From f670c75c3aec039e6b57b2e482c7205c9f8284ef Mon Sep 17 00:00:00 2001
From: Yannis Juglaret <yjuglaret@mozilla.com>
Date: Sun, 9 Jun 2024 14:04:34 +0200
Subject: [PATCH] cpu-features: Ignore CET SS unless actively used

---
 gum/gum.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/gum/gum.c b/gum/gum.c
index 239c70d1f1..14c9a8645a 100644
--- a/gum/gum.c
+++ b/gum/gum.c
@@ -732,6 +732,9 @@ gum_do_query_cpu_features (void)
   gboolean cpu_supports_cet_ss = FALSE;
   gboolean os_enabled_xsave = FALSE;
   guint a, b, c, d;
+#ifdef HAVE_WINDOWS
+  PROCESS_MITIGATION_USER_SHADOW_STACK_POLICY pol;
+#endif
 
   if (gum_get_cpuid (7, &a, &b, &c, &d))
   {
@@ -745,6 +748,19 @@ gum_do_query_cpu_features (void)
   if (cpu_supports_avx2 && os_enabled_xsave)
     features |= GUM_CPU_AVX2;
 
+#ifdef HAVE_WINDOWS
+  if (cpu_supports_cet_ss &&
+      GetProcessMitigationPolicy(
+        GetCurrentProcess(),
+        ProcessUserShadowStackPolicy,
+        &pol,
+        sizeof pol
+      ) &&
+      !pol.EnableUserShadowStack) {
+    cpu_supports_cet_ss = FALSE;
+  }
+#endif
+
   if (cpu_supports_cet_ss)
     features |= GUM_CPU_CET_SS;