about summary refs log tree commit diff
path: root/manual
diff options
context:
space:
mode:
authorH.J. Lu <hjl.tools@gmail.com>2018-07-18 09:52:40 -0700
committerH.J. Lu <hjl.tools@gmail.com>2018-07-18 09:52:53 -0700
commite6c695099b7894bce72de04009c889c8f6e674ae (patch)
tree13f0ff6ccee563fc3dba6e37581241c9cede0894 /manual
parente2d40a8822be27ddbd512599ea1955e52f90bf87 (diff)
downloadglibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.gz
glibc-e6c695099b7894bce72de04009c889c8f6e674ae.tar.xz
glibc-e6c695099b7894bce72de04009c889c8f6e674ae.zip
Intel CET: Document --enable-cet
	* NEWS: Mention --enable-cet.
	* manual/install.texi: Document --enable-cet.
	* INSTALL: Regenerated.
Diffstat (limited to 'manual')
-rw-r--r--manual/install.texi11
1 files changed, 11 insertions, 0 deletions
diff --git a/manual/install.texi b/manual/install.texi
index 42e9954199..3a87ac8bb5 100644
--- a/manual/install.texi
+++ b/manual/install.texi
@@ -137,6 +137,17 @@ with no-pie.  The resulting glibc can be used with the GCC option,
 PIE.  This option also implies that glibc programs and tests are created
 as dynamic position independent executables (PIE) by default.
 
+@item --enable-cet
+Enable Intel Control-flow Enforcement Technology (CET) support.  When
+@theglibc{} is built with @option{--enable-cet}, the resulting library
+is protected with indirect branch tracking (IBT) and shadow stack
+(SHSTK)@.  When CET is enabled, @theglibc{} is compatible with all
+existing executables and shared libraries.  This feature is currently
+supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later.
+Note that when CET is enabled, @theglibc{} requires CPUs capable of
+multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or
+newer.
+
 @item --disable-profile
 Don't build libraries with profiling information.  You may want to use
 this option if you don't plan to do profiling.