public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] x86/cet: Don't set CET active by default
@ 2024-01-01 13:24 H.J. Lu
0 siblings, 0 replies; only message in thread
From: H.J. Lu @ 2024-01-01 13:24 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=55d63e731253de82e96ed4ddca2e294076cd0bc5
commit 55d63e731253de82e96ed4ddca2e294076cd0bc5
Author: H.J. Lu <hjl.tools@gmail.com>
Date: Fri Dec 29 08:43:53 2023 -0800
x86/cet: Don't set CET active by default
Not all CET enabled applications and libraries have been properly tested
in CET enabled environments. Some CET enabled applications or libraries
will crash or misbehave when CET is enabled. Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not. Shadow stack can be enabled by
$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK
at run-time if shadow stack can be enabled by kernel.
NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.
Diff:
---
sysdeps/x86/cpu-features.c | 2 +-
sysdeps/x86/cpu-tunables.c | 15 ++++++++++++++-
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 097868c1d9..80a07ac589 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
-#if CET_ENABLED
+#if CET_ENABLED && 0
CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
#endif
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 142c6b9240..1742400525 100644
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -35,6 +35,17 @@
break; \
}
+#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, len) \
+ _Static_assert (sizeof (#name) - 1 == len, #name " != " #len); \
+ if (tunable_str_comma_strcmp_cte (&f, #name)) \
+ { \
+ if (f.disable) \
+ CPU_FEATURE_UNSET (cpu_features, name) \
+ else \
+ CPU_FEATURE_SET_ACTIVE (cpu_features, name) \
+ break; \
+ }
+
/* Disable a preferred feature NAME. We don't enable a preferred feature
which isn't available. */
#define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len) \
@@ -131,11 +142,13 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
}
break;
case 5:
+ {
+ CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, 5);
+ }
if (n.disable)
{
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
- CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-01-01 13:24 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-01-01 13:24 [glibc] x86/cet: Don't set CET active by default H.J. Lu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).