* [PATCH] x86/cet: Force -fno-jump-tables for CET-IBT
@ 2022-03-07 13:26 Andrew Cooper
2022-03-07 13:56 ` Jan Beulich
0 siblings, 1 reply; 2+ messages in thread
From: Andrew Cooper @ 2022-03-07 13:26 UTC (permalink / raw)
To: Xen-devel; +Cc: Andrew Cooper, Jan Beulich, Roger Pau Monné, Wei Liu
Both GCC and Clang have a (mis)feature where, even with
-fcf-protection=branch, jump tables are created using a notrack jump rather
than using endbr's in each case statement.
This is incompatible with the safety properties we want in Xen, and enforced
by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr].
-fno-jump-tables is generally active as a side effect of
CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig:
introduce option to select retpoline usage"), we explicitly support turning
retpoline off.
Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT")
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Wei Liu <wl@xen.org>
---
xen/arch/x86/arch.mk | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index f6fc852b5767..8e57476d6573 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -51,7 +51,10 @@ CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk
endif
ifdef CONFIG_XEN_IBT
-CFLAGS += -fcf-protection=branch -mmanual-endbr
+# Force -fno-jump-tables to work around
+# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
+# https://github.com/llvm/llvm-project/issues/54247
+CFLAGS += -fcf-protection=branch -mmanual-endbr -fno-jump-tables
$(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no)
else
$(call cc-option-add,CFLAGS,CC,-fcf-protection=none)
--
2.11.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] x86/cet: Force -fno-jump-tables for CET-IBT
2022-03-07 13:26 [PATCH] x86/cet: Force -fno-jump-tables for CET-IBT Andrew Cooper
@ 2022-03-07 13:56 ` Jan Beulich
0 siblings, 0 replies; 2+ messages in thread
From: Jan Beulich @ 2022-03-07 13:56 UTC (permalink / raw)
To: Andrew Cooper; +Cc: Roger Pau Monné, Wei Liu, Xen-devel
On 07.03.2022 14:26, Andrew Cooper wrote:
> Both GCC and Clang have a (mis)feature where, even with
> -fcf-protection=branch, jump tables are created using a notrack jump rather
> than using endbr's in each case statement.
>
> This is incompatible with the safety properties we want in Xen, and enforced
> by not setting MSR_S_CET.NOTRACK_EN. The consequence is a fatal #CP[endbr].
>
> -fno-jump-tables is generally active as a side effect of
> CONFIG_INDIRECT_THUNK (retpoline), but as of c/s 95d9ab461436 ("x86/Kconfig:
> introduce option to select retpoline usage"), we explicitly support turning
> retpoline off.
>
> Fixes: 3667f7f8f7c4 ("x86: Introduce support for CET-IBT")
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2022-03-07 13:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-07 13:26 [PATCH] x86/cet: Force -fno-jump-tables for CET-IBT Andrew Cooper
2022-03-07 13:56 ` Jan Beulich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.