This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
PING^1: [PATCH 24/24] Intel CET: Document --enable-cet
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>, "Carlos O'Donell" <carlos at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Tue, 17 Jul 2018 20:19:41 -0700
- Subject: PING^1: [PATCH 24/24] Intel CET: Document --enable-cet
On Wed, Jun 13, 2018 at 8:32 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
> * NEWS: Mention --enable-cet.
> * manual/install.texi: Document --enable-cet.
> * INSTALL: Regenerated.
> ---
> INSTALL | 11 +++++++++++
> NEWS | 10 ++++++++++
> manual/install.texi | 10 ++++++++++
> 3 files changed, 31 insertions(+)
>
> diff --git a/INSTALL b/INSTALL
> index 052b1b6f89..5e6d80480b 100644
> --- a/INSTALL
> +++ b/INSTALL
> @@ -106,6 +106,17 @@ if 'CFLAGS' is specified it must enable optimization. For example:
> programs and tests are created as dynamic position independent
> executables (PIE) by default.
>
> +'--enable-cet'
> + Enable Intel Control-flow Enforcement Technology (CET) support.
> + When the library is built with -enable-cet, the resulting glibc is
> + protected with indirect branch tracking (IBT) and shadow stack
> + (SHSTK). CET-enabled glibc is compatible with all existing
> + executables and shared libraries. This feature is currently
> + supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or
> + later. Note that CET-enabled glibc requires CPUs capable of
> + multi-byte NOPs, like x86-64 processors as well as Intel Pentium
> + Pro or newer.
> +
> '--disable-profile'
> Don't build libraries with profiling information. You may want to
> use this option if you don't plan to do profiling.
> diff --git a/NEWS b/NEWS
> index d51fa09544..e914336557 100644
> --- a/NEWS
> +++ b/NEWS
> @@ -9,6 +9,16 @@ Version 2.28
>
> Major new features:
>
> +* The GNU C Library can now be compiled with support for Intel CET, AKA
> + Intel Control-flow Enforcement Technology. When the library is built
> + with --enable-cet, the resulting glibc is protected with indirect
> + branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is
> + compatible with all existing executables and shared libraries. This
> + feature is currently supported on i386, x86_64 and x32 with GCC 8 and
> + binutils 2.29 or later. Note that CET-enabled glibc requires CPUs
> + capable of multi-byte NOPs, like x86-64 processors as well as Intel
> + Pentium Pro or newer.
> +
> * <math.h> functions that round their results to a narrower type are added
> from TS 18661-1:2014 and TS 18661-3:2015:
>
> diff --git a/manual/install.texi b/manual/install.texi
> index 4bbbfcffa5..62aec719d7 100644
> --- a/manual/install.texi
> +++ b/manual/install.texi
> @@ -137,6 +137,16 @@ with no-pie. The resulting glibc can be used with the GCC option,
> PIE. This option also implies that glibc programs and tests are created
> as dynamic position independent executables (PIE) by default.
>
> +@item --enable-cet
> +Enable Intel Control-flow Enforcement Technology (CET) support. When
> +the library is built with --enable-cet, the resulting glibc is protected
> +with indirect branch tracking (IBT) and shadow stack (SHSTK)@. CET-enabled
> +glibc is compatible with all existing executables and shared libraries.
> +This feature is currently supported on i386, x86_64 and x32 with GCC 8 and
> +binutils 2.29 or later. Note that CET-enabled glibc requires CPUs capable
> +of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
> +newer.
> +
> @item --disable-profile
> Don't build libraries with profiling information. You may want to use
> this option if you don't plan to do profiling.
> --
> 2.17.1
>
PING.
--
H.J.