| commit | 55d63e731253de82e96ed4ddca2e294076cd0bc5 | |
| author | H.J. Lu <hjl.tools@gmail.com> | |
| Fri, 29 Dec 2023 16:43:53 +0000 (29 08:43 -0800) | ||
| committer | H.J. Lu <hjl.tools@gmail.com> | |
| Mon, 1 Jan 2024 13:22:48 +0000 (1 05:22 -0800) | ||
| tree | 7bf46a0d70507206c236f946b45d15159687676c | treesnapshot (tar.gz zip) |
| parent | d360dcc001cb12504cd3e8dbddee20df6bebb0f8 | commitdiff |
x86/cet: Don't set CET active by default
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments. Some CET enabled applications or libraries
will crash or misbehave when CET is enabled. Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not. Shadow stack can be enabled by
$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
at run-time if shadow stack can be enabled by kernel.
NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments. Some CET enabled applications or libraries
will crash or misbehave when CET is enabled. Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not. Shadow stack can be enabled by
$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
at run-time if shadow stack can be enabled by kernel.
NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
| sysdeps/x86/cpu-features.c | diffblobblamehistory | |
| sysdeps/x86/cpu-tunables.c | diffblobblamehistory |