This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: V2 [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk


On Wed, Jul 18, 2018 at 9:55 AM, Rical Jasan <rj@2c3t.io> wrote:
> On 07/18/2018 09:44 AM, H.J. Lu wrote:
> ...
>> diff --git a/manual/tunables.texi b/manual/tunables.texi
>> index be33c9fc79..13426ce238 100644
>> --- a/manual/tunables.texi
>> +++ b/manual/tunables.texi
>> @@ -356,3 +356,31 @@ to set threshold in bytes for non temporal store.
>>
>>  This tunable is specific to i386 and x86-64.
>>  @end deftp
>> +
>> +@deftp Tunable glibc.tune.x86_ibt
>> +The @code{glibc.tune.x86_ibt=[on|off|permissive]} tunable allows the user
>
> I meant to just use @code{glibc.tune.x86_ibt} here, and then list the
> options after, like you did below.

Fixed.

>> +to control how indirect branch tracking (IBT) should be enabled.  Accepted
>> +values are @code{on}, @code{off}, and @code{permissive}.  @code{on} always
>> +turns on IBT regardless of whether IBT is enabled in the executable and
>> +its dependent shared libraries.  @code{off} always turns off IBT regardless
>> +of whether IBT is enabled in the executable and its dependent shared
>> +libraries.  @code{permissive} is the same as the default which disables
>> +IBT on non-CET executables and shared libraries.
>> +
>> +This tunable is specific to i386 and x86-64.
>> +@end deftp
>> +
>> +@deftp Tunable glibc.tune.x86_shstk
>> +The @code{glibc.tune.x86_shstk=[on|off|permissive]} tunable allows the
>
> And here.

Fixed.

Here is the updated patch.  OK for master?

Thanks.

-- 
H.J.
From ae2b7b566530aa6a83f6afe589245418d1946952 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 17 Jul 2018 19:51:23 -0700
Subject: [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk

	* manual/tunables.texi: Document glibc.tune.x86_ibt and
	glibc.tune.x86_shstk.
---
 manual/tunables.texi | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/manual/tunables.texi b/manual/tunables.texi
index be33c9fc79..bb4819bdf1 100644
--- a/manual/tunables.texi
+++ b/manual/tunables.texi
@@ -356,3 +356,31 @@ to set threshold in bytes for non temporal store.
 
 This tunable is specific to i386 and x86-64.
 @end deftp
+
+@deftp Tunable glibc.tune.x86_ibt
+The @code{glibc.tune.x86_ibt} tunable allows the user to control how
+indirect branch tracking (IBT) should be enabled.  Accepted values are
+@code{on}, @code{off}, and @code{permissive}.  @code{on} always turns
+on IBT regardless of whether IBT is enabled in the executable and its
+dependent shared libraries.  @code{off} always turns off IBT regardless
+of whether IBT is enabled in the executable and its dependent shared
+libraries.  @code{permissive} is the same as the default which disables
+IBT on non-CET executables and shared libraries.
+
+This tunable is specific to i386 and x86-64.
+@end deftp
+
+@deftp Tunable glibc.tune.x86_shstk
+The @code{glibc.tune.x86_shstk} tunable allows the user to control how
+the shadow stack (SHSTK) should be enabled.  Accepted values are
+@code{on}, @code{off}, and @code{permissive}.  @code{on} always turns on
+SHSTK regardless of whether SHSTK is enabled in the executable and its
+dependent shared libraries.  @code{off} always turns off SHSTK regardless
+of whether SHSTK is enabled in the executable and its dependent shared
+libraries.  @code{permissive} changes how dlopen works on non-CET shared
+libraries.  By default, when SHSTK is enabled, dlopening a non-CET shared
+library returns an error.  With @code{permissive}, it turns off SHSTK
+instead.
+
+This tunable is specific to i386 and x86-64.
+@end deftp
-- 
2.17.1


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]