From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) by sourceware.org (Postfix) with ESMTPS id D0C56385840D for ; Tue, 19 Dec 2023 16:16:10 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org D0C56385840D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org D0C56385840D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::112d ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703002573; cv=none; b=eKBCngWeCqXZnQiXXH2xLeIUffYa40b2yH3YwJAFukEUdzE3H6eI4VQVoLg5qK5jQIvqkkrXHRpNLXP4+GK13JaJLSAV3fOML22i4lHK7FGrIddhz5phb5urINW0X78yg2QqBq+WZOW8T+wvgI5So6v0a3oovOiFWAoykeFBMbo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1703002573; c=relaxed/simple; bh=vkfAWUO6IJ4PbclBe2DJfuTok+GWWwri0IKMCM73BJY=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=Oh2AcUSQgAb8z9afwbKhw5NmJjso5yC6bqn94E/bChRPD4XaiOh217an4yR/9WphEGZ4Hw/ycoasRsiy0R5VvbJUqQorvw69IFgECiZJBo9Rf2GvQfPKkj48jmYdTxPGpnLKe79KjOckOo7YBhpMdbeRjXpQx2kiemSfOu8+c8Q= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-5d7a47d06eeso39230127b3.1 for ; Tue, 19 Dec 2023 08:16:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1703002570; x=1703607370; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=t+vK5hysSOpewszJDTOyGdMaxknRxQ/aE8X4BDgC2g4=; b=Fx0Zi3KJEukq2rrwcP34UIA9pmFbTsaGjpIn5ZApmPVJ9Rx8tboMBmrYIIn8oGbMUK jS2AnZL56Wr5aDeOxEh7xQmyzsVgk3XO8Ud7qKH/uWkHWyOS9KR+MJL3sT/0DzrUJOs8 /xzJNYc8bPjQ0C4R3b2vwTLTrS47QATG6ksVHii8GGHNLU4QID867o2yDSuyKCWRI+Wd ypDPDrlMFcRKRoEdiOKs+KdymVWGt6uAVDUwA2OjisnauvnU8iTO1mD/5MJvJqvTcAfz ee52Q5kcWhyizH6xB7snP5TpeD2RR5w7680vl3IbDfL5XlX15xstAVw4w5uNGE33Sk52 eWYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1703002570; x=1703607370; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=t+vK5hysSOpewszJDTOyGdMaxknRxQ/aE8X4BDgC2g4=; b=nUimnjny2IlB4/fN5xa2oSRbsjTmgObBZn0xnZ6wj0s50G0oiN0pC4adq3bI9J3abo TDFaLkda+Sth8wOuPjp5ET/E6MFHV1ijulVc2T+188D5ynwHZPcq+Y7/b8zGeRRUQkNj Wjr9gTGdm0NvVkN94eOM1E/iEghcOkNX/ASTvD0EquMoWLuxDu1DerfE7otrdpXOSf50 +JUkY5eAyKa7QM706QHtxQjCWg2EJgO9DC3+FjZr6xHwr3JMmlzPvYKet/hI0RD6gHmn dpXoE1HA9rxxNjS0LafNRPPzsPC/plVcJaAv0PNbnbg8IOM/0bF4E07UhYESAkEm3Fj9 FjYg== X-Gm-Message-State: AOJu0YxPAnUe9X7XrlfFNPPbcb4Ig6PjnwMWmTIR/EC2WBGUZFFOGqKN PphyaiFEN32SXTG6aHx27QFu4wrhruVY1cG7UVpLjYrrqcg= X-Google-Smtp-Source: AGHT+IG1ABFkr8Inf5hhnzhfkrrwItiZAXtURinOaevHx2TJm9SgLdkQLhbMHft6OJGRtUBwHzPeI3HIv8Z3R5okkGg= X-Received: by 2002:a0d:d547:0:b0:5e5:1035:7126 with SMTP id x68-20020a0dd547000000b005e510357126mr4287003ywd.50.1703002569603; Tue, 19 Dec 2023 08:16:09 -0800 (PST) MIME-Version: 1.0 References: <20231219160740.3079330-1-hjl.tools@gmail.com> <20231219160740.3079330-3-hjl.tools@gmail.com> In-Reply-To: <20231219160740.3079330-3-hjl.tools@gmail.com> From: "H.J. Lu" Date: Tue, 19 Dec 2023 08:15:33 -0800 Message-ID: Subject: Re: [PATCH v3 2/9] x86: Modularize sysdeps/x86/dl-cet.c To: libc-alpha@sourceware.org Cc: goldstein.w.n@gmail.com, rick.p.edgecombe@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-3021.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Tue, Dec 19, 2023 at 8:08=E2=80=AFAM H.J. Lu wrote= : > > Improve readability and make maintenance easier for dl-feature.c by > modularizing sysdeps/x86/dl-cet.c: > 1. Support processors with: > a. Only IBT. Or > b. Only SHSTK. Or > c. Both IBT and SHSTK. > 2. Lock CET features only if IBT or SHSTK are enabled and are not > enabled permissively. > --- > sysdeps/x86/dl-cet.c | 456 ++++++++++++++++++++++++++----------------- > 1 file changed, 280 insertions(+), 176 deletions(-) > > diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c > index 60ea1cb558..67c51ee8c2 100644 > --- a/sysdeps/x86/dl-cet.c > +++ b/sysdeps/x86/dl-cet.c > @@ -32,206 +32,310 @@ > # error GNU_PROPERTY_X86_FEATURE_1_SHSTK !=3D X86_FEATURE_1_SHSTK > #endif > > -/* Check if object M is compatible with CET. */ > +struct dl_cet_info > +{ > + const char *program; > + > + /* Check how IBT and SHSTK should be enabled. */ > + enum dl_x86_cet_control enable_ibt_type; > + enum dl_x86_cet_control enable_shstk_type; > + > + /* If IBT and SHSTK were previously enabled. */ > + unsigned int feature_1_enabled; > + > + /* If IBT and SHSTK should be enabled. */ > + unsigned int enable_feature_1; > + > + /* If there are any legacy shared object. */ > + unsigned int feature_1_legacy; > + > + /* Which shared object is the first legacy shared object. */ > + unsigned int feature_1_legacy_ibt; > + unsigned int feature_1_legacy_shstk; > +}; > + > +/* Check if the object M and its dependencies are legacy object. */ > > static void > -dl_cet_check (struct link_map *m, const char *program) > +dl_check_legacy_object (struct link_map *m, > + struct dl_cet_info *info) > { > - /* Check how IBT should be enabled. */ > - enum dl_x86_cet_control enable_ibt_type > - =3D GL(dl_x86_feature_control).ibt; > - /* Check how SHSTK should be enabled. */ > - enum dl_x86_cet_control enable_shstk_type > - =3D GL(dl_x86_feature_control).shstk; > - > - /* No legacy object check if both IBT and SHSTK are always on. */ > - if (enable_ibt_type =3D=3D cet_always_on > - && enable_shstk_type =3D=3D cet_always_on) > + unsigned int i; > + struct link_map *l =3D NULL; > + > + i =3D m->l_searchlist.r_nlist; > + while (i-- > 0) > { > - THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)= ); > - return; > - } > + /* Check each shared object to see if IBT and SHSTK are enabled. = */ > + l =3D m->l_initfini[i]; > > - /* Check if IBT is enabled by kernel. */ > - bool ibt_enabled > - =3D (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0; > - /* Check if SHSTK is enabled by kernel. */ > - bool shstk_enabled > - =3D (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_SHSTK) !=3D 0= ; > + if (l->l_init_called) > + continue; > > - if (ibt_enabled || shstk_enabled) > - { > - struct link_map *l =3D NULL; > - unsigned int ibt_legacy =3D 0, shstk_legacy =3D 0; > - bool found_ibt_legacy =3D false, found_shstk_legacy =3D false; > - > - /* Check if IBT and SHSTK are enabled in object. */ > - bool enable_ibt =3D (ibt_enabled > - && enable_ibt_type !=3D cet_always_off); > - bool enable_shstk =3D (shstk_enabled > - && enable_shstk_type !=3D cet_always_off); > - if (program) > +#ifdef SHARED > + /* Skip check for ld.so since it has the features enabled. The > + features will be disabled later if they are not enabled in > + executable. */ > + if (l =3D=3D &GL(dl_rtld_map) > + || l->l_real =3D=3D &GL(dl_rtld_map) > + || (info->program !=3D NULL && l =3D=3D m)) > + continue; > +#endif > + > + /* IBT and SHSTK set only if enabled in executable and all DSOs. > + NB: cet_always_on is handled outside of the loop. */ > + info->enable_feature_1 &=3D ((l->l_x86_feature_1_and > + & (GNU_PROPERTY_X86_FEATURE_1_IBT > + | GNU_PROPERTY_X86_FEATURE_1_SHSTK)) > + | ~(GNU_PROPERTY_X86_FEATURE_1_IBT > + | GNU_PROPERTY_X86_FEATURE_1_SHSTK))= ; > + if ((info->feature_1_legacy > + & GNU_PROPERTY_X86_FEATURE_1_IBT) =3D=3D 0 > + && ((info->enable_feature_1 > + & GNU_PROPERTY_X86_FEATURE_1_IBT) > + !=3D (info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_IBT))) > { > - /* Enable IBT and SHSTK only if they are enabled in executable. > - NB: IBT and SHSTK may be disabled by environment variable: > - > - GLIBC_TUNABLES=3Dglibc.cpu.hwcaps=3D-IBT,-SHSTK > - */ > - enable_ibt &=3D (CPU_FEATURE_USABLE (IBT) > - && (enable_ibt_type =3D=3D cet_always_on > - || (m->l_x86_feature_1_and > - & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0= )); > - enable_shstk &=3D (CPU_FEATURE_USABLE (SHSTK) > - && (enable_shstk_type =3D=3D cet_always_on > - || (m->l_x86_feature_1_and > - & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != =3D 0)); > + info->feature_1_legacy_ibt =3D i; > + info->feature_1_legacy |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > } > > - /* ld.so is CET-enabled by kernel. But shared objects may not > - support IBT nor SHSTK. */ > - if (enable_ibt || enable_shstk) > - { > - unsigned int i; > + if ((info->feature_1_legacy > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) =3D=3D 0 > + && ((info->enable_feature_1 > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) > + !=3D (info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK))) > + { > + info->feature_1_legacy_shstk =3D i; > + info->feature_1_legacy |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + } > + } > > - i =3D m->l_searchlist.r_nlist; > - while (i-- > 0) > - { > - /* Check each shared object to see if IBT and SHSTK are > - enabled. */ > - l =3D m->l_initfini[i]; > + /* Handle cet_always_on. */ > + if ((info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0 > + && info->enable_ibt_type =3D=3D cet_always_on) > + { > + info->feature_1_legacy &=3D ~GNU_PROPERTY_X86_FEATURE_1_IBT; > + info->enable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > + } > > - if (l->l_init_called) > - continue; > + if ((info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) !=3D 0 > + && info->enable_shstk_type =3D=3D cet_always_on) > + { > + info->feature_1_legacy &=3D ~GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + info->enable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + } > +} > > #ifdef SHARED > - /* Skip CET check for ld.so since ld.so is CET-enabled. > - CET will be disabled later if CET isn't enabled in > - executable. */ > - if (l =3D=3D &GL(dl_rtld_map) > - || l->l_real =3D=3D &GL(dl_rtld_map) > - || (program && l =3D=3D m)) > - continue; > +/* Enable IBT and SHSTK only if they are enabled in executable. Set > + feature bits properly at the start of the program. */ > + > +static void > +dl_cet_check_startup (struct link_map *m, struct dl_cet_info *info) > +{ > + /* NB: IBT and SHSTK may be disabled by environment variable: > + > + GLIBC_TUNABLES=3Dglibc.cpu.hwcaps=3D-IBT,-SHSTK. > + */ > + if (CPU_FEATURE_USABLE (IBT)) > + { > + if (info->enable_ibt_type =3D=3D cet_always_on) > + info->enable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > + else > + info->enable_feature_1 &=3D ((m->l_x86_feature_1_and > + & GNU_PROPERTY_X86_FEATURE_1_IBT) > + | ~GNU_PROPERTY_X86_FEATURE_1_IBT); > + } > + else > + info->enable_feature_1 &=3D ~GNU_PROPERTY_X86_FEATURE_1_IBT; > + > + if (CPU_FEATURE_USABLE (SHSTK)) > + { > + if (info->enable_shstk_type =3D=3D cet_always_on) > + info->enable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + else > + info->enable_feature_1 &=3D ((m->l_x86_feature_1_and > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) > + | ~GNU_PROPERTY_X86_FEATURE_1_SHSTK); > + } > + else > + info->enable_feature_1 &=3D ~GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + > + if (info->enable_feature_1 !=3D 0) > + dl_check_legacy_object (m, info); > + > + unsigned int disable_feature_1 > + =3D info->enable_feature_1 ^ info->feature_1_enabled; > + if (disable_feature_1 !=3D 0) > + { > + /* Disable features in the kernel because of legacy objects or > + cet_always_off. */ > + if (dl_cet_disable_cet (disable_feature_1) !=3D 0) > + _dl_fatal_printf ("%s: can't disable x86 Features\n", > + info->program); > + > + /* Clear the disabled bits. Sync dl_x86_feature_1 and > + info->feature_1_enabled with info->enable_feature_1. */ > + info->feature_1_enabled =3D info->enable_feature_1; > + GL(dl_x86_feature_1) =3D info->enable_feature_1; > + } > + > + if (HAS_CPU_FEATURE (IBT) || HAS_CPU_FEATURE (SHSTK)) > + { > + /* Lock CET features only if IBT or SHSTK are enabled and are not > + enabled permissively. */ > + unsigned int feature_1_lock =3D 0; > + > + if (((info->feature_1_enabled & GNU_PROPERTY_X86_FEATURE_1_IBT) > + !=3D 0) > + && info->enable_ibt_type !=3D cet_permissive) > + feature_1_lock |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > + > + if (((info->feature_1_enabled & GNU_PROPERTY_X86_FEATURE_1_SHSTK) > + !=3D 0) > + && info->enable_shstk_type !=3D cet_permissive) > + feature_1_lock |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + > + if (feature_1_lock !=3D 0 > + && dl_cet_lock_cet () !=3D 0) > + _dl_fatal_printf ("%s: can't lock CET\n", info->program); > + } > + > + THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)); > +} > #endif > > - /* IBT is enabled only if it is enabled in executable as > - well as all shared objects. */ > - enable_ibt &=3D (enable_ibt_type =3D=3D cet_always_on > - || (l->l_x86_feature_1_and > - & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0= ); > - if (!found_ibt_legacy && enable_ibt !=3D ibt_enabled) > - { > - found_ibt_legacy =3D true; > - ibt_legacy =3D i; > - } > - > - /* SHSTK is enabled only if it is enabled in executable as > - well as all shared objects. */ > - enable_shstk &=3D (enable_shstk_type =3D=3D cet_always_on > - || (l->l_x86_feature_1_and > - & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != =3D 0); > - if (enable_shstk !=3D shstk_enabled) > - { > - found_shstk_legacy =3D true; > - shstk_legacy =3D i; > - } > - } > - } > +/* Check feature bits when dlopening the shared object M. */ > + > +static void > +dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info) > +{ > + /* Check if there are any legacy objects loaded. */ > + if (info->enable_feature_1 !=3D 0) > + { > + dl_check_legacy_object (m, info); > > - bool cet_feature_changed =3D false; > + /* Skip if there are no legacy shared objects loaded. */ > + if (info->feature_1_legacy =3D=3D 0) > + return; > + } > > - if (enable_ibt !=3D ibt_enabled || enable_shstk !=3D shstk_enabled= ) > - { > - if (!program) > - { > - if (enable_ibt_type !=3D cet_permissive) > - { > - /* When IBT is enabled, we cannot dlopen a shared > - object without IBT. */ > - if (found_ibt_legacy) > - _dl_signal_error (0, > - m->l_initfini[ibt_legacy]->l_name, > - "dlopen", > - N_("rebuild shared object with IBT = support enabled")); > - } > - > - if (enable_shstk_type !=3D cet_permissive) > - { > - /* When SHSTK is enabled, we cannot dlopen a shared > - object without SHSTK. */ > - if (found_shstk_legacy) > - _dl_signal_error (0, > - m->l_initfini[shstk_legacy]->l_name= , > - "dlopen", > - N_("rebuild shared object with SHST= K support enabled")); > - } > - > - if (enable_ibt_type !=3D cet_permissive > - && enable_shstk_type !=3D cet_permissive) > - return; > - } > - > - /* Disable IBT and/or SHSTK if they are enabled by kernel, but > - disabled in executable or shared objects. */ > - unsigned int cet_feature =3D 0; > - > - if (!enable_ibt) > - cet_feature |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > - if (!enable_shstk) > - cet_feature |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > - > - int res =3D dl_cet_disable_cet (cet_feature); > - if (res !=3D 0) > - { > - if (program) > - _dl_fatal_printf ("%s: can't disable CET\n", program); > - else > - { > - if (found_ibt_legacy) > - l =3D m->l_initfini[ibt_legacy]; > - else > - l =3D m->l_initfini[shstk_legacy]; > - _dl_signal_error (-res, l->l_name, "dlopen", > - N_("can't disable CET")); > - } > - } > - > - /* Clear the disabled bits in dl_x86_feature_1. */ > - GL(dl_x86_feature_1) &=3D ~cet_feature; > - > - cet_feature_changed =3D true; > - } > + unsigned int disable_feature_1 =3D 0; > + unsigned int legacy_obj =3D 0; > + const char *msg =3D NULL; > > -#ifdef SHARED > - if (program && (ibt_enabled || shstk_enabled)) > + if ((info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0 > + && (info->feature_1_legacy > + & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0) > + { > + if (info->enable_ibt_type !=3D cet_permissive) > { > - if ((!ibt_enabled > - || enable_ibt_type !=3D cet_permissive) > - && (!shstk_enabled > - || enable_shstk_type !=3D cet_permissive)) > - { > - /* Lock CET if IBT or SHSTK is enabled in executable unless > - IBT or SHSTK is enabled permissively. */ > - int res =3D dl_cet_lock_cet (); > - if (res !=3D 0) > - _dl_fatal_printf ("%s: can't lock CET\n", program); > - } > - > - /* Set feature_1 if IBT or SHSTK is enabled in executable. */ > - cet_feature_changed =3D true; > + legacy_obj =3D info->feature_1_legacy_ibt; > + msg =3D N_("rebuild shared object with IBT support enabled"); > } > -#endif > + else > + disable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > + } > > - if (cet_feature_changed) > + /* Check the next feature only if there is no error. */ > + if (msg =3D=3D NULL > + && (info->feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) !=3D 0 > + && (info->feature_1_legacy > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK) !=3D 0) > + { > + if (info->enable_shstk_type !=3D cet_permissive) > { > - unsigned int feature_1 =3D 0; > - if (enable_ibt) > - feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_IBT; > - if (enable_shstk) > - feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > - struct pthread *self =3D THREAD_SELF; > - THREAD_SETMEM (self, header.feature_1, feature_1); > + legacy_obj =3D info->feature_1_legacy_shstk; > + msg =3D N_("rebuild shared object with SHSTK support enabled"); > } > + else > + disable_feature_1 |=3D GNU_PROPERTY_X86_FEATURE_1_SHSTK; > + } > + > + /* If there is an error, long jump back to the caller. */ > + if (msg !=3D NULL) > + _dl_signal_error (0, m->l_initfini[legacy_obj]->l_name, "dlopen", > + msg); > + > + if (disable_feature_1 !=3D 0) > + { > + int res =3D dl_cet_disable_cet (disable_feature_1); > + if (res) > + { > + if ((disable_feature_1 > + & GNU_PROPERTY_X86_FEATURE_1_IBT) !=3D 0) > + msg =3D N_("can't disable IBT"); > + else > + msg =3D N_("can't disable SHSTK"); > + /* Long jump back to the caller on error. */ > + _dl_signal_error (-res, m->l_initfini[legacy_obj]->l_name, > + "dlopen", msg); > + } > + > + /* Clear the disabled bits in dl_x86_feature_1. */ > + GL(dl_x86_feature_1) &=3D ~disable_feature_1; > + > + THREAD_SETMEM (THREAD_SELF, header.feature_1, > + GL(dl_x86_feature_1)); > + } > +} > + > +static void > +dl_cet_check (struct link_map *m, const char *program) > +{ > + struct dl_cet_info info; > + > + /* Check how IBT and SHSTK should be enabled. */ > + info.enable_ibt_type =3D GL(dl_x86_feature_control).ibt; > + info.enable_shstk_type =3D GL(dl_x86_feature_control).shstk; > + > + info.feature_1_enabled =3D GL(dl_x86_feature_1); > + > + /* No legacy object check if IBT and SHSTK are always on. */ > + if (info.enable_ibt_type =3D=3D cet_always_on > + && info.enable_shstk_type =3D=3D cet_always_on) > + { > +#ifdef SHARED > + /* Set it only during startup. */ > + if (program !=3D NULL) > + THREAD_SETMEM (THREAD_SELF, header.feature_1, > + info.feature_1_enabled); > +#endif > + return; > } > + > + /* Check if IBT and SHSTK were enabled by kernel. */ > + if (info.feature_1_enabled =3D=3D 0) > + return; > + > + info.program =3D program; > + > + /* Check which features should be enabled. */ > + info.enable_feature_1 =3D 0; > + if (info.enable_ibt_type !=3D cet_always_off) > + info.enable_feature_1 |=3D (info.feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_IBT); > + if (info.enable_shstk_type !=3D cet_always_off) > + info.enable_feature_1 |=3D (info.feature_1_enabled > + & GNU_PROPERTY_X86_FEATURE_1_SHSTK); > + > + /* Start with no legacy objects. */ > + info.feature_1_legacy =3D 0; > + info.feature_1_legacy_ibt =3D 0; > + info.feature_1_legacy_shstk =3D 0; > + > +#ifdef SHARED > + if (program) > + dl_cet_check_startup (m, &info); > + else > +#endif > + dl_cet_check_dlopen (m, &info); > } > > void > -- > 2.43.0 > I will check it in tomorrow if there is no objection. --=20 H.J.