This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: V2 [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk
- From: Carlos O'Donell <carlos at redhat dot com>
- To: "H.J. Lu" <hjl dot tools at gmail dot com>, Rical Jasan <rj at 2c3t dot io>
- Cc: "Joseph S. Myers" <joseph at codesourcery dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 18 Jul 2018 14:26:45 -0400
- Subject: Re: V2 [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk
- References: <CAMe9rOo2125_bkhDNMQD3zj3SdyTzCrdZz1e2KxTXfaZT3273Q@mail.gmail.com> <23e1bbb5-5fe5-4b8d-d80a-fec481c76e21@2c3t.io> <CAMe9rOq=75HQw46rAnQq+D84=g6eczAif_dVm=4s6y9Pkq4uGQ@mail.gmail.com>
On 07/18/2018 01:27 PM, H.J. Lu wrote
> From ae2b7b566530aa6a83f6afe589245418d1946952 Mon Sep 17 00:00:00 2001
> From: "H.J. Lu" <hjl.tools@gmail.com>
> Date: Tue, 17 Jul 2018 19:51:23 -0700
> Subject: [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk
>
> * manual/tunables.texi: Document glibc.tune.x86_ibt and
> glibc.tune.x86_shstk.
> ---
OK for 2.28.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
> manual/tunables.texi | 28 ++++++++++++++++++++++++++++
> 1 file changed, 28 insertions(+)
>
> diff --git a/manual/tunables.texi b/manual/tunables.texi
> index be33c9fc79..bb4819bdf1 100644
> --- a/manual/tunables.texi
> +++ b/manual/tunables.texi
> @@ -356,3 +356,31 @@ to set threshold in bytes for non temporal store.
>
> This tunable is specific to i386 and x86-64.
> @end deftp
> +
> +@deftp Tunable glibc.tune.x86_ibt
> +The @code{glibc.tune.x86_ibt} tunable allows the user to control how
> +indirect branch tracking (IBT) should be enabled. Accepted values are
> +@code{on}, @code{off}, and @code{permissive}. @code{on} always turns
> +on IBT regardless of whether IBT is enabled in the executable and its
> +dependent shared libraries. @code{off} always turns off IBT regardless
> +of whether IBT is enabled in the executable and its dependent shared
> +libraries. @code{permissive} is the same as the default which disables
> +IBT on non-CET executables and shared libraries.
> +
OK. Though I'm always squeamish about starting sentences with @code{foo}.
> +This tunable is specific to i386 and x86-64.
> +@end deftp
> +
> +@deftp Tunable glibc.tune.x86_shstk
> +The @code{glibc.tune.x86_shstk} tunable allows the user to control how
> +the shadow stack (SHSTK) should be enabled. Accepted values are
> +@code{on}, @code{off}, and @code{permissive}. @code{on} always turns on
> +SHSTK regardless of whether SHSTK is enabled in the executable and its
> +dependent shared libraries. @code{off} always turns off SHSTK regardless
> +of whether SHSTK is enabled in the executable and its dependent shared
> +libraries. @code{permissive} changes how dlopen works on non-CET shared
> +libraries. By default, when SHSTK is enabled, dlopening a non-CET shared
> +library returns an error. With @code{permissive}, it turns off SHSTK
> +instead.
OK.
> +
> +This tunable is specific to i386 and x86-64.
> +@end deftp
> -- 2.17.1
--
Cheers,
Carlos.