mirror of
https://sourceware.org/git/glibc.git
synced 2024-11-24 22:10:13 +00:00
Intel CET: Document --enable-cet
* NEWS: Mention --enable-cet. * manual/install.texi: Document --enable-cet. * INSTALL: Regenerated.
This commit is contained in:
parent
e2d40a8822
commit
e6c695099b
@ -1,3 +1,9 @@
|
||||
2018-07-18 H.J. Lu <hongjiu.lu@intel.com>
|
||||
|
||||
* NEWS: Mention --enable-cet.
|
||||
* manual/install.texi: Document --enable-cet.
|
||||
* INSTALL: Regenerated.
|
||||
|
||||
2018-07-18 H.J. Lu <hongjiu.lu@intel.com>
|
||||
|
||||
* sysdeps/x86_64/multiarch/memcmp-sse4.S (BRANCH_TO_JMPTBL_ENTRY):
|
||||
|
11
INSTALL
11
INSTALL
@ -106,6 +106,17 @@ if 'CFLAGS' is specified it must enable optimization. For example:
|
||||
programs and tests are created as dynamic position independent
|
||||
executables (PIE) by default.
|
||||
|
||||
'--enable-cet'
|
||||
Enable Intel Control-flow Enforcement Technology (CET) support.
|
||||
When the GNU C Library is built with '--enable-cet', the resulting
|
||||
library is protected with indirect branch tracking (IBT) and shadow
|
||||
stack (SHSTK). When CET is enabled, the GNU C Library is
|
||||
compatible with all existing executables and shared libraries.
|
||||
This feature is currently supported on i386, x86_64 and x32 with
|
||||
GCC 8 and binutils 2.29 or later. Note that when CET is enabled,
|
||||
the GNU C Library requires CPUs capable of multi-byte NOPs, like
|
||||
x86-64 processors as well as Intel Pentium Pro or newer.
|
||||
|
||||
'--disable-profile'
|
||||
Don't build libraries with profiling information. You may want to
|
||||
use this option if you don't plan to do profiling.
|
||||
|
10
NEWS
10
NEWS
@ -9,6 +9,16 @@ Version 2.28
|
||||
|
||||
Major new features:
|
||||
|
||||
* The GNU C Library can now be compiled with support for Intel CET, AKA
|
||||
Intel Control-flow Enforcement Technology. When the library is built
|
||||
with --enable-cet, the resulting glibc is protected with indirect
|
||||
branch tracking (IBT) and shadow stack (SHSTK). CET-enabled glibc is
|
||||
compatible with all existing executables and shared libraries. This
|
||||
feature is currently supported on i386, x86_64 and x32 with GCC 8 and
|
||||
binutils 2.29 or later. Note that CET-enabled glibc requires CPUs
|
||||
capable of multi-byte NOPs, like x86-64 processors as well as Intel
|
||||
Pentium Pro or newer.
|
||||
|
||||
* The GNU C Library now has correct support for ABSOLUTE symbols
|
||||
(SHN_ABS-relative symbols). Previously such ABSOLUTE symbols were
|
||||
relocated incorrectly or in some cases discarded. The GNU linker can
|
||||
|
@ -137,6 +137,17 @@ with no-pie. The resulting glibc can be used with the GCC option,
|
||||
PIE. This option also implies that glibc programs and tests are created
|
||||
as dynamic position independent executables (PIE) by default.
|
||||
|
||||
@item --enable-cet
|
||||
Enable Intel Control-flow Enforcement Technology (CET) support. When
|
||||
@theglibc{} is built with @option{--enable-cet}, the resulting library
|
||||
is protected with indirect branch tracking (IBT) and shadow stack
|
||||
(SHSTK)@. When CET is enabled, @theglibc{} is compatible with all
|
||||
existing executables and shared libraries. This feature is currently
|
||||
supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later.
|
||||
Note that when CET is enabled, @theglibc{} requires CPUs capable of
|
||||
multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
|
||||
newer.
|
||||
|
||||
@item --disable-profile
|
||||
Don't build libraries with profiling information. You may want to use
|
||||
this option if you don't plan to do profiling.
|
||||
|
Loading…
Reference in New Issue
Block a user