On Wed, May 13, 2020 at 9:56 AM Andrew Cooper <andrew.coop...@citrix.com> wrote: > > Xen doesn't support CET-IBT yet. At a minimum, logic is required to enable it > for supervisor use, but the livepatch functionality needs to learn not to > overwrite ENDBR64 instructions. > > Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy > version of GCC-9 which objects to it in combination with > -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4). > > Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the > beginning of the object. These paths explode when .note.gnu.properties gets > put ahead of .text and we end up executing the notes data. > > Disable -fcf-protection for all embedded objects. > > Reported-by: Jason Andryuk <jandr...@gmail.com> > Signed-off-by: Andrew Cooper <andrew.coop...@citrix.com>
Reviewed-by: Jason Andryuk <jandr...@gmail.com> I have not re-tested this posting, but I tested an equivalent change ~2 weeks ago (in case that counts for Tested-by). -Jason
