x86/build: Unilaterally disable -fcf-protection
diff mbox series

Message ID 20200513135552.24329-3-andrew.cooper3@citrix.com
State New
Headers show
Series
  • x86/build: Unilaterally disable -fcf-protection
Related show

Commit Message

Andrew Cooper May 13, 2020, 1:55 p.m. UTC
Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
for supervisor use, but the livepatch functionality needs to learn not to
overwrite ENDBR64 instructions.

Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
version of GCC-9 which objects to it in combination with
-mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).

Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
beginning of the object.  These paths explode when .note.gnu.properties gets
put ahead of .text and we end up executing the notes data.

Disable -fcf-protection for all embedded objects.

Reported-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Jason Andryuk <jandryuk@gmail.com>
CC: Stefan Bader <stefan.bader@canonical.com>

v2:
 * Fix Rombios 32 stubs as well.
---
 Config.mk | 1 +
 1 file changed, 1 insertion(+)

Comments

Jan Beulich May 13, 2020, 2:13 p.m. UTC | #1
On 13.05.2020 15:55, Andrew Cooper wrote:
> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
> for supervisor use, but the livepatch functionality needs to learn not to
> overwrite ENDBR64 instructions.
> 
> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
> version of GCC-9 which objects to it in combination with
> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
> 
> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
> beginning of the object.  These paths explode when .note.gnu.properties gets
> put ahead of .text and we end up executing the notes data.
> 
> Disable -fcf-protection for all embedded objects.
> 
> Reported-by: Jason Andryuk <jandryuk@gmail.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

For the immediate purpose
Reviewed-by: Jan Beulich <jbeulich@suse.com>

I wonder however ...

> --- a/Config.mk
> +++ b/Config.mk
> @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
>  
>  EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
>  EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none

... whether this isn't going to bite us once some of the consumers
of this variable want to enable some different mode.

Jan
Andrew Cooper May 13, 2020, 2:40 p.m. UTC | #2
On 13/05/2020 15:13, Jan Beulich wrote:
> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments unless you have verified the sender and know the content is safe.
>
> On 13.05.2020 15:55, Andrew Cooper wrote:
>> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
>> for supervisor use, but the livepatch functionality needs to learn not to
>> overwrite ENDBR64 instructions.
>>
>> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
>> version of GCC-9 which objects to it in combination with
>> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
>>
>> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
>> beginning of the object.  These paths explode when .note.gnu.properties gets
>> put ahead of .text and we end up executing the notes data.
>>
>> Disable -fcf-protection for all embedded objects.
>>
>> Reported-by: Jason Andryuk <jandryuk@gmail.com>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> For the immediate purpose
> Reviewed-by: Jan Beulich <jbeulich@suse.com>

Thanks.

>
> I wonder however ...
>
>> --- a/Config.mk
>> +++ b/Config.mk
>> @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
>>  
>>  EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
>>  EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
>> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
> ... whether this isn't going to bite us once some of the consumers
> of this variable want to enable some different mode.

I'm not overly happy with EMBEDDED_EXTRA_CFLAGS as a concept, but these
build fixes do need backporting.

All embedded targets may in principle use some/all of these options at
some point in the future.

~Andrew
Jason Andryuk May 13, 2020, 2:54 p.m. UTC | #3
On Wed, May 13, 2020 at 9:56 AM Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>
> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
> for supervisor use, but the livepatch functionality needs to learn not to
> overwrite ENDBR64 instructions.
>
> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
> version of GCC-9 which objects to it in combination with
> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
>
> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
> beginning of the object.  These paths explode when .note.gnu.properties gets
> put ahead of .text and we end up executing the notes data.
>
> Disable -fcf-protection for all embedded objects.
>
> Reported-by: Jason Andryuk <jandryuk@gmail.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jason Andryuk <jandryuk@gmail.com>

I have not re-tested this posting, but I tested an equivalent change
~2 weeks ago (in case that counts for Tested-by).

-Jason

Patch
diff mbox series

diff --git a/Config.mk b/Config.mk
index b0f16680f3..7d556aed30 100644
--- a/Config.mk
+++ b/Config.mk
@@ -205,6 +205,7 @@  APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
 
 EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
 EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
+EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
 
 XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
 # All the files at that location were downloaded from elsewhere on