From patchwork Wed May  9 21:31:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 27192
Received: (qmail 104133 invoked by alias); 9 May 2018 21:32:01 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 104115 invoked by uid 89); 9 May 2018 21:32:00 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.3 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2,
	GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_PASS,
	URIBL_RED autolearn=ham version=3.3.2 spammy=2015, pie, AKA,
	Mention
X-HELO: mail-oi0-f49.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
	bh=34NMRLPF+3xFOxqiFYVzCLEmvwtH7RpaeFpaRRrsMp4=;
	b=DgvtmPIiRai15K86pHFDNOj1XE9c6jH7Zq5e6MwWEqR3H/0uvjtHnfIV++zgXUZPHO
	7SV4DwQ/DfJc21K3sb4XYlh8KG9r0AzL1nk4I2AL/n3DiHdS6MoYkSj0ii9gb/IchgFT
	wOzv0TyvqjFkNFhukRlak7hfD8qWziOvOfCj4rv8+p10SP5Wz6sWD+ECMWgiWKxEcnuF
	8F3oElIj1fOEcxD6FcLNRnMBnXoYkv1+1xkmC+qcCT1tQisgebbieDbZbuVoXEEkn0QA
	2RFRTr9Ij3OhkYzTjYy7CYKnjlHWF/LRW1aPtpqXZirAuHcJZhgLW4WUVbX73hCqhfdr
	mQMw==
X-Gm-Message-State: ALQs6tCl52v8ngAl4/PwXIXm4skl1Q7SZvea/u7YiaDbUXhz55RZnuy9
	cxAu9mdN2nHM+qAs9IYeL5m3Xagkvjrn6N9OsW8=
X-Google-Smtp-Source: 
 AB8JxZrQPD6mrrEYFmf2WUuRJckU1w32LSIAJUAtS7H7HCnmf6cHSXtcF6Q9htBrLGuoYy23G+vgt+0W0r60K+QfM2s=
X-Received: by 2002:aca:1206:: with SMTP id
	6-v6mr27991887ois.316.1525901516932;
	Wed, 09 May 2018 14:31:56 -0700 (PDT)
MIME-Version: 1.0
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 9 May 2018 14:31:56 -0700
Message-ID: 
 <CAMe9rOozenqLwj6okaGYMvUmf6qDxwhtxOZo_OTawyk+DscBNQ@mail.gmail.com>
Subject: [PATCH 24/24] Intel CET: Document --enable-cet
To: Joseph Myers <joseph@codesourcery.com>
Cc: GNU C Library <libc-alpha@sourceware.org>,
	"Carlos O'Donell" <carlos@redhat.com>

On Tue, May 8, 2018 at 2:03 PM, Joseph Myers <joseph@codesourcery.com> wrote:
> On Tue, 8 May 2018, H.J. Lu wrote:
>
>>       * configure.ac: Add --enable-cet.
>
> A new configure option needs documenting in install.texi, with INSTALL
> regenerated.  I'd also expect such a new feature to have a NEWS entry
> added somewhere in the patch series.
>

Here is a separate patch for them.

From 86e85fcd5ca2a2f58b232f83dbbae93c8c6a0812 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 9 May 2018 08:28:29 -0700
Subject: [PATCH 24/24] Intel CET: Document --enable-cet

	* NEWS: Mention --enable-cet.
	* manual/install.texi: Document --enable-cet.
	* INSTALL: Regenerated.
---
 INSTALL             | 7 +++++++
 NEWS                | 7 +++++++
 manual/install.texi | 7 +++++++
 3 files changed, 21 insertions(+)

diff --git a/INSTALL b/INSTALL
index 052b1b6f89..8782c9607c 100644
--- a/INSTALL
+++ b/INSTALL
@@ -106,6 +106,13 @@ if 'CFLAGS' is specified it must enable optimization.  For example:
      programs and tests are created as dynamic position independent
      executables (PIE) by default.
 
+'--enable-cet'
+     Enable Intel Control-flow Enforcement Technology (CET) support.
+     When the library is built with -enable-cet, the resulting glibc is
+     protected with indirect branch tracking (IBT) and shadow stack
+     (SHSTK). This feature is currently supported on i386, x86_64 and
+     x32 with GCC 8 and binutils 2.29 or later.
+
 '--disable-profile'
      Don't build libraries with profiling information.  You may want to
      use this option if you don't plan to do profiling.
diff --git a/NEWS b/NEWS
index 5155c86318..7ed475dc4b 100644
--- a/NEWS
+++ b/NEWS
@@ -9,6 +9,13 @@ Version 2.28
 
 Major new features:
 
+* The GNU C Library can now be compiled with support for Intel CET, AKA
+  Intel Control-flow Enforcement Technology.  When the library is built
+  with --enable-cet, the resulting glibc is protected with indirect
+  branch tracking (IBT) and shadow stack (SHSTK).  This feature is
+  currently supported on i386, x86_64 and x32 with GCC 8 and binutils
+  2.29 or later.
+
 * <math.h> functions that round their results to a narrower type are added
   from TS 18661-1:2014 and TS 18661-3:2015:
 
diff --git a/manual/install.texi b/manual/install.texi
index 4bbbfcffa5..e8f1bbdb0a 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -137,6 +137,13 @@ with no-pie.  The resulting glibc can be used with the GCC option,
 PIE.  This option also implies that glibc programs and tests are created
 as dynamic position independent executables (PIE) by default.
 
+@item --enable-cet
+Enable Intel Control-flow Enforcement Technology (CET) support.  When
+the library is built with --enable-cet, the resulting glibc is protected
+with indirect branch tracking (IBT) and shadow stack (SHSTK).  This
+feature is currently supported on i386, x86_64 and x32 with GCC 8 and
+binutils 2.29 or later.
+
 @item --disable-profile
 Don't build libraries with profiling information.  You may want to use
 this option if you don't plan to do profiling.
-- 
2.17.0