| Message ID | 20220307132651.25691-1-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | x86/cet: Force -fno-jump-tables for CET-IBT | expand |
On 07.03.2022 14:26, Andrew Cooper wrote: > Both GCC and Clang have a (mis)feature where, even with > -fcf-protection=branch, jump tables are created using a notrack jump rather > than using endbr's in each case statement. > > This is incompatible with the safety properties we want in Xen, and enforced > by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. > > -fno-jump-tables is generally active as a side effect of > CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: > introduce option to select retpoline usage"), we explicitly support turning > retpoline off. > > Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f6fc852b5767..8e57476d6573 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -51,7 +51,10 @@ CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk endif ifdef CONFIG_XEN_IBT -CFLAGS += -fcf-protection=branch -mmanual-endbr +# Force -fno-jump-tables to work around +# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 +# https://github.com/llvm/llvm-project/issues/54247 +CFLAGS += -fcf-protection=branch -mmanual-endbr -fno-jump-tables $(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none)
Both GCC and Clang have a (mis)feature where, even with -fcf-protection=branch, jump tables are created using a notrack jump rather than using endbr's in each case statement. This is incompatible with the safety properties we want in Xen, and enforced by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr]. -fno-jump-tables is generally active as a side effect of CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig: introduce option to select retpoline usage"), we explicitly support turning retpoline off. Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT") Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Wei Liu <wl@xen.org> --- xen/arch/x86/arch.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)