commit: 9365f1e0f71f7b4568795239d257626d218bd077 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Mon Jan 23 06:27:01 2023 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Mon Jan 23 06:27:01 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9365f1e0
sys-devel/gcc: note about amd64/x86 & i686 for CET Signed-off-by: Sam James <sam <AT> gentoo.org> sys-devel/gcc/metadata.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys-devel/gcc/metadata.xml b/sys-devel/gcc/metadata.xml index ccedf9b38e3f..d1c5c038131d 100644 --- a/sys-devel/gcc/metadata.xml +++ b/sys-devel/gcc/metadata.xml @@ -10,6 +10,8 @@ <flag name="cet" restrict=">=sys-devel/gcc-10"> Enable support for Intel Control Flow Enforcement Technology (CET). + Only effective on amd64/x86. + Only provides benefits on newer CPUs. For Intel, the CPU must be at least as new as Tiger Lake. For AMD, it must be at least as new as Zen 3. This is harmless on older CPUs, @@ -18,7 +20,8 @@ When combined with USE=hardened, GCC will set -fcf-protection by default when building software. The effect is minimal on systems which do not support it, other than a possible - small increase in codesize for the NOPs. + small increase in codesize for the NOPs. The generated + code is therefore compatible with i686 at the earliest. </flag> <flag name="d">Enable support for the D programming language</flag> <flag name="default-stack-clash-protection">