[v2] build: use -fcf-protection=none when available

[SeaBIOS] [PATCH v2] build: use -fcf-protection=none when available

Posted by Christian Ehrhardt 4 years, 1 month ago

Some hardened gcc v9 compilers (such as the one in Ubuntu)
default this option which for seabios leads to emulation errors
when running in KVM (does not trigger in TCG) on older intel
chips of the Penryn generation (~2006-2008).

The symptom appears as endbr32/endbr64 interpretation failures
and in KVM it looks like:
  KVM internal error. Suberror: 1
  emulation failure
  EAX=00000000 EBX=00000000 ECX=000086d4 EDX=00000000
  ESI=00000000 EDI=00000000 EBP=000086d4 ESP=00006d7c
  EIP=00007acf EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
  ES =0000 00000000 ffffffff 00809300
  CS =f000 000f0000 ffffffff 00809b00
  SS =0000 00000000 ffffffff 00809300
  DS =0000 00000000 ffffffff 00809300
  FS =0000 00000000 ffffffff 00809300
  GS =0000 00000000 ffffffff 00809300
  LDT=0000 00000000 0000ffff 00008200
  TR =0000 00000000 0000ffff 00008b00
  GDT=     000f6200 00000037
  IDT=     00000000 000003ff
  CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
  DR0=0000000000000000 DR1=0000000000000000
  DR2=0000000000000000 DR3=0000000000000000
  DR6=00000000ffff0ff0 DR7=0000000000000400
  EFER=0000000000000000
  Code=b8 90 d9 00 00 66 e8 6b f7 ff ff 66 b8 0a 00 00
       00 e9 61 f2 <f3> 0f 1e fb 66 57 66 56 66 53 66 53
       66 89 c7 67 66 89 14 24 66 89 ce 66 e8 15 f8 ff ff 88

URL: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 5f7d5370..9e8188e5 100644
--- a/Makefile
+++ b/Makefile
@@ -69,6 +69,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
 COMMONCFLAGS += $(call cc-option,$(CC),-fno-stack-protector-all,)
 COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,)
 COMMONCFLAGS += $(call cc-option,$(CC),-Wno-address-of-packed-member,)
+COMMONCFLAGS += $(call cc-option,$(CC),-fcf-protection=none,)
 COMMA := ,
 
 CFLAGS32FLAT := $(COMMONCFLAGS) -DMODE16=0 -DMODESEGMENT=0
-- 
2.25.1
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

[SeaBIOS] Re: [PATCH v2] build: use -fcf-protection=none when available

Posted by Christian Ehrhardt 3 years, 11 months ago

On Fri, Mar 20, 2020 at 9:38 AM Christian Ehrhardt
<christian.ehrhardt@canonical.com> wrote:
>
> Some hardened gcc v9 compilers (such as the one in Ubuntu)
> default this option which for seabios leads to emulation errors
> when running in KVM (does not trigger in TCG) on older intel
> chips of the Penryn generation (~2006-2008).

Hi,
other than the request to add "endbr32/endbr64 interpretation
failures" to the commit message there was no other feedback.
This was done in v2 and since then nothing happened, therefore I
wanted to ping if this can be accepted into master?

> The symptom appears as endbr32/endbr64 interpretation failures
> and in KVM it looks like:
>   KVM internal error. Suberror: 1
>   emulation failure
>   EAX=00000000 EBX=00000000 ECX=000086d4 EDX=00000000
>   ESI=00000000 EDI=00000000 EBP=000086d4 ESP=00006d7c
>   EIP=00007acf EFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
>   ES =0000 00000000 ffffffff 00809300
>   CS =f000 000f0000 ffffffff 00809b00
>   SS =0000 00000000 ffffffff 00809300
>   DS =0000 00000000 ffffffff 00809300
>   FS =0000 00000000 ffffffff 00809300
>   GS =0000 00000000 ffffffff 00809300
>   LDT=0000 00000000 0000ffff 00008200
>   TR =0000 00000000 0000ffff 00008b00
>   GDT=     000f6200 00000037
>   IDT=     00000000 000003ff
>   CR0=00000010 CR2=00000000 CR3=00000000 CR4=00000000
>   DR0=0000000000000000 DR1=0000000000000000
>   DR2=0000000000000000 DR3=0000000000000000
>   DR6=00000000ffff0ff0 DR7=0000000000000400
>   EFER=0000000000000000
>   Code=b8 90 d9 00 00 66 e8 6b f7 ff ff 66 b8 0a 00 00
>        00 e9 61 f2 <f3> 0f 1e fb 66 57 66 56 66 53 66 53
>        66 89 c7 67 66 89 14 24 66 89 ce 66 e8 15 f8 ff ff 88
>
> URL: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1866870
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
> ---
>  Makefile | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/Makefile b/Makefile
> index 5f7d5370..9e8188e5 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -69,6 +69,7 @@ COMMONCFLAGS += $(call cc-option,$(CC),-fno-stack-protector,)
>  COMMONCFLAGS += $(call cc-option,$(CC),-fno-stack-protector-all,)
>  COMMONCFLAGS += $(call cc-option,$(CC),-fstack-check=no,)
>  COMMONCFLAGS += $(call cc-option,$(CC),-Wno-address-of-packed-member,)
> +COMMONCFLAGS += $(call cc-option,$(CC),-fcf-protection=none,)
>  COMMA := ,
>
>  CFLAGS32FLAT := $(COMMONCFLAGS) -DMODE16=0 -DMODESEGMENT=0
> --
> 2.25.1
>


-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org

[SeaBIOS] Re: [PATCH v2] build: use -fcf-protection=none when available

Posted by Kevin O'Connor 3 years, 11 months ago

On Tue, May 12, 2020 at 12:58:31PM +0200, Christian Ehrhardt wrote:
> On Fri, Mar 20, 2020 at 9:38 AM Christian Ehrhardt
> <christian.ehrhardt@canonical.com> wrote:
> >
> > Some hardened gcc v9 compilers (such as the one in Ubuntu)
> > default this option which for seabios leads to emulation errors
> > when running in KVM (does not trigger in TCG) on older intel
> > chips of the Penryn generation (~2006-2008).
> 
> Hi,
> other than the request to add "endbr32/endbr64 interpretation
> failures" to the commit message there was no other feedback.
> This was done in v2 and since then nothing happened, therefore I
> wanted to ping if this can be accepted into master?

Thanks.  It's committed now.

-Kevin
_______________________________________________
SeaBIOS mailing list -- seabios@seabios.org
To unsubscribe send an email to seabios-leave@seabios.org