[PATCH v3 7/9] x86/cet: Don't disable CET if not single threaded

H.J. Lu hjl.tools@gmail.com
Tue Dec 19 16:16:42 GMT 2023 

On Tue, Dec 19, 2023 at 8:08 AM H.J. Lu <hjl.tools@gmail.com> wrote:
>
> In permissive mode, don't disable IBT nor SHSTK when dlopening a legacy
> shared library if not single threaded since IBT and SHSTK may be still
> enabled in other threads.  Other threads with IBT or SHSTK enabled will
> crash when calling functions in the legacy shared library.  Instead, an
> error will be issued.
> ---
>  sysdeps/x86/dl-cet.c | 11 +++++++++--
>  1 file changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
> index f40f8e17b0..25add215f2 100644
> --- a/sysdeps/x86/dl-cet.c
> +++ b/sysdeps/x86/dl-cet.c
> @@ -20,6 +20,7 @@
>  #include <libintl.h>
>  #include <ldsodefs.h>
>  #include <dl-cet.h>
> +#include <sys/single_threaded.h>
>
>  /* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
>     are defined in <elf.h>, which are only available for C sources.
> @@ -204,7 +205,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info)
>        && (info->feature_1_legacy
>           & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0)
>      {
> -      if (info->enable_ibt_type != cet_permissive)
> +      /* Don't disable IBT if not single threaded since IBT may be still
> +        enabled in other threads.  */
> +      if (info->enable_ibt_type != cet_permissive
> +         || !SINGLE_THREAD_P)
>         {
>           legacy_obj = info->feature_1_legacy_ibt;
>           msg = N_("rebuild shared object with IBT support enabled");
> @@ -220,7 +224,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info)
>        && (info->feature_1_legacy
>           & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0)
>      {
> -      if (info->enable_shstk_type != cet_permissive)
> +      /* Don't disable SHSTK if not single threaded since SHSTK may be
> +         still enabled in other threads.  */
> +      if (info->enable_shstk_type != cet_permissive
> +         || !SINGLE_THREAD_P)
>         {
>           legacy_obj = info->feature_1_legacy_shstk;
>           msg = N_("rebuild shared object with SHSTK support enabled");
> --
> 2.43.0
>

I will check it in tomorrow if there is no objection.

-- 
H.J.

More information about the Libc-alpha mailing list