This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.27.9000-598-ge6c6950

From: hjl at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 18 Jul 2018 16:53:13 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.27.9000-598-ge6c6950

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  e6c695099b7894bce72de04009c889c8f6e674ae (commit)
      from  e2d40a8822be27ddbd512599ea1955e52f90bf87 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=e6c695099b7894bce72de04009c889c8f6e674ae

commit e6c695099b7894bce72de04009c889c8f6e674ae
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Wed Jul 18 09:52:40 2018 -0700

    Intel CET: Document --enable-cet
    
    	* NEWS: Mention --enable-cet.
    	* manual/install.texi: Document --enable-cet.
    	* INSTALL: Regenerated.

diff --git a/ChangeLog b/ChangeLog
index d1c5235..6d1229c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2018-07-18  H.J. Lu  <hongjiu.lu@intel.com>
 
+	* NEWS: Mention --enable-cet.
+	* manual/install.texi: Document --enable-cet.
+	* INSTALL: Regenerated.
+
+2018-07-18  H.J. Lu  <hongjiu.lu@intel.com>
+
 	* sysdeps/x86_64/multiarch/memcmp-sse4.S (BRANCH_TO_JMPTBL_ENTRY):
 	Add _CET_NOTRACK before indirect jump to jump table.
 
diff --git a/INSTALL b/INSTALL
index 3c656fb..844aa0f 100644
--- a/INSTALL
+++ b/INSTALL
@@ -106,6 +106,17 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
      programs and tests are created as dynamic position independent
      executables (PIE) by default.
 
+'--enable-cet'
+     Enable Intel Control-flow Enforcement Technology (CET) support.
+     When the GNU C Library is built with '--enable-cet', the resulting
+     library is protected with indirect branch tracking (IBT) and shadow
+     stack (SHSTK).  When CET is enabled, the GNU C Library is
+     compatible with all existing executables and shared libraries.
+     This feature is currently supported on i386, x86_64 and x32 with
+     GCC 8 and binutils 2.29 or later.  Note that when CET is enabled,
+     the GNU C Library requires CPUs capable of multi-byte NOPs, like
+     x86-64 processors as well as Intel Pentium Pro or newer.
+
 '--disable-profile'
      Don't build libraries with profiling information.  You may want to
      use this option if you don't plan to do profiling.
diff --git a/NEWS b/NEWS
index c2896a7..daef815 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,16 @@ Version 2.28
 
 Major new features:
 
+* The GNU C Library can now be compiled with support for Intel CET, AKA
+  Intel Control-flow Enforcement Technology.  When the library is built
+  with --enable-cet, the resulting glibc is protected with indirect
+  branch tracking (IBT) and shadow stack (SHSTK).  CET-enabled glibc is
+  compatible with all existing executables and shared libraries.  This
+  feature is currently supported on i386, x86_64 and x32 with GCC 8 and
+  binutils 2.29 or later.  Note that CET-enabled glibc requires CPUs
+  capable of multi-byte NOPs, like x86-64 processors as well as Intel
+  Pentium Pro or newer.
+
 * The GNU C Library now has correct support for ABSOLUTE symbols
   (SHN_ABS-relative symbols).  Previously such ABSOLUTE symbols were
   relocated incorrectly or in some cases discarded.  The GNU linker can
diff --git a/manual/install.texi b/manual/install.texi
index 42e9954..3a87ac8 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -137,6 +137,17 @@ with no-pie.  The resulting glibc can be used with the GCC option,
 PIE.  This option also implies that glibc programs and tests are created
 as dynamic position independent executables (PIE) by default.
 
+@item --enable-cet
+Enable Intel Control-flow Enforcement Technology (CET) support.  When
+@theglibc{} is built with @option{--enable-cet}, the resulting library
+is protected with indirect branch tracking (IBT) and shadow stack
+(SHSTK)@.  When CET is enabled, @theglibc{} is compatible with all
+existing executables and shared libraries.  This feature is currently
+supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later.
+Note that when CET is enabled, @theglibc{} requires CPUs capable of
+multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
+newer.
+
 @item --disable-profile
 Don't build libraries with profiling information.  You may want to use
 this option if you don't plan to do profiling.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog           |    6 ++++++
 INSTALL             |   11 +++++++++++
 NEWS                |   10 ++++++++++
 manual/install.texi |   11 +++++++++++
 4 files changed, 38 insertions(+), 0 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]