@chaoqin In https://bugs.launchpad.net/intel/+bug/1842239, the glibc patches point at https://gitlab.com/x86-glibc/glibc/-/commits/users/hjl/cet/2.31 which we have been applying. Currently we ship them as a backported patch see https://git.launchpad.net/ubuntu/+source/glibc/tree/debian/patches/ubuntu/cet- backport.diff in various branches.
However I am noticing discrepancies. For example, it seems we don't apply patches from https://gitlab.com/x86-glibc/glibc/-/commits/users/hjl/cet/PROT_SHSTK specifically https://gitlab.com/x86-glibc/glibc/-/commit/d6848e331f1bc46824de38b520348fae8b0c4f99 But also I'm not sure if we need it. I see that in the CET enabled kernel we did use ARCH_X86_CET_STATUS but our glibc is still using ARCH_CET_STATUS. Also the patch that switches to using ARCH_X86_CET_STATUS starts to use PROT_SHSTK which I cannot find in the kernel patches. Are ubuntu glibc cet patches out of date w.r.t. kernel CET patches we have tried to enable? Do you have CET patches for glibc 2.34 and for 2.31 that match the latest revisions of the kernel patches? Hoping to see something that is compatible between the two, because at the moment it looks like our glibc does not match the proposed kernel patches. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-intel in Ubuntu. https://bugs.launchpad.net/bugs/1929889 Title: [TGL][ADL] Enable CET(Control-flow Enforcement Technology) Status in intel: New Status in intel lookout-canyon series: New Status in linux-intel package in Ubuntu: Triaged Status in linux-intel source package in Focal: New Bug description: Description Enable Tiger Lake ROP CET(Control-flow Enforcement Technology) An upcoming IntelĀ® processor family feature that counters return/jump-oriented programming (ROP) attacks Hardware: Tiger Lake & Alder Lake Target Release: 21.04 Target Kernel: TBD External links: https://github.com/intel/linux-intel-quilt/tree/mainline-tracking-v5.11-yocto-210223T083754Z To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1929889/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
