r-- | src/doc/unstable-book/src/compiler-flags/control-flow-guard.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md new file mode 100644 index 00000000000..f871df46250 --- /dev/null +++ b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md @@ -0,0 +1,34 @@ +# `control_flow_guard` + +The tracking issue for this feature is: [#68793](https://github.com/rust-lang/rust/issues/68793). + +------------------------ + +The `-Zcontrol_flow_guard=checks` compiler flag enables the Windows [Control Flow Guard][cfguard-docs] platform security feature. When enabled, the compiler outputs a list of valid indirect call targets, and inserts runtime checks on all indirect jump instructions to ensure that the destination is in the list of valid call targets. + +[cfguard-docs]: https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard + +For testing purposes, the `-Zcontrol_flow_guard=nochecks` compiler flag can be used to emit only the list of valid call targets, but not the runtime checks. + +It is strongly recommended to also enable Control Flow Guard checks in all linked libraries, including the standard library. + +To enable Control Flow Guard in the standard library, you can use the [cargo `-Zbuild-std` functionality][build-std] to recompile the standard library with the same configuration options as the main program. + +[build-std]: https://doc.rust-lang.org/nightly/cargo/reference/unstable.html#build-std + +For example: +```cmd +rustup toolchain install --force nightly +rustup component add rust-src +SET RUSTFLAGS=-Zcontrol_flow_guard=checks +cargo +nightly build -Z build-std --target x86_64-pc-windows-msvc +``` + +```PowerShell +rustup toolchain install --force nightly +rustup component add rust-src +$Env:RUSTFLAGS = "-Zcontrol_flow_guard=checks" +cargo +nightly build -Z build-std --target x86_64-pc-windows-msvc +``` + +Alternatively, if you are building the standard library from source, you can set `control-flow-guard = true` in the config.toml file. |