Re: [PATCH v2 01/39] Documentation/x86: Add CET description

From: Florian Weimer
Date: Mon Oct 10 2022 - 08:19:23 EST

Next message: Hou Wenlong: "[PATCH v4 2/6] KVM: x86/mmu: Fix wrong gfn range of tlb flushing in kvm_set_pte_rmapp()"
Previous message: Claudio Imbrenda: "Re: [PATCH v14 3/6] KVM: s390: pv: add KVM_CAP_S390_PROTECTED_ASYNC_DISABLE"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v2 01/39] Documentation/x86: Add CET description"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Rick Edgecombe:

> +To build a CET-enabled kernel, Binutils v2.31 and GCC v8.1 or LLVM v10.0.1
> +or later are required. To build a CET-enabled application, GLIBC v2.28 or
> +later is also required.

Uhm, I think we are using binutils 2.30 with extra fixes. I hope that
these binaries are still valid.

More importantly, glibc needs to be configured with --enable-cet
explicitly (unless the compiler defaults to CET). The default glibc
build with a default GCC will produce dynamically-linked executables
that disable CET (when running on later/differently configured glibc
builds). The statically linked object files are not marked up for CET
in that case.

I think the goal is to support the new kernel interface for actually
switching on SHSTK in glibc 2.37. But at that point, hopefully all
those existing binaries can start enjoying the STSTK benefits.

Thanks,
Florian

Next message: Hou Wenlong: "[PATCH v4 2/6] KVM: x86/mmu: Fix wrong gfn range of tlb flushing in kvm_set_pte_rmapp()"
Previous message: Claudio Imbrenda: "Re: [PATCH v14 3/6] KVM: s390: pv: add KVM_CAP_S390_PROTECTED_ASYNC_DISABLE"
Next in thread: Edgecombe, Rick P: "Re: [PATCH v2 01/39] Documentation/x86: Add CET description"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]