|
|
246e17 |
commit 674ea88294bfb8d89878a0ebbbcec38a85e118a5
|
|
|
246e17 |
Author: H.J. Lu <hjl.tools@gmail.com>
|
|
|
246e17 |
Date: Tue Apr 28 10:05:25 2020 -0700
|
|
|
246e17 |
|
|
|
246e17 |
x86: Move CET control to _dl_x86_feature_control [BZ #25887]
|
|
|
246e17 |
|
|
|
246e17 |
1. Include <dl-procruntime.c> to get architecture specific initializer in
|
|
|
246e17 |
rtld_global.
|
|
|
246e17 |
2. Change _dl_x86_feature_1[2] to _dl_x86_feature_1.
|
|
|
246e17 |
3. Add _dl_x86_feature_control after _dl_x86_feature_1, which is a
|
|
|
246e17 |
struct of 2 bitfields for IBT and SHSTK control
|
|
|
246e17 |
|
|
|
246e17 |
This fixes [BZ #25887].
|
|
|
246e17 |
---
|
|
|
246e17 |
|
|
|
246e17 |
diff --git a/elf/rtld.c b/elf/rtld.c
|
|
|
246e17 |
index e107bd1..7f030f7 100644
|
|
|
246e17 |
--- a/elf/rtld.c
|
|
|
246e17 |
+++ b/elf/rtld.c
|
|
|
246e17 |
@@ -230,6 +230,8 @@ rtld_hidden_def (_dl_starting_up)
|
|
|
246e17 |
(except those which cannot be added for some reason). */
|
|
|
246e17 |
struct rtld_global _rtld_global =
|
|
|
246e17 |
{
|
|
|
246e17 |
+ /* Get architecture specific initializer. */
|
|
|
246e17 |
+#include <dl-procruntime.c>
|
|
|
246e17 |
/* Generally the default presumption without further information is an
|
|
|
246e17 |
* executable stack but this is not true for all platforms. */
|
|
|
246e17 |
._dl_stack_flags = DEFAULT_STACK_PERMS,
|
|
|
246e17 |
diff --git a/sysdeps/i386/dl-machine.h b/sysdeps/i386/dl-machine.h
|
|
|
246e17 |
index f6cfb90..8c959e3 100644
|
|
|
246e17 |
--- a/sysdeps/i386/dl-machine.h
|
|
|
246e17 |
+++ b/sysdeps/i386/dl-machine.h
|
|
|
246e17 |
@@ -71,7 +71,7 @@ elf_machine_runtime_setup (struct link_map *l, int lazy, int profile)
|
|
|
246e17 |
extern void _dl_runtime_profile_shstk (Elf32_Word) attribute_hidden;
|
|
|
246e17 |
/* Check if SHSTK is enabled by kernel. */
|
|
|
246e17 |
bool shstk_enabled
|
|
|
246e17 |
- = (GL(dl_x86_feature_1)[0] & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0;
|
|
|
246e17 |
+ = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0;
|
|
|
246e17 |
|
|
|
246e17 |
if (l->l_info[DT_JMPREL] && lazy)
|
|
|
246e17 |
{
|
|
|
246e17 |
diff --git a/sysdeps/unix/sysv/linux/x86/cpu-features.c b/sysdeps/unix/sysv/linux/x86/cpu-features.c
|
|
|
246e17 |
index 8566a26..9f40624 100644
|
|
|
246e17 |
--- a/sysdeps/unix/sysv/linux/x86/cpu-features.c
|
|
|
246e17 |
+++ b/sysdeps/unix/sysv/linux/x86/cpu-features.c
|
|
|
246e17 |
@@ -36,7 +36,7 @@ static inline void
|
|
|
246e17 |
x86_setup_tls (void)
|
|
|
246e17 |
{
|
|
|
246e17 |
__libc_setup_tls ();
|
|
|
246e17 |
- THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1)[0]);
|
|
|
246e17 |
+ THREAD_SETMEM (THREAD_SELF, header.feature_1, GL(dl_x86_feature_1));
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
# define ARCH_SETUP_TLS() x86_setup_tls ()
|
|
|
246e17 |
diff --git a/sysdeps/x86/cet-control.h b/sysdeps/x86/cet-control.h
|
|
|
246e17 |
new file mode 100644
|
|
|
246e17 |
index 0000000..7b29f95
|
|
|
246e17 |
--- /dev/null
|
|
|
246e17 |
+++ b/sysdeps/x86/cet-control.h
|
|
|
246e17 |
@@ -0,0 +1,41 @@
|
|
|
246e17 |
+/* x86 CET tuning.
|
|
|
246e17 |
+ This file is part of the GNU C Library.
|
|
|
246e17 |
+ Copyright (C) 2018 Free Software Foundation, Inc.
|
|
|
246e17 |
+
|
|
|
246e17 |
+ The GNU C Library is free software; you can redistribute it and/or
|
|
|
246e17 |
+ modify it under the terms of the GNU Lesser General Public
|
|
|
246e17 |
+ License as published by the Free Software Foundation; either
|
|
|
246e17 |
+ version 2.1 of the License, or (at your option) any later version.
|
|
|
246e17 |
+
|
|
|
246e17 |
+ The GNU C Library is distributed in the hope that it will be useful,
|
|
|
246e17 |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
246e17 |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
246e17 |
+ Lesser General Public License for more details.
|
|
|
246e17 |
+
|
|
|
246e17 |
+ You should have received a copy of the GNU Lesser General Public
|
|
|
246e17 |
+ License along with the GNU C Library; if not, see
|
|
|
246e17 |
+ <http://www.gnu.org/licenses/>. */
|
|
|
246e17 |
+
|
|
|
246e17 |
+#ifndef _CET_CONTROL_H
|
|
|
246e17 |
+#define _CET_CONTROL_H
|
|
|
246e17 |
+
|
|
|
246e17 |
+/* For each CET feature, IBT and SHSTK, valid control values. */
|
|
|
246e17 |
+enum dl_x86_cet_control
|
|
|
246e17 |
+{
|
|
|
246e17 |
+ /* Enable CET features based on ELF property note. */
|
|
|
246e17 |
+ cet_elf_property = 0,
|
|
|
246e17 |
+ /* Always enable CET features. */
|
|
|
246e17 |
+ cet_always_on,
|
|
|
246e17 |
+ /* Always disable CET features. */
|
|
|
246e17 |
+ cet_always_off,
|
|
|
246e17 |
+ /* Enable CET features permissively. */
|
|
|
246e17 |
+ cet_permissive
|
|
|
246e17 |
+};
|
|
|
246e17 |
+
|
|
|
246e17 |
+struct dl_x86_feature_control
|
|
|
246e17 |
+{
|
|
|
246e17 |
+ enum dl_x86_cet_control ibt : 2;
|
|
|
246e17 |
+ enum dl_x86_cet_control shstk : 2;
|
|
|
246e17 |
+};
|
|
|
246e17 |
+
|
|
|
246e17 |
+#endif /* cet-control.h */
|
|
|
246e17 |
diff --git a/sysdeps/x86/cet-tunables.h b/sysdeps/x86/cet-tunables.h
|
|
|
246e17 |
deleted file mode 100644
|
|
|
246e17 |
index ca02305..0000000
|
|
|
246e17 |
--- a/sysdeps/x86/cet-tunables.h
|
|
|
246e17 |
+++ /dev/null
|
|
|
246e17 |
@@ -1,29 +0,0 @@
|
|
|
246e17 |
-/* x86 CET tuning.
|
|
|
246e17 |
- This file is part of the GNU C Library.
|
|
|
246e17 |
- Copyright (C) 2018 Free Software Foundation, Inc.
|
|
|
246e17 |
-
|
|
|
246e17 |
- The GNU C Library is free software; you can redistribute it and/or
|
|
|
246e17 |
- modify it under the terms of the GNU Lesser General Public
|
|
|
246e17 |
- License as published by the Free Software Foundation; either
|
|
|
246e17 |
- version 2.1 of the License, or (at your option) any later version.
|
|
|
246e17 |
-
|
|
|
246e17 |
- The GNU C Library is distributed in the hope that it will be useful,
|
|
|
246e17 |
- but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
246e17 |
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
246e17 |
- Lesser General Public License for more details.
|
|
|
246e17 |
-
|
|
|
246e17 |
- You should have received a copy of the GNU Lesser General Public
|
|
|
246e17 |
- License along with the GNU C Library; if not, see
|
|
|
246e17 |
- <http://www.gnu.org/licenses/>. */
|
|
|
246e17 |
-
|
|
|
246e17 |
-/* Valid control values:
|
|
|
246e17 |
- 0: Enable CET features based on ELF property note.
|
|
|
246e17 |
- 1: Always disable CET features.
|
|
|
246e17 |
- 2: Always enable CET features.
|
|
|
246e17 |
- 3: Enable CET features permissively.
|
|
|
246e17 |
- */
|
|
|
246e17 |
-#define CET_ELF_PROPERTY 0
|
|
|
246e17 |
-#define CET_ALWAYS_OFF 1
|
|
|
246e17 |
-#define CET_ALWAYS_ON 2
|
|
|
246e17 |
-#define CET_PERMISSIVE 3
|
|
|
246e17 |
-#define CET_MAX CET_PERMISSIVE
|
|
|
246e17 |
diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
|
|
|
246e17 |
index 4695ac8..ac74f40 100644
|
|
|
246e17 |
--- a/sysdeps/x86/cpu-features.c
|
|
|
246e17 |
+++ b/sysdeps/x86/cpu-features.c
|
|
|
246e17 |
@@ -39,7 +39,6 @@ extern void TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *)
|
|
|
246e17 |
|
|
|
246e17 |
#if CET_ENABLED
|
|
|
246e17 |
# include <dl-cet.h>
|
|
|
246e17 |
-# include <cet-tunables.h>
|
|
|
246e17 |
#endif
|
|
|
246e17 |
|
|
|
246e17 |
static void
|
|
|
246e17 |
@@ -490,7 +489,7 @@ no_cpuid:
|
|
|
246e17 |
|
|
|
246e17 |
if (cet_status)
|
|
|
246e17 |
{
|
|
|
246e17 |
- GL(dl_x86_feature_1)[0] = cet_status;
|
|
|
246e17 |
+ GL(dl_x86_feature_1) = cet_status;
|
|
|
246e17 |
|
|
|
246e17 |
# ifndef SHARED
|
|
|
246e17 |
/* Check if IBT and SHSTK are enabled by kernel. */
|
|
|
246e17 |
@@ -514,14 +513,13 @@ no_cpuid:
|
|
|
246e17 |
|
|
|
246e17 |
/* Clear the disabled bits in dl_x86_feature_1. */
|
|
|
246e17 |
if (res == 0)
|
|
|
246e17 |
- GL(dl_x86_feature_1)[0] &= ~cet_feature;
|
|
|
246e17 |
+ GL(dl_x86_feature_1) &= ~cet_feature;
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
/* Lock CET if IBT or SHSTK is enabled in executable. Don't
|
|
|
246e17 |
- lock CET if SHSTK is enabled permissively. */
|
|
|
246e17 |
- if (((GL(dl_x86_feature_1)[1] >> CET_MAX)
|
|
|
246e17 |
- & ((1 << CET_MAX) - 1))
|
|
|
246e17 |
- != CET_PERMISSIVE)
|
|
|
246e17 |
+ lock CET if IBT or SHSTK is enabled permissively. */
|
|
|
246e17 |
+ if (GL(dl_x86_feature_control).ibt != cet_permissive
|
|
|
246e17 |
+ && GL(dl_x86_feature_control).shstk != cet_permissive)
|
|
|
246e17 |
dl_cet_lock_cet ();
|
|
|
246e17 |
}
|
|
|
246e17 |
# endif
|
|
|
246e17 |
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
|
|
|
246e17 |
index 69155a8..fad6726 100644
|
|
|
246e17 |
--- a/sysdeps/x86/cpu-tunables.c
|
|
|
246e17 |
+++ b/sysdeps/x86/cpu-tunables.c
|
|
|
246e17 |
@@ -336,28 +336,18 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
# if CET_ENABLED
|
|
|
246e17 |
-# include <cet-tunables.h>
|
|
|
246e17 |
|
|
|
246e17 |
attribute_hidden
|
|
|
246e17 |
void
|
|
|
246e17 |
TUNABLE_CALLBACK (set_x86_ibt) (tunable_val_t *valp)
|
|
|
246e17 |
{
|
|
|
246e17 |
if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= CET_ALWAYS_ON;
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).ibt = cet_always_on;
|
|
|
246e17 |
else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= CET_ALWAYS_OFF;
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).ibt = cet_always_off;
|
|
|
246e17 |
else if (DEFAULT_MEMCMP (valp->strval, "permissive",
|
|
|
246e17 |
sizeof ("permissive")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~((1 << CET_MAX) - 1);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= CET_PERMISSIVE;
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).ibt = cet_permissive;
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
attribute_hidden
|
|
|
246e17 |
@@ -365,21 +355,12 @@ void
|
|
|
246e17 |
TUNABLE_CALLBACK (set_x86_shstk) (tunable_val_t *valp)
|
|
|
246e17 |
{
|
|
|
246e17 |
if (DEFAULT_MEMCMP (valp->strval, "on", sizeof ("on")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_ON << CET_MAX);
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).shstk = cet_always_on;
|
|
|
246e17 |
else if (DEFAULT_MEMCMP (valp->strval, "off", sizeof ("off")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= (CET_ALWAYS_OFF << CET_MAX);
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).shstk = cet_always_off;
|
|
|
246e17 |
else if (DEFAULT_MEMCMP (valp->strval, "permissive",
|
|
|
246e17 |
sizeof ("permissive")) == 0)
|
|
|
246e17 |
- {
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] &= ~(((1 << CET_MAX) - 1) << CET_MAX);
|
|
|
246e17 |
- GL(dl_x86_feature_1)[1] |= (CET_PERMISSIVE << CET_MAX);
|
|
|
246e17 |
- }
|
|
|
246e17 |
+ GL(dl_x86_feature_control).shstk = cet_permissive;
|
|
|
246e17 |
}
|
|
|
246e17 |
# endif
|
|
|
246e17 |
#endif
|
|
|
246e17 |
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
|
|
|
246e17 |
index 627d937..ebc0d57 100644
|
|
|
246e17 |
--- a/sysdeps/x86/dl-cet.c
|
|
|
246e17 |
+++ b/sysdeps/x86/dl-cet.c
|
|
|
246e17 |
@@ -20,7 +20,6 @@
|
|
|
246e17 |
#include <libintl.h>
|
|
|
246e17 |
#include <ldsodefs.h>
|
|
|
246e17 |
#include <dl-cet.h>
|
|
|
246e17 |
-#include <cet-tunables.h>
|
|
|
246e17 |
|
|
|
246e17 |
/* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
|
|
|
246e17 |
are defined in <elf.h>, which are only available for C sources.
|
|
|
246e17 |
@@ -39,23 +38,23 @@ static void
|
|
|
246e17 |
dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
{
|
|
|
246e17 |
/* Check how IBT should be enabled. */
|
|
|
246e17 |
- unsigned int enable_ibt_type
|
|
|
246e17 |
- = GL(dl_x86_feature_1)[1] & ((1 << CET_MAX) - 1);
|
|
|
246e17 |
+ enum dl_x86_cet_control enable_ibt_type
|
|
|
246e17 |
+ = GL(dl_x86_feature_control).ibt;
|
|
|
246e17 |
/* Check how SHSTK should be enabled. */
|
|
|
246e17 |
- unsigned int enable_shstk_type
|
|
|
246e17 |
- = ((GL(dl_x86_feature_1)[1] >> CET_MAX) & ((1 << CET_MAX) - 1));
|
|
|
246e17 |
+ enum dl_x86_cet_control enable_shstk_type
|
|
|
246e17 |
+ = GL(dl_x86_feature_control).shstk;
|
|
|
246e17 |
|
|
|
246e17 |
/* No legacy object check if both IBT and SHSTK are always on. */
|
|
|
246e17 |
- if (enable_ibt_type == CET_ALWAYS_ON
|
|
|
246e17 |
- && enable_shstk_type == CET_ALWAYS_ON)
|
|
|
246e17 |
+ if (enable_ibt_type == cet_always_on
|
|
|
246e17 |
+ && enable_shstk_type == cet_always_on)
|
|
|
246e17 |
return;
|
|
|
246e17 |
|
|
|
246e17 |
/* Check if IBT is enabled by kernel. */
|
|
|
246e17 |
bool ibt_enabled
|
|
|
246e17 |
- = (GL(dl_x86_feature_1)[0] & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0;
|
|
|
246e17 |
+ = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0;
|
|
|
246e17 |
/* Check if SHSTK is enabled by kernel. */
|
|
|
246e17 |
bool shstk_enabled
|
|
|
246e17 |
- = (GL(dl_x86_feature_1)[0] & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0;
|
|
|
246e17 |
+ = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0;
|
|
|
246e17 |
|
|
|
246e17 |
if (ibt_enabled || shstk_enabled)
|
|
|
246e17 |
{
|
|
|
246e17 |
@@ -65,9 +64,9 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
|
|
|
246e17 |
/* Check if IBT and SHSTK are enabled in object. */
|
|
|
246e17 |
bool enable_ibt = (ibt_enabled
|
|
|
246e17 |
- && enable_ibt_type != CET_ALWAYS_OFF);
|
|
|
246e17 |
+ && enable_ibt_type != cet_always_off);
|
|
|
246e17 |
bool enable_shstk = (shstk_enabled
|
|
|
246e17 |
- && enable_shstk_type != CET_ALWAYS_OFF);
|
|
|
246e17 |
+ && enable_shstk_type != cet_always_off);
|
|
|
246e17 |
if (program)
|
|
|
246e17 |
{
|
|
|
246e17 |
/* Enable IBT and SHSTK only if they are enabled in executable.
|
|
|
246e17 |
@@ -76,10 +75,10 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
GLIBC_TUNABLES=glibc.tune.hwcaps=-IBT,-SHSTK
|
|
|
246e17 |
*/
|
|
|
246e17 |
enable_ibt &= (HAS_CPU_FEATURE (IBT)
|
|
|
246e17 |
- && (enable_ibt_type == CET_ALWAYS_ON
|
|
|
246e17 |
+ && (enable_ibt_type == cet_always_on
|
|
|
246e17 |
|| (m->l_cet & lc_ibt) != 0));
|
|
|
246e17 |
enable_shstk &= (HAS_CPU_FEATURE (SHSTK)
|
|
|
246e17 |
- && (enable_shstk_type == CET_ALWAYS_ON
|
|
|
246e17 |
+ && (enable_shstk_type == cet_always_on
|
|
|
246e17 |
|| (m->l_cet & lc_shstk) != 0));
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
@@ -111,7 +110,7 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
|
|
|
246e17 |
/* IBT is enabled only if it is enabled in executable as
|
|
|
246e17 |
well as all shared objects. */
|
|
|
246e17 |
- enable_ibt &= (enable_ibt_type == CET_ALWAYS_ON
|
|
|
246e17 |
+ enable_ibt &= (enable_ibt_type == cet_always_on
|
|
|
246e17 |
|| (l->l_cet & lc_ibt) != 0);
|
|
|
246e17 |
if (!found_ibt_legacy && enable_ibt != ibt_enabled)
|
|
|
246e17 |
{
|
|
|
246e17 |
@@ -121,7 +120,7 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
|
|
|
246e17 |
/* SHSTK is enabled only if it is enabled in executable as
|
|
|
246e17 |
well as all shared objects. */
|
|
|
246e17 |
- enable_shstk &= (enable_shstk_type == CET_ALWAYS_ON
|
|
|
246e17 |
+ enable_shstk &= (enable_shstk_type == cet_always_on
|
|
|
246e17 |
|| (l->l_cet & lc_shstk) != 0);
|
|
|
246e17 |
if (enable_shstk != shstk_enabled)
|
|
|
246e17 |
{
|
|
|
246e17 |
@@ -137,7 +136,7 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
{
|
|
|
246e17 |
if (!program)
|
|
|
246e17 |
{
|
|
|
246e17 |
- if (enable_ibt_type != CET_PERMISSIVE)
|
|
|
246e17 |
+ if (enable_ibt_type != cet_permissive)
|
|
|
246e17 |
{
|
|
|
246e17 |
/* When IBT is enabled, we cannot dlopen a shared
|
|
|
246e17 |
object without IBT. */
|
|
|
246e17 |
@@ -148,7 +147,7 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
N_("rebuild shared object with IBT support enabled"));
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
- if (enable_shstk_type != CET_PERMISSIVE)
|
|
|
246e17 |
+ if (enable_shstk_type != cet_permissive)
|
|
|
246e17 |
{
|
|
|
246e17 |
/* When SHSTK is enabled, we cannot dlopen a shared
|
|
|
246e17 |
object without SHSTK. */
|
|
|
246e17 |
@@ -159,8 +158,8 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
N_("rebuild shared object with SHSTK support enabled"));
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
- if (enable_ibt_type != CET_PERMISSIVE
|
|
|
246e17 |
- && enable_shstk_type != CET_PERMISSIVE)
|
|
|
246e17 |
+ if (enable_ibt_type != cet_permissive
|
|
|
246e17 |
+ && enable_shstk_type != cet_permissive)
|
|
|
246e17 |
return;
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
@@ -190,7 +189,7 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
}
|
|
|
246e17 |
|
|
|
246e17 |
/* Clear the disabled bits in dl_x86_feature_1. */
|
|
|
246e17 |
- GL(dl_x86_feature_1)[0] &= ~cet_feature;
|
|
|
246e17 |
+ GL(dl_x86_feature_1) &= ~cet_feature;
|
|
|
246e17 |
|
|
|
246e17 |
cet_feature_changed = true;
|
|
|
246e17 |
}
|
|
|
246e17 |
@@ -199,9 +198,9 @@ dl_cet_check (struct link_map *m, const char *program)
|
|
|
246e17 |
if (program && (ibt_enabled || shstk_enabled))
|
|
|
246e17 |
{
|
|
|
246e17 |
if ((!ibt_enabled
|
|
|
246e17 |
- || enable_ibt_type != CET_PERMISSIVE)
|
|
|
246e17 |
+ || enable_ibt_type != cet_permissive)
|
|
|
246e17 |
&& (!shstk_enabled
|
|
|
246e17 |
- || enable_shstk_type != CET_PERMISSIVE))
|
|
|
246e17 |
+ || enable_shstk_type != cet_permissive))
|
|
|
246e17 |
{
|
|
|
246e17 |
/* Lock CET if IBT or SHSTK is enabled in executable unless
|
|
|
246e17 |
IBT or SHSTK is enabled permissively. */
|
|
|
246e17 |
diff --git a/sysdeps/x86/dl-procruntime.c b/sysdeps/x86/dl-procruntime.c
|
|
|
246e17 |
index 920bfe8..26b2b39 100644
|
|
|
246e17 |
--- a/sysdeps/x86/dl-procruntime.c
|
|
|
246e17 |
+++ b/sysdeps/x86/dl-procruntime.c
|
|
|
246e17 |
@@ -47,7 +47,27 @@
|
|
|
246e17 |
# if !defined PROCINFO_DECL && defined SHARED
|
|
|
246e17 |
._dl_x86_feature_1
|
|
|
246e17 |
# else
|
|
|
246e17 |
-PROCINFO_CLASS unsigned int _dl_x86_feature_1[2]
|
|
|
246e17 |
+PROCINFO_CLASS unsigned int _dl_x86_feature_1
|
|
|
246e17 |
+# endif
|
|
|
246e17 |
+# ifndef PROCINFO_DECL
|
|
|
246e17 |
+= 0
|
|
|
246e17 |
+# endif
|
|
|
246e17 |
+# if !defined SHARED || defined PROCINFO_DECL
|
|
|
246e17 |
+;
|
|
|
246e17 |
+# else
|
|
|
246e17 |
+,
|
|
|
246e17 |
+# endif
|
|
|
246e17 |
+
|
|
|
246e17 |
+# if !defined PROCINFO_DECL && defined SHARED
|
|
|
246e17 |
+ ._dl_x86_feature_control
|
|
|
246e17 |
+# else
|
|
|
246e17 |
+PROCINFO_CLASS struct dl_x86_feature_control _dl_x86_feature_control
|
|
|
246e17 |
+# endif
|
|
|
246e17 |
+# ifndef PROCINFO_DECL
|
|
|
246e17 |
+= {
|
|
|
246e17 |
+ .ibt = cet_elf_property,
|
|
|
246e17 |
+ .shstk = cet_elf_property
|
|
|
246e17 |
+ }
|
|
|
246e17 |
# endif
|
|
|
246e17 |
# if !defined SHARED || defined PROCINFO_DECL
|
|
|
246e17 |
;
|
|
|
246e17 |
diff --git a/sysdeps/x86/ldsodefs.h b/sysdeps/x86/ldsodefs.h
|
|
|
246e17 |
index 0616215..54f6864 100644
|
|
|
246e17 |
--- a/sysdeps/x86/ldsodefs.h
|
|
|
246e17 |
+++ b/sysdeps/x86/ldsodefs.h
|
|
|
246e17 |
@@ -61,6 +61,7 @@ struct La_x32_retval;
|
|
|
246e17 |
struct La_x86_64_retval *, \
|
|
|
246e17 |
const char *)
|
|
|
246e17 |
|
|
|
246e17 |
+#include <cet-control.h>
|
|
|
246e17 |
#include_next <ldsodefs.h>
|
|
|
246e17 |
|
|
|
246e17 |
#endif
|
|
|
246e17 |
|