From 6fca004ba9645b2c1d4a51ddbbac0c89dd2133d5 Mon Sep 17 00:00:00 2001
From: "Dr. Koutheir Attouchi" <koutheir@gmail.com>
Date: Thu, 20 Aug 2020 18:54:40 -0400
Subject: [PATCH 1/4] Another motivation for CFG: return-oriented programming

---
 src/doc/unstable-book/src/compiler-flags/control-flow-guard.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
index 4115825e920..8f53f69b5c5 100644
--- a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
+++ b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
@@ -19,8 +19,9 @@ CFG functionality is completely implemented in the LLVM backend and is supported
 
 ## When to use Control Flow Guard
 
-The primary motivation for enabling CFG in Rust is to enhance security when linking against non-Rust code, especially C/C++ code. To achieve full CFG protection, all indirect calls (including any from Rust code) must have the appropriate CFG checks, as added by this flag. CFG can also improve security for Rust code that uses the `unsafe` keyword
+The primary motivation for enabling CFG in Rust is to enhance security when linking against non-Rust code, especially C/C++ code. To achieve full CFG protection, all indirect calls (including any from Rust code) must have the appropriate CFG checks, as added by this flag. CFG can also improve security for Rust code that uses the `unsafe` keyword.
 
+Another motivation behind CFG is to harden programs against [return-oriented programming (ROP)](https://en.m.wikipedia.org/wiki/Return-oriented_programming) attacks. CFG disallows an attacker from taking advantage of the programs own instructions while redirecting control flow in unexpected ways.
 
 ## Overhead of Control Flow Guard
 

From 5673b0e49219291acfb1c52f0c3119d266ef5ce9 Mon Sep 17 00:00:00 2001
From: "Dr. Koutheir Attouchi" <koutheir@gmail.com>
Date: Fri, 21 Aug 2020 03:34:25 -0400
Subject: [PATCH 2/4] Switched ROP link to Desktop layout instead of mobile
 layout

---
 src/doc/unstable-book/src/compiler-flags/control-flow-guard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
index 8f53f69b5c5..901c053877d 100644
--- a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
+++ b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
@@ -21,7 +21,7 @@ CFG functionality is completely implemented in the LLVM backend and is supported
 
 The primary motivation for enabling CFG in Rust is to enhance security when linking against non-Rust code, especially C/C++ code. To achieve full CFG protection, all indirect calls (including any from Rust code) must have the appropriate CFG checks, as added by this flag. CFG can also improve security for Rust code that uses the `unsafe` keyword.
 
-Another motivation behind CFG is to harden programs against [return-oriented programming (ROP)](https://en.m.wikipedia.org/wiki/Return-oriented_programming) attacks. CFG disallows an attacker from taking advantage of the programs own instructions while redirecting control flow in unexpected ways.
+Another motivation behind CFG is to harden programs against [return-oriented programming (ROP)](https://en.wikipedia.org/wiki/Return-oriented_programming) attacks. CFG disallows an attacker from taking advantage of the programs own instructions while redirecting control flow in unexpected ways.
 
 ## Overhead of Control Flow Guard
 

From ec9657aec6e0d341e2e32f2ca3cc1d8a508a5415 Mon Sep 17 00:00:00 2001
From: "Dr. Koutheir Attouchi" <koutheir@gmail.com>
Date: Fri, 21 Aug 2020 14:47:18 -0400
Subject: [PATCH 3/4] Fixed a typo

---
 src/doc/unstable-book/src/compiler-flags/control-flow-guard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
index 901c053877d..03065f5a907 100644
--- a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
+++ b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
@@ -21,7 +21,7 @@ CFG functionality is completely implemented in the LLVM backend and is supported
 
 The primary motivation for enabling CFG in Rust is to enhance security when linking against non-Rust code, especially C/C++ code. To achieve full CFG protection, all indirect calls (including any from Rust code) must have the appropriate CFG checks, as added by this flag. CFG can also improve security for Rust code that uses the `unsafe` keyword.
 
-Another motivation behind CFG is to harden programs against [return-oriented programming (ROP)](https://en.wikipedia.org/wiki/Return-oriented_programming) attacks. CFG disallows an attacker from taking advantage of the programs own instructions while redirecting control flow in unexpected ways.
+Another motivation behind CFG is to harden programs against [return-oriented programming (ROP)](https://en.wikipedia.org/wiki/Return-oriented_programming) attacks. CFG disallows an attacker from taking advantage of the program's own instructions while redirecting control flow in unexpected ways.
 
 ## Overhead of Control Flow Guard
 

From 8ae3384bf7208387237b67636b8632d4707d3ec1 Mon Sep 17 00:00:00 2001
From: "Dr. Koutheir Attouchi" <koutheir@gmail.com>
Date: Fri, 21 Aug 2020 14:52:30 -0400
Subject: [PATCH 4/4] Added link to Microsoft's documentation of CFG

---
 src/doc/unstable-book/src/compiler-flags/control-flow-guard.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
index 03065f5a907..c43d91bf070 100644
--- a/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
+++ b/src/doc/unstable-book/src/compiler-flags/control-flow-guard.md
@@ -6,7 +6,7 @@ The tracking issue for this feature is: [#68793](https://github.com/rust-lang/ru
 
 The rustc flag `-Z control-flow-guard` enables the Windows [Control Flow Guard](https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard) (CFG) platform security feature.
 
-CFG is an exploit mitigation designed to enforce control-flow integrity for software running on supported Windows platforms (Windows 8.1 onwards). Specifically, CFG uses runtime checks to validate the target address of every indirect call/jump before allowing the call to complete. 
+CFG is an exploit mitigation designed to enforce control-flow integrity for software running on supported [Windows platforms (Windows 8.1 onwards)](https://docs.microsoft.com/en-us/windows/win32/secbp/control-flow-guard). Specifically, CFG uses runtime checks to validate the target address of every indirect call/jump before allowing the call to complete. 
 
 During compilation, the compiler identifies all indirect calls/jumps and adds CFG checks. It also emits metadata containing the relative addresses of all address-taken functions. At runtime, if the binary is run on a CFG-aware operating system, the loader uses the CFG metadata to generate a bitmap of the address space and marks those addresses that contain valid targets. On each indirect call, the inserted check determines whether the target address is marked in this bitmap. If the target is not valid, the process is terminated.