72 lines
2.3 KiB
Diff
72 lines
2.3 KiB
Diff
From c35bffd52dceed849fa027d607c0671049ee1428 Mon Sep 17 00:00:00 2001
|
|
From: "H.J. Lu" <hjl.tools@gmail.com>
|
|
Date: Fri, 12 May 2023 13:52:16 -0700
|
|
Subject: [PATCH] x86/cet: Don't set CET active
|
|
|
|
Don't set CET active so that CET is disabled by default. Shadow stack
|
|
can be enabled by
|
|
|
|
$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
|
|
|
|
if shadow stack can be enabled by kernel.
|
|
---
|
|
sysdeps/x86/cpu-features.c | 2 +-
|
|
sysdeps/x86/cpu-tunables.c | 17 ++++++++++++++++-
|
|
2 files changed, 17 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
|
|
index 45bc7fcac3..490a7e38be 100644
|
|
--- a/sysdeps/x86/cpu-features.c
|
|
+++ b/sysdeps/x86/cpu-features.c
|
|
@@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
|
|
if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
|
|
CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
|
|
|
|
-#if CET_ENABLED
|
|
+#if CET_ENABLED && 0
|
|
CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
|
|
CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
|
|
#endif
|
|
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
|
|
index 0d4f328585..eb5d31821b 100644
|
|
--- a/sysdeps/x86/cpu-tunables.c
|
|
+++ b/sysdeps/x86/cpu-tunables.c
|
|
@@ -47,6 +47,18 @@ extern __typeof (memcmp) DEFAULT_MEMCMP;
|
|
break; \
|
|
}
|
|
|
|
+#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, \
|
|
+ disable, len) \
|
|
+ _Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \
|
|
+ if (!DEFAULT_MEMCMP (f, #name, len)) \
|
|
+ { \
|
|
+ if (disable) \
|
|
+ CPU_FEATURE_UNSET (cpu_features, name) \
|
|
+ else \
|
|
+ CPU_FEATURE_SET_ACTIVE (cpu_features, name) \
|
|
+ break; \
|
|
+ }
|
|
+
|
|
/* Disable a preferred feature NAME. We don't enable a preferred feature
|
|
which isn't available. */
|
|
#define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \
|
|
@@ -162,11 +174,14 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
|
|
}
|
|
break;
|
|
case 5:
|
|
+ {
|
|
+ CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, disable,
|
|
+ 5);
|
|
+ }
|
|
if (disable)
|
|
{
|
|
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
|
|
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
|
|
- CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
|
|
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
|
|
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
|
|
}
|
|
--
|
|
2.40.1
|
|
|