commit 04bba1e5d84b6fd8d3a3b006bc240cd5d241ee30 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Aug 5 13:51:56 2020 -0700 x86: Set CPU usable feature bits conservatively [BZ #26552] Set CPU usable feature bits only for CPU features which are usable in user space and whose usability can be detected from user space, excluding features like FSGSBASE whose enable bit can only be checked in the kernel. clears the usable bit of IBT and SHSTK since we don't know if IBT and SHSTK are usable much later. But there are: sysdeps/x86/cpu-features.c: if (!CPU_FEATURE_USABLE (IBT)) sysdeps/x86/cpu-features.c: if (!CPU_FEATURE_USABLE (SHSTK)) sysdeps/x86/dl-cet.c: enable_ibt &= (CPU_FEATURE_USABLE (IBT) sysdeps/x86/dl-cet.c: enable_shstk &= (CPU_FEATURE_USABLE (SHSTK) sysdeps/x86/tst-get-cpu-features.c: CHECK_CPU_FEATURE_USABLE (SHSTK); sysdeps/x86/tst-get-cpu-features.c: CHECK_CPU_FEATURE_USABLE (IBT);
Fixed by commit 94cd37ebb293321115a36a422b091fdb72d2fb08 Author: H.J. Lu <hjl.tools@gmail.com> Date: Wed Sep 16 05:27:32 2020 -0700 x86: Use HAS_CPU_FEATURE with IBT and SHSTK [BZ #26625]
This caused the regression since GLIBC_TUNABLES=glibc.cpu.hwcaps=-IBT,-SHSTK can no longer be used to disable IBT nor SHSTK. We should treat IBT and SHSTK as special cases: 1. Set usable feature bits if CPU supports it and CET is enabled. 2. Clears the usable feature bits for GLIBC_TUNABLES or kernel doesn't support it.
Fixed by commit 04dff6fc0d4ad44fc4491f89fed6574380b78251 Author: H.J. Lu <hjl.tools@gmail.com> Date: Tue Jan 26 20:48:45 2021 -0800 x86: Properly set usable CET feature bits [BZ #26625]