This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: PING^1: [PATCH 24/24] Intel CET: Document --enable-cet
- From: Rical Jasan <rj at 2c3t dot io>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>, Carlos O'Donell <carlos at redhat dot com>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Tue, 17 Jul 2018 22:46:40 -0700
- Subject: Re: PING^1: [PATCH 24/24] Intel CET: Document --enable-cet
- References: <CAMe9rOoK+5wbi2hRhFReonsSUy-=AZQD+xDwx0k9o2Rn+py0Ww@mail.gmail.com>
On 07/17/2018 08:19 PM, H.J. Lu wrote:
> On Wed, Jun 13, 2018 at 8:32 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
...
>> diff --git a/NEWS b/NEWS
>> index d51fa09544..e914336557 100644
>> --- a/NEWS
>> +++ b/NEWS
>> @@ -9,6 +9,16 @@ Version 2.28
>>
>> Major new features:
>>
>> +* The GNU C Library can now be compiled with support for Intel CET, AKA
>> + Intel Control-flow Enforcement Technology. When the library is built
>> + with --enable-cet, the resulting glibc is protected with indirect
>> + branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is
>> + compatible with all existing executables and shared libraries. This
>> + feature is currently supported on i386, x86_64 and x32 with GCC 8 and
>> + binutils 2.29 or later. Note that CET-enabled glibc requires CPUs
>> + capable of multi-byte NOPs, like x86-64 processors as well as Intel
>> + Pentium Pro or newer.
>> +
>> * <math.h> functions that round their results to a narrower type are added
>> from TS 18661-1:2014 and TS 18661-3:2015:
>>
>> diff --git a/manual/install.texi b/manual/install.texi
>> index 4bbbfcffa5..62aec719d7 100644
>> --- a/manual/install.texi
>> +++ b/manual/install.texi
>> @@ -137,6 +137,16 @@ with no-pie. The resulting glibc can be used with the GCC option,
>> PIE. This option also implies that glibc programs and tests are created
>> as dynamic position independent executables (PIE) by default.
>>
>> +@item --enable-cet
>> +Enable Intel Control-flow Enforcement Technology (CET) support. When
>> +the library is built with --enable-cet, the resulting glibc is protected
@option{--enable-cet} (else both dashes aren't preserved)
@glibcadj{} wouldn't be right here because it's not an adjective, so it
would be better to reword the sentence: "When @theglibc{} is built with
@option{--enable-cet}, the resulting library ..."
>> +with indirect branch tracking (IBT) and shadow stack (SHSTK)@. CET-enabled
>> +glibc is compatible with all existing executables and shared libraries.
Similarly here; perhaps: "When CET is enabled, @theglibc{} ..."
>> +This feature is currently supported on i386, x86_64 and x32 with GCC 8 and
>> +binutils 2.29 or later. Note that CET-enabled glibc requires CPUs capable
Could reuse the same approach as above: "When CET is enabled,
@theglibc{} ..."
>> +of multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
>> +newer.
>> +
>> @item --disable-profile
>> Don't build libraries with profiling information. You may want to use
>> this option if you don't plan to do profiling.
>> --
>> 2.17.1
>>
>
> PING.
Note that I don't have the same objection to using "glibc" in the NEWS
entry as I do to using it in the manual.
Thanks,
Rical