diff options
author | H.J. Lu <hjl.tools@gmail.com> | 2018-07-18 09:52:40 -0700 |
---|---|---|
committer | H.J. Lu <hjl.tools@gmail.com> | 2018-07-18 09:52:53 -0700 |
commit | e6c695099b7894bce72de04009c889c8f6e674ae (patch) | |
tree | 13f0ff6ccee563fc3dba6e37581241c9cede0894 /manual | |
parent | e2d40a8822be27ddbd512599ea1955e52f90bf87 (diff) | |
download | glibc-e6c695099b7894bce72de04009c889c8f6e674ae.zip glibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.gz glibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.bz2 |
Intel CET: Document --enable-cet
* NEWS: Mention --enable-cet.
* manual/install.texi: Document --enable-cet.
* INSTALL: Regenerated.
Diffstat (limited to 'manual')
-rw-r--r-- | manual/install.texi | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/manual/install.texi b/manual/install.texi index 42e9954..3a87ac8 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -137,6 +137,17 @@ with no-pie. The resulting glibc can be used with the GCC option, PIE. This option also implies that glibc programs and tests are created as dynamic position independent executables (PIE) by default. +@item --enable-cet +Enable Intel Control-flow Enforcement Technology (CET) support. When +@theglibc{} is built with @option{--enable-cet}, the resulting library +is protected with indirect branch tracking (IBT) and shadow stack +(SHSTK)@. When CET is enabled, @theglibc{} is compatible with all +existing executables and shared libraries. This feature is currently +supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later. +Note that when CET is enabled, @theglibc{} requires CPUs capable of +multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or +newer. + @item --disable-profile Don't build libraries with profiling information. You may want to use this option if you don't plan to do profiling. |