[glibc/fw/x86-shstk-backtrace] manual: Update glibc.cpu.x86

public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed

* [glibc/fw/x86-shstk-backtrace] manual: Update glibc.cpu.x86_shstk description
@ 2024-05-31 20:49 Florian Weimer
  0 siblings, 0 replies; only message in thread
From: Florian Weimer @ 2024-05-31 20:49 UTC (permalink / raw)
  To: glibc-cvs

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=dbdeca0334e90b4a87e7f662f2d64b1dfde329d3

commit dbdeca0334e90b4a87e7f662f2d64b1dfde329d3
Author: Florian Weimer <fweimer@redhat.com>
Date:   Thu May 30 15:07:21 2024 +0200

    manual: Update glibc.cpu.x86_shstk description
    
    The previous text described a forcing behavior for the "on" setting
    which is not actually implemented.
    
    Also note that SHSTK is disabled by default.

Diff:
---
 manual/tunables.texi | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/manual/tunables.texi b/manual/tunables.texi
index baaf751721..3f98224f1b 100644
--- a/manual/tunables.texi
+++ b/manual/tunables.texi
@@ -606,16 +606,31 @@ This tunable is specific to i386 and x86-64.
 @deftp Tunable glibc.cpu.x86_shstk
 The @code{glibc.cpu.x86_shstk} tunable allows the user to control how
 the shadow stack (SHSTK) should be enabled.  Accepted values are
-@code{on}, @code{off}, and @code{permissive}.  @code{on} always turns on
-SHSTK regardless of whether SHSTK is enabled in the executable and its
-dependent shared libraries.  @code{off} always turns off SHSTK regardless
+@code{on}, @code{off}, and @code{permissive}:
+
+@table @code
+@item on
+Turn on SHSTK if the executable and its dependent shared libraries
+contain markers indicating shadow stack support.  This is the default
+(but see below for additional hardware capability setting).
+
+@item off
+Always turn off SHSTK regardless
 of whether SHSTK is enabled in the executable and its dependent shared
-libraries.  @code{permissive} changes how dlopen works on non-CET shared
-libraries.  By default, when SHSTK is enabled, dlopening a non-CET shared
-library returns an error.  With @code{permissive}, it turns off SHSTK
-instead.
+libraries.
 
-This tunable is specific to i386 and x86-64.
+@item permissive
+Same as @code{on}, but change how dlopen works on non-CET shared
+libraries.  With the @code{on} setting, when SHSTK is enabled, dlopening
+a non-CET shared library returns an error.  With @code{permissive}, it
+turns off SHSTK instead.
+@end table
+
+@strong{Note:} By default, the SHSTK capability of the system is masked
+at the hardware capability level.  To turn it on, set the tunable
+@samp{glibc.cpu.hwcaps=SHSTK}.
+
+This tunable is specific to x86-64.
 @end deftp
 
 @deftp Tunable glibc.cpu.prefer_map_32bit_exec

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2024-05-31 20:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-31 20:49 [glibc/fw/x86-shstk-backtrace] manual: Update glibc.cpu.x86_shstk description Florian Weimer

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).