/* x86 CET initializers function.
   Copyright (C) 2018 Free Software Foundation, Inc.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <http://www.gnu.org/licenses/>.  */

#include <unistd.h>
#include <errno.h>
#include <libintl.h>
#include <ldsodefs.h>
#include <dl-cet.h>

/* GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
   are defined in <elf.h>, which are only available for C sources.
   X86_FEATURE_1_IBT and X86_FEATURE_1_SHSTK are defined in <sysdep.h>
   which are available for both C and asm sources.  They must match.   */
#if GNU_PROPERTY_X86_FEATURE_1_IBT != X86_FEATURE_1_IBT
# error GNU_PROPERTY_X86_FEATURE_1_IBT != X86_FEATURE_1_IBT
#endif
#if GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK
# error GNU_PROPERTY_X86_FEATURE_1_SHSTK != X86_FEATURE_1_SHSTK
#endif

/* Check if object M is compatible with CET.  */

static void
dl_cet_check (struct link_map *m, const char *program)
{
  /* Check how IBT should be enabled.  */
  enum dl_x86_cet_control enable_ibt_type
    = GL(dl_x86_feature_control).ibt;
  /* Check how SHSTK should be enabled.  */
  enum dl_x86_cet_control enable_shstk_type
    = GL(dl_x86_feature_control).shstk;

  /* No legacy object check if both IBT and SHSTK are always on.  */
  if (enable_ibt_type == cet_always_on
      && enable_shstk_type == cet_always_on)
    return;

  /* Check if IBT is enabled by kernel.  */
  bool ibt_enabled
    = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_IBT) != 0;
  /* Check if SHSTK is enabled by kernel.  */
  bool shstk_enabled
    = (GL(dl_x86_feature_1) & GNU_PROPERTY_X86_FEATURE_1_SHSTK) != 0;

  if (ibt_enabled || shstk_enabled)
    {
      struct link_map *l = NULL;
      unsigned int ibt_legacy = 0, shstk_legacy = 0;
      bool found_ibt_legacy = false, found_shstk_legacy = false;

      /* Check if IBT and SHSTK are enabled in object.  */
      bool enable_ibt = (ibt_enabled
			 && enable_ibt_type != cet_always_off);
      bool enable_shstk = (shstk_enabled
			   && enable_shstk_type != cet_always_off);
      if (program)
	{
	  /* Enable IBT and SHSTK only if they are enabled in executable.
	     NB: IBT and SHSTK may be disabled by environment variable:

	     GLIBC_TUNABLES=glibc.tune.hwcaps=-IBT,-SHSTK
	   */
	  enable_ibt &= (HAS_CPU_FEATURE (IBT)
			 && (enable_ibt_type == cet_always_on
			     || (m->l_cet & lc_ibt) != 0));
	  enable_shstk &= (HAS_CPU_FEATURE (SHSTK)
			   && (enable_shstk_type == cet_always_on
			       || (m->l_cet & lc_shstk) != 0));
	}

      /* ld.so is CET-enabled by kernel.  But shared objects may not
	 support IBT nor SHSTK.  */
      if (enable_ibt || enable_shstk)
	{
	  unsigned int i;

	  i = m->l_searchlist.r_nlist;
	  while (i-- > 0)
	    {
	      /* Check each shared object to see if IBT and SHSTK are
		 enabled.  */
	      l = m->l_initfini[i];

	      if (l->l_init_called)
		continue;

#ifdef SHARED
	      /* Skip CET check for ld.so since ld.so is CET-enabled.
		 CET will be disabled later if CET isn't enabled in
		 executable.  */
	      if (l == &GL(dl_rtld_map)
		  ||  l->l_real == &GL(dl_rtld_map)
		  || (program && l == m))
		continue;
#endif

	      /* IBT is enabled only if it is enabled in executable as
		 well as all shared objects.  */
	      enable_ibt &= (enable_ibt_type == cet_always_on
			     || (l->l_cet & lc_ibt) != 0);
	      if (!found_ibt_legacy && enable_ibt != ibt_enabled)
		{
		  found_ibt_legacy = true;
		  ibt_legacy = i;
		}

	      /* SHSTK is enabled only if it is enabled in executable as
		 well as all shared objects.  */
	      enable_shstk &= (enable_shstk_type == cet_always_on
			       || (l->l_cet & lc_shstk) != 0);
	      if (enable_shstk != shstk_enabled)
		{
		  found_shstk_legacy = true;
		  shstk_legacy = i;
		}
	    }
	}

      bool cet_feature_changed = false;

      if (enable_ibt != ibt_enabled || enable_shstk != shstk_enabled)
	{
	  if (!program)
	    {
	      if (enable_ibt_type != cet_permissive)
		{
		  /* When IBT is enabled, we cannot dlopen a shared
		     object without IBT.  */
		  if (found_ibt_legacy)
		    _dl_signal_error (0,
				      m->l_initfini[ibt_legacy]->l_name,
				      "dlopen",
				      N_("rebuild shared object with IBT support enabled"));
		}

	      if (enable_shstk_type != cet_permissive)
		{
		  /* When SHSTK is enabled, we cannot dlopen a shared
		     object without SHSTK.  */
		  if (found_shstk_legacy)
		    _dl_signal_error (0,
				      m->l_initfini[shstk_legacy]->l_name,
				      "dlopen",
				      N_("rebuild shared object with SHSTK support enabled"));
		}

	      if (enable_ibt_type != cet_permissive
		  && enable_shstk_type != cet_permissive)
		return;
	    }

	  /* Disable IBT and/or SHSTK if they are enabled by kernel, but
	     disabled in executable or shared objects.  */
	  unsigned int cet_feature = 0;

	  if (!enable_ibt)
	    cet_feature |= GNU_PROPERTY_X86_FEATURE_1_IBT;
	  if (!enable_shstk)
	    cet_feature |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;

	  int res = dl_cet_disable_cet (cet_feature);
	  if (res != 0)
	    {
	      if (program)
		_dl_fatal_printf ("%s: can't disable CET\n", program);
	      else
		{
		  if (found_ibt_legacy)
		    l = m->l_initfini[ibt_legacy];
		  else
		    l = m->l_initfini[shstk_legacy];
		  _dl_signal_error (-res, l->l_name, "dlopen",
				    N_("can't disable CET"));
		}
	    }

	  /* Clear the disabled bits in dl_x86_feature_1.  */
	  GL(dl_x86_feature_1) &= ~cet_feature;

	  cet_feature_changed = true;
	}

#ifdef SHARED
      if (program && (ibt_enabled || shstk_enabled))
	{
	  if ((!ibt_enabled
	       || enable_ibt_type != cet_permissive)
	      && (!shstk_enabled
		  || enable_shstk_type != cet_permissive))
	    {
	      /* Lock CET if IBT or SHSTK is enabled in executable unless
	         IBT or SHSTK is enabled permissively.  */
	      int res = dl_cet_lock_cet ();
	      if (res != 0)
		_dl_fatal_printf ("%s: can't lock CET\n", program);
	    }

	  /* Set feature_1 if IBT or SHSTK is enabled in executable.  */
	  cet_feature_changed = true;
	}
#endif

      if (cet_feature_changed)
	{
	  unsigned int feature_1 = 0;
	  if (enable_ibt)
	    feature_1 |= GNU_PROPERTY_X86_FEATURE_1_IBT;
	  if (enable_shstk)
	    feature_1 |= GNU_PROPERTY_X86_FEATURE_1_SHSTK;
	  struct pthread *self = THREAD_SELF;
	  THREAD_SETMEM (self, header.feature_1, feature_1);
	}
    }
}

void
_dl_cet_open_check (struct link_map *l)
{
  dl_cet_check (l, NULL);
}

#ifdef SHARED

# ifndef LINKAGE
#  define LINKAGE
# endif

LINKAGE
void
_dl_cet_check (struct link_map *main_map, const char *program)
{
  dl_cet_check (main_map, program);
}
#endif /* SHARED */