Enable Intel CET support in assembler sources#56
Open
nefigtut wants to merge 1 commit into
Open
Conversation
nefigtut
requested review from
ElenaTyuleneva,
gbtucker,
nmizonov,
paveldyakov and
tizmajlo
as code owners
If Intel CET is enabled, add .note.gnu.property section with x86 assembly code which indicates IBT and SHSTK presence. This is required for ELF outputs to mark Intel CET support when Intel CET is enabled since all input files must be marked with Intel CET support in order for linker to mark output with Intel CET support. The required ENDBR instructions were added by the upsteream ISA-L commit cd888f01 (intel/isa-l@cd888f01) included in this copy of ISA-L code. The ISA-L upstream commit 57846f41 (https://github.com/intel/isa-l/commit/ 57846f41) which added a section needed is missing here, so add it. The object files with an assembly code and the resulting library have proper flags in the proper section as a result: $ readelf -n sources/isal/igzip/encode_df.c.o sources/libqpl.so.1.9.0 File: sources/isal/igzip/encode_df.c.o Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT, SHSTK File: sources/libqpl.so.1.9.0 Displaying notes found in: .note.gnu.property Owner Data size Description GNU 0x00000010 NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT, SHSTK
Author
|
hi, i'm adding the intel-qpl package to RedHat Linux per Intel request. RHEL (and probably other distributions) requires security features like Intel CET to be enabled for the executables shipped. This PR suggests enabling Intel CET for the resulting libqpl.so binary. could you please consider this PR for a possible inclusion? thank you. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If Intel CET is enabled, add
.note.gnu.propertysection with x86 assembly code which indicates IBT and SHSTK presence. This is required for ELF outputs to mark Intel CET support when Intel CET is enabled since all input files must be marked with Intel CET support in order for linker to mark output with Intel CET support.The required ENDBR instructions were added by the upsteream ISA-L commit cd888f01 included in this copy of ISA-L code. The ISA-L upstream commit 57846f41 which added a section needed is missing here, so add it.
The object files with an assembly code and the resulting library have proper flags in the proper section as a result: