From: H.J. Lu Date: Wed, 3 Jan 2024 20:09:23 +0000 (-0800) Subject: i386: Ignore --enable-cet X-Git-Tag: upstream/2.39~120 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=bbfb54930cdd85269504a34b362e77a3ac2a207a;p=platform%2Fupstream%2Fglibc.git i386: Ignore --enable-cet Since shadow stack is only supported for x86-64, ignore --enable-cet for i386. Always setting $(enable-cet) for i386 to "no" to support ifneq ($(enable-cet),no) in x86 Makefiles. We can't use ifeq ($(enable-cet),yes) since $(enable-cet) can be "yes", "no" or "permissive". Reviewed-by: Adhemerval Zanella --- diff --git a/INSTALL b/INSTALL index afd88dc..be3697c 100644 --- a/INSTALL +++ b/INSTALL @@ -141,17 +141,14 @@ if ‘CFLAGS’ is specified it must enable optimization. For example: indirect branch tracking (IBT) and shadow stack (SHSTK). When CET is enabled, the GNU C Library is compatible with all existing executables and shared libraries. This feature is currently - supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or - later. Note that when CET is enabled, the GNU C Library requires - CPUs capable of multi-byte NOPs, like x86-64 processors as well as - Intel Pentium Pro or newer. With ‘--enable-cet’, it is an error to - dlopen a non CET enabled shared library in CET enabled application. - With ‘--enable-cet=permissive’, CET is disabled when dlopening a - non CET enabled shared library in CET enabled application. - - NOTE: ‘--enable-cet’ has been tested for i686, x86_64 and x32 on - non-CET processors. ‘--enable-cet’ has been tested for i686, - x86_64 and x32 on CET processors. + supported on x86_64 and x32 with GCC 8 and binutils 2.29 or later. + With ‘--enable-cet’, it is an error to dlopen a non CET enabled + shared library in CET enabled application. With + ‘--enable-cet=permissive’, CET is disabled when dlopening a non CET + enabled shared library in CET enabled application. + + NOTE: ‘--enable-cet’ has been tested for x86_64 and x32 on non-CET + and CET processors. ‘--enable-memory-tagging’ Enable memory tagging support if the architecture supports it. diff --git a/NEWS b/NEWS index b35c673..17110e7 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,9 @@ Version 2.39 Major new features: +* Sync with Linux kernel 6.6 shadow stack interface. Since only x86-64 + is supported, --enable-cet is ignored for i386. + * struct statvfs now has an f_type member, equal to the f_type statfs member; on the Hurd this was always available under a reserved name, and under Linux a spare has been allocated: it was always zero diff --git a/manual/install.texi b/manual/install.texi index ac53107..f752f64 100644 --- a/manual/install.texi +++ b/manual/install.texi @@ -169,17 +169,14 @@ Enable Intel Control-flow Enforcement Technology (CET) support. When is protected with indirect branch tracking (IBT) and shadow stack (SHSTK)@. When CET is enabled, @theglibc{} is compatible with all existing executables and shared libraries. This feature is currently -supported on i386, x86_64 and x32 with GCC 8 and binutils 2.29 or later. -Note that when CET is enabled, @theglibc{} requires CPUs capable of -multi-byte NOPs, like x86-64 processors as well as Intel Pentium Pro or -newer. With @option{--enable-cet}, it is an error to dlopen a non CET +supported on x86_64 and x32 with GCC 8 and binutils 2.29 or later. +With @option{--enable-cet}, it is an error to dlopen a non CET enabled shared library in CET enabled application. With @option{--enable-cet=permissive}, CET is disabled when dlopening a non CET enabled shared library in CET enabled application. -NOTE: @option{--enable-cet} has been tested for i686, x86_64 and x32 -on non-CET processors. @option{--enable-cet} has been tested for -i686, x86_64 and x32 on CET processors. +NOTE: @option{--enable-cet} has been tested for x86_64 and x32 +on non-CET and CET processors. @item --enable-memory-tagging Enable memory tagging support if the architecture supports it. When diff --git a/sysdeps/i386/configure b/sysdeps/i386/configure index f5c3a28..cd63d31 100644 --- a/sysdeps/i386/configure +++ b/sysdeps/i386/configure @@ -1,6 +1,11 @@ # This file is generated from configure.ac by Autoconf. DO NOT EDIT! # Local configure fragment for sysdeps/i386. +# CET is only supported for x86-64. Set enable-cet to "no" to allow +# "ifneq ($(enable-cet),no)" in x86 Makefiles. +config_vars="$config_vars +enable-cet = "no"" + # We no longer support i386 since it lacks the atomic instructions # required to implement NPTL threading. if test "$config_machine" = i386; then diff --git a/sysdeps/i386/configure.ac b/sysdeps/i386/configure.ac index 234ef24..b7d9436 100644 --- a/sysdeps/i386/configure.ac +++ b/sysdeps/i386/configure.ac @@ -1,6 +1,10 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory. # Local configure fragment for sysdeps/i386. +# CET is only supported for x86-64. Set enable-cet to "no" to allow +# "ifneq ($(enable-cet),no)" in x86 Makefiles. +LIBC_CONFIG_VAR([enable-cet], ["no"]) + # We no longer support i386 since it lacks the atomic instructions # required to implement NPTL threading. if test "$config_machine" = i386; then diff --git a/sysdeps/x86/configure b/sysdeps/x86/configure index a2f9a7c..1f4c2d6 100644 --- a/sysdeps/x86/configure +++ b/sysdeps/x86/configure @@ -1,76 +1,6 @@ # This file is generated from configure.ac by Autoconf. DO NOT EDIT! # Local configure fragment for sysdeps/x86. -if test $enable_cet != no; then - # Check if CET can be enabled. - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether CET can be enabled" >&5 -printf %s "checking whether CET can be enabled... " >&6; } -if test ${libc_cv_x86_cet_available+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat > conftest.c <&5 - (eval $ac_try) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - libc_cv_x86_cet_available=yes - else - libc_cv_x86_cet_available=no - fi - rm -rf conftest* -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_x86_cet_available" >&5 -printf "%s\n" "$libc_cv_x86_cet_available" >&6; } - if test $libc_cv_x86_cet_available != yes; then - as_fn_error $? "$CC doesn't support CET" "$LINENO" 5 - fi -fi -if test $enable_cet != no; then - # Check if assembler supports CET. - { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether assembler supports CET" >&5 -printf %s "checking whether assembler supports CET... " >&6; } -if test ${libc_cv_x86_cet_as+y} -then : - printf %s "(cached) " >&6 -else $as_nop - cat > conftest.s <&5 - (eval $ac_try) 2>&5 - ac_status=$? - printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - libc_cv_x86_cet_as=yes - else - libc_cv_x86_cet_as=no - fi - rm -rf conftest* -fi -{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_x86_cet_as" >&5 -printf "%s\n" "$libc_cv_x86_cet_as" >&6; } - if test $libc_cv_x86_cet_as = no; then - as_fn_error $? "$AS doesn't support CET" "$LINENO" 5 - fi -fi -if test $enable_cet = yes; then - printf "%s\n" "#define DEFAULT_DL_X86_CET_CONTROL cet_elf_property" >>confdefs.h - -elif test $enable_cet = permissive; then - printf "%s\n" "#define DEFAULT_DL_X86_CET_CONTROL cet_permissive" >>confdefs.h - -fi -config_vars="$config_vars -enable-cet = $enable_cet" - # Check if linker supports x86 ISA level. { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for linker x86 ISA level support" >&5 printf %s "checking for linker x86 ISA level support... " >&6; } diff --git a/sysdeps/x86/configure.ac b/sysdeps/x86/configure.ac index c854bc7..437a506 100644 --- a/sysdeps/x86/configure.ac +++ b/sysdeps/x86/configure.ac @@ -1,49 +1,6 @@ GLIBC_PROVIDES dnl See aclocal.m4 in the top level source directory. # Local configure fragment for sysdeps/x86. -if test $enable_cet != no; then - # Check if CET can be enabled. - AC_CACHE_CHECK(whether CET can be enabled, - libc_cv_x86_cet_available, [dnl -cat > conftest.c <&AS_MESSAGE_LOG_FD); then - libc_cv_x86_cet_available=yes - else - libc_cv_x86_cet_available=no - fi - rm -rf conftest*]) - if test $libc_cv_x86_cet_available != yes; then - AC_MSG_ERROR([$CC doesn't support CET]) - fi -fi -if test $enable_cet != no; then - # Check if assembler supports CET. - AC_CACHE_CHECK(whether assembler supports CET, - libc_cv_x86_cet_as, [dnl -cat > conftest.s <&AS_MESSAGE_LOG_FD); then - libc_cv_x86_cet_as=yes - else - libc_cv_x86_cet_as=no - fi - rm -rf conftest*]) - if test $libc_cv_x86_cet_as = no; then - AC_MSG_ERROR([$AS doesn't support CET]) - fi -fi -if test $enable_cet = yes; then - AC_DEFINE(DEFAULT_DL_X86_CET_CONTROL, cet_elf_property) -elif test $enable_cet = permissive; then - AC_DEFINE(DEFAULT_DL_X86_CET_CONTROL, cet_permissive) -fi -LIBC_CONFIG_VAR([enable-cet], [$enable_cet]) - # Check if linker supports x86 ISA level. AC_CACHE_CHECK([for linker x86 ISA level support], libc_cv_include_x86_isa_level, [dnl diff --git a/sysdeps/x86_64/configure b/sysdeps/x86_64/configure index e307467..b4a80b8 100755 --- a/sysdeps/x86_64/configure +++ b/sysdeps/x86_64/configure @@ -29,6 +29,76 @@ if test x"$build_mathvec" = xnotset; then build_mathvec=yes fi +if test $enable_cet != no; then + # Check if CET can be enabled. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether CET can be enabled" >&5 +printf %s "checking whether CET can be enabled... " >&6; } +if test ${libc_cv_x86_cet_available+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat > conftest.c <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + libc_cv_x86_cet_available=yes + else + libc_cv_x86_cet_available=no + fi + rm -rf conftest* +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_x86_cet_available" >&5 +printf "%s\n" "$libc_cv_x86_cet_available" >&6; } + if test $libc_cv_x86_cet_available != yes; then + as_fn_error $? "$CC doesn't support CET" "$LINENO" 5 + fi +fi +if test $enable_cet != no; then + # Check if assembler supports CET. + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether assembler supports CET" >&5 +printf %s "checking whether assembler supports CET... " >&6; } +if test ${libc_cv_x86_cet_as+y} +then : + printf %s "(cached) " >&6 +else $as_nop + cat > conftest.s <&5 + (eval $ac_try) 2>&5 + ac_status=$? + printf "%s\n" "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + libc_cv_x86_cet_as=yes + else + libc_cv_x86_cet_as=no + fi + rm -rf conftest* +fi +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_x86_cet_as" >&5 +printf "%s\n" "$libc_cv_x86_cet_as" >&6; } + if test $libc_cv_x86_cet_as = no; then + as_fn_error $? "$AS doesn't support CET" "$LINENO" 5 + fi +fi +if test $enable_cet = yes; then + printf "%s\n" "#define DEFAULT_DL_X86_CET_CONTROL cet_elf_property" >>confdefs.h + +elif test $enable_cet = permissive; then + printf "%s\n" "#define DEFAULT_DL_X86_CET_CONTROL cet_permissive" >>confdefs.h + +fi +config_vars="$config_vars +enable-cet = $enable_cet" + test -n "$critic_missing" && as_fn_error $? " *** $critic_missing" "$LINENO" 5 diff --git a/sysdeps/x86_64/configure.ac b/sysdeps/x86_64/configure.ac index 1215dcb..937d1af 100644 --- a/sysdeps/x86_64/configure.ac +++ b/sysdeps/x86_64/configure.ac @@ -14,5 +14,48 @@ if test x"$build_mathvec" = xnotset; then build_mathvec=yes fi +if test $enable_cet != no; then + # Check if CET can be enabled. + AC_CACHE_CHECK(whether CET can be enabled, + libc_cv_x86_cet_available, [dnl +cat > conftest.c <&AS_MESSAGE_LOG_FD); then + libc_cv_x86_cet_available=yes + else + libc_cv_x86_cet_available=no + fi + rm -rf conftest*]) + if test $libc_cv_x86_cet_available != yes; then + AC_MSG_ERROR([$CC doesn't support CET]) + fi +fi +if test $enable_cet != no; then + # Check if assembler supports CET. + AC_CACHE_CHECK(whether assembler supports CET, + libc_cv_x86_cet_as, [dnl +cat > conftest.s <&AS_MESSAGE_LOG_FD); then + libc_cv_x86_cet_as=yes + else + libc_cv_x86_cet_as=no + fi + rm -rf conftest*]) + if test $libc_cv_x86_cet_as = no; then + AC_MSG_ERROR([$AS doesn't support CET]) + fi +fi +if test $enable_cet = yes; then + AC_DEFINE(DEFAULT_DL_X86_CET_CONTROL, cet_elf_property) +elif test $enable_cet = permissive; then + AC_DEFINE(DEFAULT_DL_X86_CET_CONTROL, cet_permissive) +fi +LIBC_CONFIG_VAR([enable-cet], [$enable_cet]) + test -n "$critic_missing" && AC_MSG_ERROR([ *** $critic_missing])