From 38418b0f65b631ce5e554538dede96c44be310a8 Mon Sep 17 00:00:00 2001
From: Yannis Juglaret <yjuglaret@mozilla.com>
Date: Sun, 9 Jun 2024 14:04:34 +0200
Subject: [PATCH 1/2] cpu-features: Ignore CET SS unless actively used

---
 gum/gum.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gum/gum.c b/gum/gum.c
index 239c70d1f..0ff4e8fea 100644
--- a/gum/gum.c
+++ b/gum/gum.c
@@ -732,6 +732,9 @@ gum_do_query_cpu_features (void)
   gboolean cpu_supports_cet_ss = FALSE;
   gboolean os_enabled_xsave = FALSE;
   guint a, b, c, d;
+#ifdef HAVE_WINDOWS
+  PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
+#endif
 
   if (gum_get_cpuid (7, &a, &b, &c, &d))
   {
@@ -745,6 +748,20 @@ gum_do_query_cpu_features (void)
   if (cpu_supports_avx2 && os_enabled_xsave)
     features |= GUM_CPU_AVX2;
 
+#ifdef HAVE_WINDOWS
+  if (cpu_supports_cet_ss &&
+      GetProcessMitigationPolicy (
+        GetCurrentProcess (),
+        ProcessUserShadowStackPolicy,
+        &pol,
+        sizeof pol
+      ) &&
+      !pol.EnableUserShadowStack)
+  {
+    cpu_supports_cet_ss = FALSE;
+  }
+#endif
+
   if (cpu_supports_cet_ss)
     features |= GUM_CPU_CET_SS;
 

From d2dce8dfe0f02578b2d809190a24437fbb2ea261 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= <oleavr@gmail.com>
Date: Wed, 3 Jul 2024 22:44:14 +0200
Subject: [PATCH 2/2] Tweak style

---
 gum/gum.c | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/gum/gum.c b/gum/gum.c
index 0ff4e8fea..2e46efc33 100644
--- a/gum/gum.c
+++ b/gum/gum.c
@@ -732,9 +732,6 @@ gum_do_query_cpu_features (void)
   gboolean cpu_supports_cet_ss = FALSE;
   gboolean os_enabled_xsave = FALSE;
   guint a, b, c, d;
-#ifdef HAVE_WINDOWS
-  PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
-#endif
 
   if (gum_get_cpuid (7, &a, &b, &c, &d))
   {
@@ -749,16 +746,19 @@ gum_do_query_cpu_features (void)
     features |= GUM_CPU_AVX2;
 
 #ifdef HAVE_WINDOWS
-  if (cpu_supports_cet_ss &&
-      GetProcessMitigationPolicy (
-        GetCurrentProcess (),
-        ProcessUserShadowStackPolicy,
-        &pol,
-        sizeof pol
-      ) &&
-      !pol.EnableUserShadowStack)
   {
-    cpu_supports_cet_ss = FALSE;
+    PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
+
+    if (cpu_supports_cet_ss &&
+        GetProcessMitigationPolicy (
+          GetCurrentProcess (),
+          ProcessUserShadowStackPolicy,
+          &pol,
+          sizeof (pol)) &&
+        !pol.EnableUserShadowStack)
+    {
+      cpu_supports_cet_ss = FALSE;
+    }
   }
 #endif