x86/cet: Don't set CET active by default

Not all CET enabled applications and libraries have been properly tested
in CET enabled environments.  Some CET enabled applications or libraries
will crash or misbehave when CET is enabled.  Don't set CET active by
default so that all applications and libraries will run normally regardless
of whether CET is active or not.  Shadow stack can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

at run-time if shadow stack can be enabled by kernel.

NB: This commit can be reverted if it is OK to enable CET by default for
all applications and libraries.

(cherry picked from commit 55d63e731253de82e96ed4ddca2e294076cd0bc5)

diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index c9132dbe2dbfd9eb29e5f62ed2106a56e72968f1..87845e9fe8e037192adc0fda4bfc584c8f2dda59 100644 (file)
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
   if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
     CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
 
-#if CET_ENABLED
+#if CET_ENABLED && 0
   CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
   CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
 #endif

diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 0d4f328585d8405d40f0bb0d7de07799fe9cde0c..c1441241427eb071e27b48770a6422bf21b583b4 100644 (file)
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -47,6 +47,17 @@ extern __typeof (memcmp) DEFAULT_MEMCMP;
       break;                                                           \
     }
 
+#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name, disable, len)        \
+  _Static_assert (sizeof (#name) - 1 == len, #name " != " #len);       \
+  if (!DEFAULT_MEMCMP (f, #name, len))                                 \
+    {                                                                  \
+      if (disable)                                                     \
+       CPU_FEATURE_UNSET (cpu_features, name)                          \
+      else                                                             \
+       CPU_FEATURE_SET_ACTIVE (cpu_features, name)                     \
+      break;                                                           \
+    }
+
 /* Disable a preferred feature NAME.  We don't enable a preferred feature
    which isn't available.  */
 #define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len)    \
@@ -162,11 +173,14 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
            }
          break;
        case 5:
+         {
+           CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, disable,
+                                       5);
+         }
          if (disable)
            {
              CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
              CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
-             CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
              CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
              CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
            }