"H.J. Lu" <[email protected]> writes: > Here is the patch. > > -- > H.J. > > From 6ba393c2e4eafc90d4e50365e740a1eeb04522d3 Mon Sep 17 00:00:00 2001 > From: "H.J. Lu" <[email protected]> > Date: Mon, 16 Mar 2020 05:17:34 -0700 > Subject: [PATCH] x86: Build with -z ibt -z shstk if possible > > On Linux/x86, -fcf-protection must be used with GCC to enabele CET. In > assembly sources, which must be properly marked wuth .note.gnu.property > section, all indirect branch targets must start with ENDBR instruction. > Linker can enable CET support in executable and shared library with > -z ibt -z shstk option even if CET isn't properly enabled in all input > files. This has no impact on non-CET Linux OS. On CET Linux OS, tests > will fail if any sources aren't properly CET enabled.
Hi, this confuses me a bit, in two ways: 1. Why do we need to pass linker flags with -Wl,...? Isn't it enough to pass appropriate flags to the gcc frontend, and let it pass them through? 2. What I tried to ask about in the message you reply to, was how to write a test within the Nettle testsuite, to verify that enabling CET really has effect on a test executable (on systems where it is expected to have effect). It's not obvious to me if and how the patch improves that. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677. Internet email is subject to wholesale government surveillance. _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
