From c35bffd52dceed849fa027d607c0671049ee1428 Mon Sep 17 00:00:00 2001
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 12 May 2023 13:52:16 -0700
Subject: [PATCH] x86/cet: Don't set CET active

Don't set CET active so that CET is disabled by default.  Shadow stack
can be enabled by

$ export GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK

if shadow stack can be enabled by kernel.
---
 sysdeps/x86/cpu-features.c |  2 +-
 sysdeps/x86/cpu-tunables.c | 17 ++++++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/sysdeps/x86/cpu-features.c b/sysdeps/x86/cpu-features.c
index 45bc7fcac3..490a7e38be 100644
--- a/sysdeps/x86/cpu-features.c
+++ b/sysdeps/x86/cpu-features.c
@@ -110,7 +110,7 @@ update_active (struct cpu_features *cpu_features)
   if (!CPU_FEATURES_CPU_P (cpu_features, RTM_ALWAYS_ABORT))
     CPU_FEATURE_SET_ACTIVE (cpu_features, RTM);
 
-#if CET_ENABLED
+#if CET_ENABLED && 0
   CPU_FEATURE_SET_ACTIVE (cpu_features, IBT);
   CPU_FEATURE_SET_ACTIVE (cpu_features, SHSTK);
 #endif
diff --git a/sysdeps/x86/cpu-tunables.c b/sysdeps/x86/cpu-tunables.c
index 0d4f328585..eb5d31821b 100644
--- a/sysdeps/x86/cpu-tunables.c
+++ b/sysdeps/x86/cpu-tunables.c
@@ -47,6 +47,18 @@ extern __typeof (memcmp) DEFAULT_MEMCMP;
       break;								\
     }
 
+#define CHECK_GLIBC_IFUNC_CPU_BOTH(f, cpu_features, name,		\
+				   disable, len)			\
+  _Static_assert (sizeof (#name) - 1 == len, #name " != " #len);	\
+  if (!DEFAULT_MEMCMP (f, #name, len))					\
+    {									\
+      if (disable)							\
+	CPU_FEATURE_UNSET (cpu_features, name)				\
+      else								\
+	CPU_FEATURE_SET_ACTIVE (cpu_features, name)			\
+      break;								\
+    }
+
 /* Disable a preferred feature NAME.  We don't enable a preferred feature
    which isn't available.  */
 #define CHECK_GLIBC_IFUNC_PREFERRED_OFF(f, cpu_features, name, len)	\
@@ -162,11 +174,14 @@ TUNABLE_CALLBACK (set_hwcaps) (tunable_val_t *valp)
 	    }
 	  break;
 	case 5:
+	  {
+	    CHECK_GLIBC_IFUNC_CPU_BOTH (n, cpu_features, SHSTK, disable,
+					5);
+	  }
 	  if (disable)
 	    {
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, LZCNT, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, MOVBE, 5);
-	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SHSTK, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, SSSE3, 5);
 	      CHECK_GLIBC_IFUNC_CPU_OFF (n, cpu_features, XSAVE, 5);
 	    }
-- 
2.40.1