x86: Add --enable-cet=permissive

When CET is enabled, it is an error to dlopen a non CET enabled shared library in CET enabled application. It may be desirable to make CET permissive, that is disable CET when dlopening a non CET enabled shared library. With the new --enable-cet=permissive configure option, CET is disabled when dlopening a non CET enabled shared library. Add DEFAULT_DL_X86_CET_CONTROL to config.h.in: /* The default value of x86 CET control. */ #define DEFAULT_DL_X86_CET_CONTROL cet_elf_property which enables CET features based on ELF property note. --enable-cet=permissive it to /* The default value of x86 CET control. */ #define DEFAULT_DL_X86_CET_CONTROL cet_permissive which enables CET features permissively. Update tst-cet-legacy-5a, tst-cet-legacy-5b, tst-cet-legacy-6a and tst-cet-legacy-6b to check --enable-cet and --enable-cet=permissive.
2025-07-29 11:41:21 +03:00 · 2020-04-27 15:44:07 -07:00
parent ce12fc7113
commit 9e38f455a6
10 changed files with 96 additions and 59 deletions
--- a/sysdeps/x86/dl-procruntime.c
+++ b/sysdeps/x86/dl-procruntime.c
@ -65,8 +65,8 @@ PROCINFO_CLASS struct dl_x86_feature_control _dl_x86_feature_control
 # endif
 # ifndef PROCINFO_DECL
 = {
-    .ibt = cet_elf_property,
-    .shstk = cet_elf_property
+    .ibt = DEFAULT_DL_X86_CET_CONTROL,
+    .shstk = DEFAULT_DL_X86_CET_CONTROL,
  }
 # endif
 # if !defined SHARED || defined PROCINFO_DECL