AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-12-12 22:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

aarch64: add NEWS entry about branch protection support

Browse Source 
This is a new security feature that relies on architecture
extensions and needs glibc to be built with a gcc configured
with branch protection.
This commit is contained in:
Szabolcs Nagy 2020-06-11 18:19:40 +01:00
parent 09c1ff256b
commit 1be15b1c45
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
NEWS
View File

@ -31,6 +31,18 @@ Major new features:
pthread_attr_getsigmask_np have been added. They allow applications pthread_attr_getsigmask_np have been added. They allow applications
to specify the signal mask of a thread created with pthread_create. to specify the signal mask of a thread created with pthread_create.
* AArch64 now supports standard branch protection security hardening
in glibc when it is built with a GCC that is configured with
--enable-standard-branch-protection. This includes branch target
identification (BTI) and pointer authentication for return addresses
(PAC-RET). They require armv8.5-a and armv8.3-a architecture
extensions respectively for the protection to be effective,
otherwise the used instructions are nops. User code can use PAC-RET
without libc support, but BTI requires a libc that is built with BTI
support, otherwise runtime objects linked into user code will not be
BTI compatible. It is recommended to use GCC 10 or newer when
building glibc with branch protection.
Deprecated and removed features, and other changes affecting compatibility: Deprecated and removed features, and other changes affecting compatibility:
* The deprecated <sys/sysctl.h> header and the sysctl function have been * The deprecated <sys/sysctl.h> header and the sysctl function have been