| Message ID | 20231219160740.3079330-8-hjl.tools@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | x86/cet: Update CET kernel interface | expand |
On Tue, Dec 19, 2023 at 8:08 AM H.J. Lu <hjl.tools@gmail.com> wrote: > > In permissive mode, don't disable IBT nor SHSTK when dlopening a legacy > shared library if not single threaded since IBT and SHSTK may be still > enabled in other threads. Other threads with IBT or SHSTK enabled will > crash when calling functions in the legacy shared library. Instead, an > error will be issued. > --- > sysdeps/x86/dl-cet.c | 11 +++++++++-- > 1 file changed, 9 insertions(+), 2 deletions(-) > > diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c > index f40f8e17b0..25add215f2 100644 > --- a/sysdeps/x86/dl-cet.c > +++ b/sysdeps/x86/dl-cet.c > @@ -20,6 +20,7 @@ > #include <libintl.h> > #include <ldsodefs.h> > #include <dl-cet.h> > +#include <sys/single_threaded.h> > > /* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK > are defined in <elf.h>, which are only available for C sources. > @@ -204,7 +205,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info) > && (info->feature_1_legacy > & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0) > { > - if (info->enable_ibt_type != cet_permissive) > + /* Don't disable IBT if not single threaded since IBT may be still > + enabled in other threads. */ > + if (info->enable_ibt_type != cet_permissive > + || !SINGLE_THREAD_P) > { > legacy_obj = info->feature_1_legacy_ibt; > msg = N_("rebuild shared object with IBT support enabled"); > @@ -220,7 +224,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info) > && (info->feature_1_legacy > & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0) > { > - if (info->enable_shstk_type != cet_permissive) > + /* Don't disable SHSTK if not single threaded since SHSTK may be > + still enabled in other threads. */ > + if (info->enable_shstk_type != cet_permissive > + || !SINGLE_THREAD_P) > { > legacy_obj = info->feature_1_legacy_shstk; > msg = N_("rebuild shared object with SHSTK support enabled"); > -- > 2.43.0 > I will check it in tomorrow if there is no objection.
diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c index f40f8e17b0..25add215f2 100644 --- a/sysdeps/x86/dl-cet.c +++ b/sysdeps/x86/dl-cet.c @@ -20,6 +20,7 @@ #include <libintl.h> #include <ldsodefs.h> #include <dl-cet.h> +#include <sys/single_threaded.h> /* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK are defined in <elf.h>, which are only available for C sources. @@ -204,7 +205,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info) && (info->feature_1_legacy & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0) { - if (info->enable_ibt_type != cet_permissive) + /* Don't disable IBT if not single threaded since IBT may be still + enabled in other threads. */ + if (info->enable_ibt_type != cet_permissive + || !SINGLE_THREAD_P) { legacy_obj = info->feature_1_legacy_ibt; msg = N_("rebuild shared object with IBT support enabled"); @@ -220,7 +224,10 @@ dl_cet_check_dlopen (struct link_map *m, struct dl_cet_info *info) && (info->feature_1_legacy & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0) { - if (info->enable_shstk_type != cet_permissive) + /* Don't disable SHSTK if not single threaded since SHSTK may be + still enabled in other threads. */ + if (info->enable_shstk_type != cet_permissive + || !SINGLE_THREAD_P) { legacy_obj = info->feature_1_legacy_shstk; msg = N_("rebuild shared object with SHSTK support enabled");