Message ID | 20200513135552.24329-3-andrew.cooper3@citrix.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | x86/build: Unilaterally disable -fcf-protection | expand |
On 13.05.2020 15:55, Andrew Cooper wrote: > Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it > for supervisor use, but the livepatch functionality needs to learn not to > overwrite ENDBR64 instructions. > > Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy > version of GCC-9 which objects to it in combination with > -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). > > Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the > beginning of the object. These paths explode when .note.gnu.properties gets > put ahead of .text and we end up executing the notes data. > > Disable -fcf-protection for all embedded objects. > > Reported-by: Jason Andryuk <jandryuk@gmail.com> > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> For the immediate purpose Reviewed-by: Jan Beulich <jbeulich@suse.com> I wonder however ... > --- a/Config.mk > +++ b/Config.mk > @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) > > EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all > EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables > +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none ... whether this isn't going to bite us once some of the consumers of this variable want to enable some different mode. Jan
On 13/05/2020 15:13, Jan Beulich wrote: > [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments unless you have verified the sender and know the content is safe. > > On 13.05.2020 15:55, Andrew Cooper wrote: >> Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it >> for supervisor use, but the livepatch functionality needs to learn not to >> overwrite ENDBR64 instructions. >> >> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy >> version of GCC-9 which objects to it in combination with >> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). >> >> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the >> beginning of the object. These paths explode when .note.gnu.properties gets >> put ahead of .text and we end up executing the notes data. >> >> Disable -fcf-protection for all embedded objects. >> >> Reported-by: Jason Andryuk <jandryuk@gmail.com> >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > For the immediate purpose > Reviewed-by: Jan Beulich <jbeulich@suse.com> Thanks. > > I wonder however ... > >> --- a/Config.mk >> +++ b/Config.mk >> @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) >> >> EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all >> EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables >> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none > ... whether this isn't going to bite us once some of the consumers > of this variable want to enable some different mode. I'm not overly happy with EMBEDDED_EXTRA_CFLAGS as a concept, but these build fixes do need backporting. All embedded targets may in principle use some/all of these options at some point in the future. ~Andrew
On Wed, May 13, 2020 at 9:56 AM Andrew Cooper <andrew.cooper3@citrix.com> wrote: > > Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it > for supervisor use, but the livepatch functionality needs to learn not to > overwrite ENDBR64 instructions. > > Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy > version of GCC-9 which objects to it in combination with > -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). > > Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the > beginning of the object. These paths explode when .note.gnu.properties gets > put ahead of .text and we end up executing the notes data. > > Disable -fcf-protection for all embedded objects. > > Reported-by: Jason Andryuk <jandryuk@gmail.com> > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jason Andryuk <jandryuk@gmail.com> I have not re-tested this posting, but I tested an equivalent change ~2 weeks ago (in case that counts for Tested-by). -Jason
diff --git a/Config.mk b/Config.mk index b0f16680f3..7d556aed30 100644 --- a/Config.mk +++ b/Config.mk @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i)) EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles # All the files at that location were downloaded from elsewhere on
Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it for supervisor use, but the livepatch functionality needs to learn not to overwrite ENDBR64 instructions. Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy version of GCC-9 which objects to it in combination with -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the beginning of the object. These paths explode when .note.gnu.properties gets put ahead of .text and we end up executing the notes data. Disable -fcf-protection for all embedded objects. Reported-by: Jason Andryuk <jandryuk@gmail.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Wei Liu <wl@xen.org> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Jason Andryuk <jandryuk@gmail.com> CC: Stefan Bader <stefan.bader@canonical.com> v2: * Fix Rombios 32 stubs as well. --- Config.mk | 1 + 1 file changed, 1 insertion(+)