See comment for details. Works around a GCC-9 bug which breaks the build on Ubuntu.
Reported-by: Jason Andryuk <jandr...@gmail.com> Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com> --- CC: Jan Beulich <jbeul...@suse.com> CC: Wei Liu <w...@xen.org> CC: Roger Pau Monné <roger....@citrix.com> CC: Jason Andryuk <jandr...@gmail.com> CC: Stefan Bader <stefan.ba...@canonical.com> Sorry for messing you around with how to fix this. I'd neglected to consider the CONFIG_LIVEPATCH interaction. With that extra observation, there is no point having the extra complexity given that the result with CET-IBT and Retpoline still isn't usable. --- xen/arch/x86/arch.mk | 9 +++++++++ xen/arch/x86/boot/build32.mk | 1 + 2 files changed, 10 insertions(+) diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index 2a51553edb..93e30e4bea 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -67,6 +67,15 @@ CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables +# Xen doesn't support CET-IBT yet. At a minimum, logic is required to +# enable it for supervisor use, but the Livepatch functionality needs +# to learn not to overwrite ENDBR64 instructions. +# +# Furthermore, Ubuntu enables -fcf-protection by default, along with a +# buggy version of GCC-9 which objects to it in combination with +# -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) + # If supported by the compiler, reduce stack alignment to 8 bytes. But allow # this to be overridden elsewhere. $(call cc-option-add,CFLAGS-stack-boundary,CC,-mpreferred-stack-boundary=3) diff --git a/xen/arch/x86/boot/build32.mk b/xen/arch/x86/boot/build32.mk index 48c7407c00..5a00755512 100644 --- a/xen/arch/x86/boot/build32.mk +++ b/xen/arch/x86/boot/build32.mk @@ -3,6 +3,7 @@ CFLAGS = include $(XEN_ROOT)/Config.mk $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS)) +$(call cc-option-add,CFLAGS,CC,-fcf-protection=none) CFLAGS += -Werror -fno-asynchronous-unwind-tables -fno-builtin -g0 -msoft-float CFLAGS += -I$(XEN_ROOT)/xen/include -- 2.11.0
