x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]

Update dl_cet_check() to set header.feature_1 in TCB when both IBT and SHSTK are always on. (cherry picked from commit 2ef23b520597f4ea1790a669b83e608f24f4cf12)
2025-04-06 14:10:30 +08:00 · 2021-01-12 19:00:13 -08:00 · 2021-01-12 19:00:13 -08:00 · 420ade1f64
commit 420ade1f64
parent 8493ba72b1
4 changed files with 13 additions and 1 deletions
--- a/1
+++ b/1
@ -42,6 +42,7 @@ The following bugs are resolved with this release:
  [25933] Off by one error in __strncmp_avx2
  [25976] nss_compat: internal_end*ent may clobber errno, hiding ERANGE
  [27130] "rep movsb" performance issue
+  [27177] GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on doesn't work

 Security related changes:

--- a/sysdeps/x86/Makefile
+++ b/sysdeps/x86/Makefile
@ -12,6 +12,12 @@ endif
 ifeq ($(subdir),setjmp)
 gen-as-const-headers += jmp_buf-ssp.sym
 sysdep_routines += __longjmp_cancel
+ifneq ($(enable-cet),no)
+ifneq ($(have-tunables),no)
+tests += tst-setjmp-cet
+tst-setjmp-cet-ENV = GLIBC_TUNABLES=glibc.cpu.x86_ibt=on:glibc.cpu.x86_shstk=on
+endif
+endif
 endif

 ifeq ($(enable-cet),yes)
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@ -105,7 +105,11 @@ dl_cet_check (struct link_map *m, const char *program)
  /* No legacy object check if both IBT and SHSTK are always on.  */
  if (enable_ibt_type == CET_ALWAYS_ON
      && enable_shstk_type == CET_ALWAYS_ON)
-    return;
+    {
+      THREAD_SETMEM (THREAD_SELF, header.feature_1,
+		     GL(dl_x86_feature_1)[0]);
+      return;
+    }

  /* Check if IBT is enabled by kernel.  */
  bool ibt_enabled
--- a/sysdeps/x86/tst-setjmp-cet.c
+++ b/sysdeps/x86/tst-setjmp-cet.c
@ -0,0 +1 @@
+#include <setjmp/tst-setjmp.c>