This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: PING^1: [PATCH 24/24] Intel CET: Document --enable-cet


On 07/17/2018 08:19 PM, H.J. Lu wrote:
> On Wed, Jun 13, 2018 at 8:32 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
...
>> diff --git a/NEWS b/NEWS
>> index d51fa09544..e914336557 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -9,6 +9,16 @@ Version 2.28
>>
>>  Major new features:
>>
>> +* The GNU C Library can now be compiled with support for Intel CET, AKA
>> +  Intel Control-flow Enforcement Technology.  When the library is built
>> +  with --enable-cet, the resulting glibc is protected with indirect
>> +  branch tracking (IBT) and shadow stack (SHSTK).  CET-enabled glibc is
>> +  compatible with all existing executables and shared libraries.  This
>> +  feature is currently supported on i386, x86_64 and x32 with GCC 8 and
>> +  binutils 2.29 or later.  Note that CET-enabled glibc requires CPUs
>> +  capable of multi-byte NOPs, like x86-64 processors as well as Intel
>> +  Pentium Pro or newer.
>> +
>>  * <math.h> functions that round their results to a narrower type are added
>>    from TS 18661-1:2014 and TS 18661-3:2015:
>>
>> diff --git a/manual/install.texi b/manual/install.texi
>> index 4bbbfcffa5..62aec719d7 100644
>> --- a/manual/install.texi
>> +++ b/manual/install.texi
>> @@ -137,6 +137,16 @@ with no-pie.  The resulting glibc can be used with the GCC option,
>>  PIE.  This option also implies that glibc programs and tests are created
>>  as dynamic position independent executables (PIE) by default.
>>
>> +@item --enable-cet
>> +Enable Intel Control-flow Enforcement Technology (CET) support.  When
>> +the library is built with --enable-cet, the resulting glibc is protected

@option{--enable-cet} (else both dashes aren't preserved)

@glibcadj{} wouldn't be right here because it's not an adjective, so it
would be better to reword the sentence: "When @theglibc{} is built with
@option{--enable-cet}, the resulting library ..."

>> +with indirect branch tracking (IBT) and shadow stack (SHSTK)@.  CET-enabled
>> +glibc is compatible with all existing executables and shared libraries.

Similarly here; perhaps: "When CET is enabled, @theglibc{} ..."

>> +This feature is currently supported on i386, x86_64 and x32 with GCC 8 and
>> +binutils 2.29 or later.  Note that CET-enabled glibc requires CPUs capable

Could reuse the same approach as above: "When CET is enabled,
@theglibc{} ..."

>> +of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
>> +newer.
>> +
>>  @item --disable-profile
>>  Don't build libraries with profiling information.  You may want to use
>>  this option if you don't plan to do profiling.
>> --
>> 2.17.1
>>
> 
> PING.

Note that I don't have the same objection to using "glibc" in the NEWS
entry as I do to using it in the manual.

Thanks,
Rical


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]