diff options
author | Andrew Cooper <andrew.cooper3@citrix.com> | 2020-05-12 19:18:43 +0100 |
---|---|---|
committer | Andrew Cooper <andrew.cooper3@citrix.com> | 2020-05-13 20:33:42 +0100 |
commit | 3a218961b16f1f4feb1147f56338faf1ac8f5703 (patch) | |
tree | de87b358e17096521377b06db14896c3e6974079 /Config.mk | |
parent | 1a47731115c2c8eb510e135fa48ed51ad2e94a26 (diff) | |
download | xen-3a218961b16f1f4feb1147f56338faf1ac8f5703.tar.gz |
x86/build: Unilaterally disable -fcf-protection
Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it
for supervisor use, but the livepatch functionality needs to learn not to
overwrite ENDBR64 instructions.
Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
version of GCC-9 which objects to it in combination with
-mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
beginning of the object. These paths explode when .note.gnu.properties gets
put ahead of .text and we end up executing the notes data.
Disable -fcf-protection for all embedded objects.
Reported-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'Config.mk')
-rw-r--r-- | Config.mk | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on |