x86/cet: Don't disable CET if not single threaded

In permissive mode, don't disable IBT nor SHSTK when dlopening a legacy
shared library if not single threaded since IBT and SHSTK may be still
enabled in other threads.  Other threads with IBT or SHSTK enabled will
crash when calling functions in the legacy shared library.  Instead, an
error will be issued.

diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index 67c51ee8c2dd09f6d5ea06d10a3afb77d26c8b20..e486e549be54fd9a72233f4740ba0f3251364dc7 100644 (file)
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -20,6 +20,7 @@
 #include <libintl.h>
 #include <ldsodefs.h>
 #include <dl-cet.h>
+#include <sys/single_threaded.h>
 
 /* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
    are defined in <elf.h>, which are only available for C sources.
@@ -233,7 +234,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info)
       && (info->feature_1_legacy
          & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0)
     {
-      if (info->enable_ibt_type != cet_permissive)
+      /* Don't disable IBT if not single threaded since IBT may be still
+        enabled in other threads.  */
+      if (info->enable_ibt_type != cet_permissive
+         || !SINGLE_THREAD_P)
        {
          legacy_obj = info->feature_1_legacy_ibt;
          msg = N_("rebuild shared object with IBT support enabled");
@@ -249,7 +253,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info)
       && (info->feature_1_legacy
          & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0)
     {
-      if (info->enable_shstk_type != cet_permissive)
+      /* Don't disable SHSTK if not single threaded since SHSTK may be
+         still enabled in other threads.  */
+      if (info->enable_shstk_type != cet_permissive
+         || !SINGLE_THREAD_P)
        {
          legacy_obj = info->feature_1_legacy_shstk;
          msg = N_("rebuild shared object with SHSTK support enabled");