This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH 24/24] Intel CET: Document --enable-cet
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, "Carlos O'Donell" <carlos at redhat dot com>
- Date: Wed, 9 May 2018 14:31:56 -0700
- Subject: [PATCH 24/24] Intel CET: Document --enable-cet
On Tue, May 8, 2018 at 2:03 PM, Joseph Myers <joseph@codesourcery.com> wrote:
> On Tue, 8 May 2018, H.J. Lu wrote:
>
>> * configure.ac: Add --enable-cet.
>
> A new configure option needs documenting in install.texi, with INSTALL
> regenerated. I'd also expect such a new feature to have a NEWS entry
> added somewhere in the patch series.
>
Here is a separate patch for them.
--
H.J.
From 86e85fcd5ca2a2f58b232f83dbbae93c8c6a0812 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 9 May 2018 08:28:29 -0700
Subject: [PATCH 24/24] Intel CET: Document --enable-cet
* NEWS: Mention --enable-cet.
* manual/install.texi: Document --enable-cet.
* INSTALL: Regenerated.
---
INSTALL | 7 +++++++
NEWS | 7 +++++++
manual/install.texi | 7 +++++++
3 files changed, 21 insertions(+)
diff --git a/INSTALL b/INSTALL
index 052b1b6f89..8782c9607c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -106,6 +106,13 @@ if 'CFLAGS' is specified it must enable optimization. For example:
programs and tests are created as dynamic position independent
executables (PIE) by default.
+'--enable-cet'
+ Enable Intel Control-flow Enforcement Technology (CET) support.
+ When the library is built with -enable-cet, the resulting glibc is
+ protected with indirect branch tracking (IBT) and shadow stack
+ (SHSTK). This feature is currently supported on i386, x86_64 and
+ x32 with GCC 8 and binutils 2.29 or later.
+
'--disable-profile'
Don't build libraries with profiling information. You may want to
use this option if you don't plan to do profiling.
diff --git a/NEWS b/NEWS
index 5155c86318..7ed475dc4b 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,13 @@ Version 2.28
Major new features:
+* The GNU C Library can now be compiled with support for Intel CET, AKA
+ Intel Control-flow Enforcement Technology. When the library is built
+ with --enable-cet, the resulting glibc is protected with indirect
+ branch tracking (IBT) and shadow stack (SHSTK). This feature is
+ currently supported on i386, x86_64 and x32 with GCC 8 and binutils
+ 2.29 or later.
+
* <math.h> functions that round their results to a narrower type are added
from TS 18661-1:2014 and TS 18661-3:2015:
diff --git a/manual/install.texi b/manual/install.texi
index 4bbbfcffa5..e8f1bbdb0a 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -137,6 +137,13 @@ with no-pie. The resulting glibc can be used with the GCC option,
PIE. This option also implies that glibc programs and tests are created
as dynamic position independent executables (PIE) by default.
+@item --enable-cet
+Enable Intel Control-flow Enforcement Technology (CET) support. When
+the library is built with --enable-cet, the resulting glibc is protected
+with indirect branch tracking (IBT) and shadow stack (SHSTK). This
+feature is currently supported on i386, x86_64 and x32 with GCC 8 and
+binutils 2.29 or later.
+
@item --disable-profile
Don't build libraries with profiling information. You may want to use
this option if you don't plan to do profiling.
--
2.17.0