This is the mail archive of the
mailing list for the glibc project.
Re: [PATCH] x86: Support IBT and SHSTK in Intel CET [BZ #21598]
- From: "H.J. Lu" <hjl dot tools at gmail dot com>
- To: Joseph Myers <joseph at codesourcery dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, Igor Tsimbalist <igor dot v dot tsimbalist at intel dot com>, Andrew Senkevich <andrew dot n dot senkevich at gmail dot com>
- Date: Tue, 19 Dec 2017 11:11:33 -0800
- Subject: Re: [PATCH] x86: Support IBT and SHSTK in Intel CET [BZ #21598]
- Authentication-results: sourceware.org; auth=none
- References: <20171219134500.GA1143@gmail.com> <alpine.DEB.email@example.com>
On Tue, Dec 19, 2017 at 8:47 AM, Joseph Myers <firstname.lastname@example.org> wrote:
> On Tue, 19 Dec 2017, H.J. Lu wrote:
>> b. Otherwise lock SHSTK.
>> 3. After SHSTK is enabled, it is an error to load a shared object
>> without GNU_PROPERTY_X86_FEATURE_1_SHSTK.
> This seems like something that would be unsafe to enable by default in
> glibc / the toolchain as a whole, because it would mean that rebuilding a
> program (and the shared libraries it uses at startup) stops it from
> dlopening existing shared objects. That is, making it an error to load
> existing shared objects should only be enabled by an explicit non-default
> option (whether configure-time option for glibc, or link-time option for
> programs that do not use dlopen) that is only used when building for a
> system where it is known that there is no need to be able to dlopen any
> existing shared object.
I will change it to default to no.