From 38418b0f65b631ce5e554538dede96c44be310a8 Mon Sep 17 00:00:00 2001
From: Yannis Juglaret <yjuglaret@mozilla.com>
Date: Sun, 9 Jun 2024 14:04:34 +0200
Subject: [PATCH] cpu-features: Ignore CET SS unless actively used

---
 gum/gum.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/gum/gum.c b/gum/gum.c
index 239c70d1f..0ff4e8fea 100644
--- a/gum/gum.c
+++ b/gum/gum.c
@@ -732,6 +732,9 @@ gum_do_query_cpu_features (void)
   gboolean cpu_supports_cet_ss = FALSE;
   gboolean os_enabled_xsave = FALSE;
   guint a, b, c, d;
+#ifdef HAVE_WINDOWS
+  PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
+#endif
 
   if (gum_get_cpuid (7, &a, &b, &c, &d))
   {
@@ -745,6 +748,20 @@ gum_do_query_cpu_features (void)
   if (cpu_supports_avx2 && os_enabled_xsave)
     features |= GUM_CPU_AVX2;
 
+#ifdef HAVE_WINDOWS
+  if (cpu_supports_cet_ss &&
+      GetProcessMitigationPolicy (
+        GetCurrentProcess (),
+        ProcessUserShadowStackPolicy,
+        &pol,
+        sizeof pol
+      ) &&
+      !pol.EnableUserShadowStack)
+  {
+    cpu_supports_cet_ss = FALSE;
+  }
+#endif
+
   if (cpu_supports_cet_ss)
     features |= GUM_CPU_CET_SS;