AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-21 12:30:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

x86/cet: Don't set CET active by default

Browse Source 
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments.  Some CET enabled applications or libraries
will crash or misbehave when CET is enabled.  Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not.  Shadow stack can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

at run-time if shadow stack can be enabled by kernel.

NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
This commit is contained in:
H.J. Lu 2023-12-29 08:43:53 -08:00
parent d360dcc001
commit 55d63e7312
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sysdeps/x86/cpu-features.c
View File

@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
#if CET_ENABLED
#if CET_ENABLED && 0
CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
#endif

15
sysdeps/x86/cpu-tunables.c
View File

@ -35,6 +35,17 @@
break; \
}
#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, len) \
_Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \
if (tunable_str_comma_strcmp_cte (&f, #name)) \
{ \
if (f.disable) \
CPU_FEATURE_UNSET (cpu_features, name) \
else \
CPU_FEATURE_SET_ACTIVE (cpu_features, name) \
break; \
}
/* Disable a preferred feature NAME. We don't enable a preferred feature
which isn't available. */
#define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \
@ -131,11 +142,13 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
}
break;
case 5:
{
CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, 5);
}
if (n.disable)
{
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
}