From patchwork Wed Jul 18 03:04:49 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "H.J. Lu" <hongjiu.lu@intel.com>
X-Patchwork-Id: 945481
Return-Path: 
 <libc-alpha-return-94410-incoming=patchwork.ozlabs.org@sourceware.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=sourceware.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=libc-alpha-return-94410-incoming=patchwork.ozlabs.org@sourceware.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=intel.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	secure) header.d=sourceware.org header.i=@sourceware.org
	header.b="xsXPhdjN"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 41VhpN4Tkmz9rxx
	for <incoming@patchwork.ozlabs.org>;
	Wed, 18 Jul 2018 13:04:59 +1000 (AEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:mime-version:content-type; q=dns; s=default; b=fcWKlomCbzDD+oh6
	lUdMNfttnAqumoF4/tJWnIgyuYZT7FZchDCLGLwfjY4S0cMs0LwEYhV5KBAxU/9E
	nQ5xtKmljz/LCJPVOC6bS2nLVtyjpSNSxauh3T3g315Pn9lIeRb5Lgv48PgL0Oku
	WI98hFMEgp4HIM4QQr1nPd9WoF0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:to:subject:message-id:reply-to
	:mime-version:content-type; s=default; bh=rUvDgS4fzpOQ5AOyQlnXyy
	0M1B8=; b=xsXPhdjNDnaRk1rO1KfkvwOIXx69WdpdyjcNROM1b8S1d2aKDpdSTY
	YQtmEr5eh4pThUJUhCR1effFDA2Chnf+/PaDfxvHygx5H3UBizUUdyu7/WIO71Tj
	jJp7DB8uhsofEYmebAVv6m73jOTxXBQnroLpYDxYu9PvUVKTImAm0=
Received: (qmail 97089 invoked by alias); 18 Jul 2018 03:04:53 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: 
 <mailto:libc-alpha-unsubscribe-incoming=patchwork.ozlabs.org@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 97069 invoked by uid 89); 18 Jul 2018 03:04:52 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=BAYES_00, GIT_PATCH_0,
	GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	KAM_LAZY_DOMAIN_SECURITY,
	NO_DNS_FOR_FROM autolearn=ham version=3.3.2 spammy=
X-HELO: mga09.intel.com
Date: Tue, 17 Jul 2018 20:04:49 -0700
From: "H.J. Lu" <hongjiu.lu@intel.com>
To: GNU C Library <libc-alpha@sourceware.org>
Subject: [PATCH] x86/CET: Document glibc.tune.x86_ibt and
	glibc.tune.x86_shstk
Message-ID: <20180718030449.GA12416@intel.com>
Reply-To: "H.J. Lu" <hjl.tools@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.10.0 (2018-05-17)

OK for master?

H.J.
---
	* manual/tunables.texi: Document glibc.tune.x86_ibt and
	glibc.tune.x86_shstk.
---
 manual/tunables.texi | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/manual/tunables.texi b/manual/tunables.texi
index be33c9fc79..7998b3b7e6 100644
--- a/manual/tunables.texi
+++ b/manual/tunables.texi
@@ -356,3 +356,26 @@ to set threshold in bytes for non temporal store.
 
 This tunable is specific to i386 and x86-64.
 @end deftp
+
+@deftp Tunable glibc.tune.x86_ibt
+The @code{glibc.tune.x86_ibt=[on|off|permissive]} tunable allows the user
+to control how indirect branch tracking (IBT) should be enabled.
+@code{on} always turns on IBT regardless of whether IBT is enabled in the
+executable and its dependent shared libraries.  @code{off} always turns
+off IBT regardless of whether IBT is enabled in the executable and its
+dependent shared libraries.  @code{permissive} is the same as the default.
+
+This tunable is specific to i386 and x86-64.
+@end deftp
+
+@deftp Tunable glibc.tune.x86_shstk
+The @code{glibc.tune.x86_shstk=[on|off|permissive]} tunable allows the
+user to control how shadow stack (SHSTK) should be enabled.  @code{on}
+always turns on SHSTK regardless of whether SHSTK is enabled in the
+executable and its dependent shared libraries.  @code{off} always turns
+off SHSTK regardless of whether SHSTK is enabled in the executable and
+its dependent shared libraries.  @code{permissive} turns off SHSTK when
+dlopening a legacy shared library, instead of returns an error.
+
+This tunable is specific to i386 and x86-64.
+@end deftp