From patchwork Wed Jul 18 17:27:38 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hjl.tools@gmail.com>
X-Patchwork-Id: 28464
Received: (qmail 71509 invoked by alias); 18 Jul 2018 17:27:42 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 71496 invoked by uid 89); 18 Jul 2018 17:27:42 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-25.3 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2,
	GIT_PATCH_3, RCVD_IN_DNSWL_NONE,
	SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: mail-oi0-f68.google.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=dvUv+eJjqDflHakcEJvoRtmi+9v0yBlCAVTAoNGqrnE=;
	b=tzh4OWOdxAB5hFHvN6lhoe7sIOqVNVYJm130vSx7dzBAqNsUQU9w8gL304bv016EtH
	91i+NKJg/G4PU4aGkSb8BMghPM1vhalLXtZB9T//SOkJvqYj9nueUhvGqh+avefdTwi6
	cJ3eOg8vgAn9zAtpemBa34dHw0VSif94HZ+s8H1l2qQAv0GhgWDxtn+3NxgZ6pIWQLVJ
	8K4mmUMeVv5S/sxFnMTXA7Ku5qkos48lT3EoI13AQS+vfKtz/MfwCR3/avycf56+c4wn
	NbzC3/7LWaw3rlkypeNWyvlGj8qbJmVMcBuutQEN0Pkf/uYA+X+FSz4ig6L14NVhqqUP
	mhqg==
MIME-Version: 1.0
In-Reply-To: <23e1bbb5-5fe5-4b8d-d80a-fec481c76e21@2c3t.io>
References: 
 <CAMe9rOo2125_bkhDNMQD3zj3SdyTzCrdZz1e2KxTXfaZT3273Q@mail.gmail.com>
	<23e1bbb5-5fe5-4b8d-d80a-fec481c76e21@2c3t.io>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 18 Jul 2018 10:27:38 -0700
Message-ID: 
 <CAMe9rOq=75HQw46rAnQq+D84=g6eczAif_dVm=4s6y9Pkq4uGQ@mail.gmail.com>
Subject: Re: V2 [PATCH] x86/CET: Document glibc.tune.x86_ibt and
	glibc.tune.x86_shstk
To: Rical Jasan <rj@2c3t.io>
Cc: "Carlos O'Donell" <carlos@redhat.com>,
	"Joseph S. Myers" <joseph@codesourcery.com>,
	GNU C Library <libc-alpha@sourceware.org>

On Wed, Jul 18, 2018 at 9:55 AM, Rical Jasan <rj@2c3t.io> wrote:
> On 07/18/2018 09:44 AM, H.J. Lu wrote:
> ...
>> diff --git a/manual/tunables.texi b/manual/tunables.texi
>> index be33c9fc79..13426ce238 100644
>> --- a/manual/tunables.texi
>> +++ b/manual/tunables.texi
>> @@ -356,3 +356,31 @@ to set threshold in bytes for non temporal store.
>>
>>  This tunable is specific to i386 and x86-64.
>>  @end deftp
>> +
>> +@deftp Tunable glibc.tune.x86_ibt
>> +The @code{glibc.tune.x86_ibt=[on|off|permissive]} tunable allows the user
>
> I meant to just use @code{glibc.tune.x86_ibt} here, and then list the
> options after, like you did below.

Fixed.

>> +to control how indirect branch tracking (IBT) should be enabled.  Accepted
>> +values are @code{on}, @code{off}, and @code{permissive}.  @code{on} always
>> +turns on IBT regardless of whether IBT is enabled in the executable and
>> +its dependent shared libraries.  @code{off} always turns off IBT regardless
>> +of whether IBT is enabled in the executable and its dependent shared
>> +libraries.  @code{permissive} is the same as the default which disables
>> +IBT on non-CET executables and shared libraries.
>> +
>> +This tunable is specific to i386 and x86-64.
>> +@end deftp
>> +
>> +@deftp Tunable glibc.tune.x86_shstk
>> +The @code{glibc.tune.x86_shstk=[on|off|permissive]} tunable allows the
>
> And here.

Fixed.

Here is the updated patch.  OK for master?

Thanks.
Reviewed-by: Carlos O'Donell <carlos@redhat.com>

From ae2b7b566530aa6a83f6afe589245418d1946952 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Tue, 17 Jul 2018 19:51:23 -0700
Subject: [PATCH] x86/CET: Document glibc.tune.x86_ibt and glibc.tune.x86_shstk

	* manual/tunables.texi: Document glibc.tune.x86_ibt and
	glibc.tune.x86_shstk.
---
 manual/tunables.texi | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/manual/tunables.texi b/manual/tunables.texi
index be33c9fc79..bb4819bdf1 100644
--- a/manual/tunables.texi
+++ b/manual/tunables.texi
@@ -356,3 +356,31 @@ to set threshold in bytes for non temporal store.
 
 This tunable is specific to i386 and x86-64.
 @end deftp
+
+@deftp Tunable glibc.tune.x86_ibt
+The @code{glibc.tune.x86_ibt} tunable allows the user to control how
+indirect branch tracking (IBT) should be enabled.  Accepted values are
+@code{on}, @code{off}, and @code{permissive}.  @code{on} always turns
+on IBT regardless of whether IBT is enabled in the executable and its
+dependent shared libraries.  @code{off} always turns off IBT regardless
+of whether IBT is enabled in the executable and its dependent shared
+libraries.  @code{permissive} is the same as the default which disables
+IBT on non-CET executables and shared libraries.
+
+This tunable is specific to i386 and x86-64.
+@end deftp
+
+@deftp Tunable glibc.tune.x86_shstk
+The @code{glibc.tune.x86_shstk} tunable allows the user to control how
+the shadow stack (SHSTK) should be enabled.  Accepted values are
+@code{on}, @code{off}, and @code{permissive}.  @code{on} always turns on
+SHSTK regardless of whether SHSTK is enabled in the executable and its
+dependent shared libraries.  @code{off} always turns off SHSTK regardless
+of whether SHSTK is enabled in the executable and its dependent shared
+libraries.  @code{permissive} changes how dlopen works on non-CET shared
+libraries.  By default, when SHSTK is enabled, dlopening a non-CET shared
+library returns an error.  With @code{permissive}, it turns off SHSTK
+instead.
+
+This tunable is specific to i386 and x86-64.
+@end deftp
-- 
2.17.1