x86: Properly set usable CET feature bits [BZ #26625]

commit 94cd37ebb293321115a36a422b091fdb72d2fb08
Author: H.J. Lu <hjl.tools@gmail.com>
Date:   Wed Sep 16 05:27:32 2020 -0700

    x86: Use HAS_CPU_FEATURE with IBT and SHSTK [BZ #26625]

broke

GLIBC_TUNABLES=glibc.cpu.hwcaps=-IBT,-SHSTK

since it can no longer disable IBT nor SHSTK.  Handle IBT and SHSTK with:

1. Revert commit 94cd37ebb293321115a36a422b091fdb72d2fb08.
2. Clears the usable CET feature bits if kernel doesn't support CET.
3. Add GLIBC_TUNABLES tests without dlopen.
4. Add tests to verify that CPU_FEATURE_USABLE on IBT and SHSTK matches
_get_ssp.
5. Update GLIBC_TUNABLES tests with dlopen to verify that CET is disabled
with GLIBC_TUNABLES.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/sysdeps/x86/dl-cet.c b/sysdeps/x86/dl-cet.c
index a63b9c7164..c74e577289 100644
--- a/sysdeps/x86/dl-cet.c
+++ b/sysdeps/x86/dl-cet.c
@@ -77,11 +77,11 @@ dl_cet_check (struct link_map *m, const char *program)
 
 	     GLIBC_TUNABLES=glibc.cpu.hwcaps=-IBT,-SHSTK
 	   */
-	  enable_ibt &= (HAS_CPU_FEATURE (IBT)
+	  enable_ibt &= (CPU_FEATURE_USABLE (IBT)
 			 && (enable_ibt_type == cet_always_on
 			     || (m->l_x86_feature_1_and
 				 & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0));
-	  enable_shstk &= (HAS_CPU_FEATURE (SHSTK)
+	  enable_shstk &= (CPU_FEATURE_USABLE (SHSTK)
 			   && (enable_shstk_type == cet_always_on
 			       || (m->l_x86_feature_1_and
 				   & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0));