From nobody Fri Apr 19 06:34:01 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail(p=none dis=none) header.from=citrix.com ARC-Seal: i=1; a=rsa-sha256; t=1589378214; cv=none; d=zohomail.com; s=zohoarc; b=CAxcLd6cRl44vnNoHQZ+OKc1+jCmQnJn69MaJNxIltpANAGUSHrg5isJqayqOL5P6edSfWewomxaiFUz38mBbUr6e4wkCewLhcH87rTIq3Ff+r1aitJX4psfBni5wX9NH3gCYGpv9ByDv2E8UWKFU/OChv6r5VpfuqHMVCpRFWQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1589378214; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ZaBnQoZOurQXyMKptqzDQfeXj/xJwCX+lAdmn58zYv4=; b=SvFhPYKczNGLCThxoITci1bqD6cj8yoT/4PZjEn/jZ8nf1TLbFkqU1uRNFafqS3Nxj2GSX8PlqyWMkjCWXT95xgTWo3At6gBtmEk6MNvCrxHwBkNWrGTOHeEViQTSVJbvdb4JSLBJ49vz41kj0FQ60fKY/GfjrrCdbnx/Y6Uxso= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) smtp.mailfrom=xen-devel-bounces@lists.xenproject.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) by mx.zohomail.com with SMTPS id 1589378214304327.39290391988015; Wed, 13 May 2020 06:56:54 -0700 (PDT) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jYrrt-0007QO-NU; Wed, 13 May 2020 13:56:17 +0000 Received: from all-amaz-eas1.inumbo.com ([34.197.232.57] helo=us1-amaz-eas2.inumbo.com) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1jYrrs-0007Q3-Il for xen-devel@lists.xenproject.org; Wed, 13 May 2020 13:56:16 +0000 Received: from esa3.hc3370-68.iphmx.com (unknown [216.71.145.155]) by us1-amaz-eas2.inumbo.com (Halon) with ESMTPS id 8230159a-9521-11ea-a380-12813bfff9fa; Wed, 13 May 2020 13:56:14 +0000 (UTC) X-Inumbo-ID: 8230159a-9521-11ea-a380-12813bfff9fa DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=citrix.com; s=securemail; t=1589378174; h=from:to:cc:subject:date:message-id:in-reply-to: references:mime-version:content-transfer-encoding; bh=8RnL7r04wvQLuEkyA1mIyz1nkfFjDGCWQxNcNfagCt4=; b=ZAUpL6SGJN70VJrjN95xxkbFv72q4A9LB6XFIAxMfvOspzlOQ8aJMrSl qf5Pk7h5xJB/847sxJ7fJN4RWXriqPJ2mfvKceHysGyH8kfxNea+FFOTy Kb98X7+8A7fCONSaxMzwOgnhw0GOx1cLf4HwbVdANgHFe2c28QXADvWgv o=; Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates 192.237.175.120 as permitted sender) client-ip=192.237.175.120; envelope-from=xen-devel-bounces@lists.xenproject.org; helo=lists.xenproject.org; Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of andrew.cooper3@citrix.com) identity=pra; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="andrew.cooper3@citrix.com"; x-conformance=sidf_compatible Received-SPF: Pass (esa3.hc3370-68.iphmx.com: domain of Andrew.Cooper3@citrix.com designates 162.221.158.21 as permitted sender) identity=mailfrom; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="Andrew.Cooper3@citrix.com"; x-conformance=sidf_compatible; x-record-type="v=spf1"; x-record-text="v=spf1 ip4:209.167.231.154 ip4:178.63.86.133 ip4:195.66.111.40/30 ip4:85.115.9.32/28 ip4:199.102.83.4 ip4:192.28.146.160 ip4:192.28.146.107 ip4:216.52.6.88 ip4:216.52.6.188 ip4:162.221.158.21 ip4:162.221.156.83 ip4:168.245.78.127 ~all" Received-SPF: None (esa3.hc3370-68.iphmx.com: no sender authenticity information available from domain of postmaster@mail.citrix.com) identity=helo; client-ip=162.221.158.21; receiver=esa3.hc3370-68.iphmx.com; envelope-from="Andrew.Cooper3@citrix.com"; x-sender="postmaster@mail.citrix.com"; x-conformance=sidf_compatible Authentication-Results: esa3.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none; spf=None smtp.pra=andrew.cooper3@citrix.com; spf=Pass smtp.mailfrom=Andrew.Cooper3@citrix.com; spf=None smtp.helo=postmaster@mail.citrix.com; dmarc=pass (p=none dis=none) d=citrix.com IronPort-SDR: OsZHGwfRCQDDywVu6pe+akW9kNGwoP1VbEawUh6mupPmhbra4dTE2Wkq/TDp83Nyg35LMQwdDF EAUHT7MDR8Rr14GUtC91sVg+NymN6Wo26BdluIh8gS5yS74tz1ccbOYmMyv78NMLzHvwd5mDNV QLJZj2LrdftePKEu2Nq5xsYzY7tMelU4LP9jLwwWY2930tnXeFZgEQhzRhpA6Qijbbtk0RXdYB glhefavSDmxxep4W9jeZ5AY3wkQfwAMOW/ceNWY3rN5rks5bKvJQpiWXr3ZXw75Tyu4Dk1RHfH bgE= X-SBRS: 2.7 X-MesageID: 17414537 X-Ironport-Server: esa3.hc3370-68.iphmx.com X-Remote-IP: 162.221.158.21 X-Policy: $RELAYED X-IronPort-AV: E=Sophos;i="5.73,387,1583211600"; d="scan'208";a="17414537" From: Andrew Cooper To: Xen-devel Subject: [PATCH] x86/build: Unilaterally disable -fcf-protection Date: Wed, 13 May 2020 14:55:52 +0100 Message-ID: <20200513135552.24329-3-andrew.cooper3@citrix.com> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20200513135552.24329-1-andrew.cooper3@citrix.com> References: <20200513135552.24329-1-andrew.cooper3@citrix.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: xen-devel@lists.xenproject.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Cc: Wei Liu , Jason Andryuk , Andrew Cooper , Stefan Bader , Jan Beulich , =?UTF-8?q?Roger=20Pau=20Monn=C3=A9?= Errors-To: xen-devel-bounces@lists.xenproject.org Sender: "Xen-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable= it for supervisor use, but the livepatch functionality needs to learn not to overwrite ENDBR64 instructions. Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy version of GCC-9 which objects to it in combination with -mindirect-branch=3Dthunk-extern (Fixed in GCC 10, 9.4). Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the beginning of the object. These paths explode when .note.gnu.properties gets put ahead of .text and we end up executing the notes data. Disable -fcf-protection for all embedded objects. Reported-by: Jason Andryuk Signed-off-by: Andrew Cooper Reviewed-by: Jan Beulich Reviewed-by: Jason Andryuk --- CC: Jan Beulich CC: Wei Liu CC: Roger Pau Monn=C3=A9 CC: Jason Andryuk CC: Stefan Bader v2: * Fix Rombios 32 stubs as well. --- Config.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/Config.mk b/Config.mk index b0f16680f3..7d556aed30 100644 --- a/Config.mk +++ b/Config.mk @@ -205,6 +205,7 @@ APPEND_CFLAGS +=3D $(foreach i, $(APPEND_INCLUDES), -I$= (i)) =20 EMBEDDED_EXTRA_CFLAGS :=3D -nopie -fno-stack-protector -fno-stack-protecto= r-all EMBEDDED_EXTRA_CFLAGS +=3D -fno-exceptions -fno-asynchronous-unwind-tables +EMBEDDED_EXTRA_CFLAGS +=3D -fcf-protection=3Dnone =20 XEN_EXTFILES_URL ?=3D http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on --=20 2.11.0