[PATCH] build: Fix build with Ubuntu

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] build: Fix build with Ubuntu
@ 2020-05-13 13:55 Andrew Cooper
  2020-05-13 13:55 ` [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS Andrew Cooper
  2020-05-13 13:55 ` [PATCH] x86/build: Unilaterally disable -fcf-protection Andrew Cooper
  0 siblings, 2 replies; 8+ messages in thread
From: Andrew Cooper @ 2020-05-13 13:55 UTC (permalink / raw)
  To: Xen-devel
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, Jason Andryuk,
	George Dunlap, Andrew Cooper, Stefan Bader, Jan Beulich,
	Ian Jackson, Roger Pau Monné

This supercedes "x86/build: Unilaterally disable -fcf-protection"

Andrew Cooper (2):
  x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS
  x86/build: Unilaterally disable -fcf-protection

 Config.mk                            | 3 ++-
 tools/tests/x86_emulator/testcase.mk | 2 +-
 xen/arch/x86/arch.mk                 | 2 +-
 xen/arch/x86/boot/build32.mk         | 2 +-
 4 files changed, 5 insertions(+), 4 deletions(-)

-- 
2.11.0



^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS
  2020-05-13 13:55 [PATCH] build: Fix build with Ubuntu Andrew Cooper
@ 2020-05-13 13:55 ` Andrew Cooper
  2020-05-13 14:11   ` Jan Beulich
  2020-05-13 13:55 ` [PATCH] x86/build: Unilaterally disable -fcf-protection Andrew Cooper
  1 sibling, 1 reply; 8+ messages in thread
From: Andrew Cooper @ 2020-05-13 13:55 UTC (permalink / raw)
  To: Xen-devel
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, George Dunlap,
	Andrew Cooper, Jan Beulich, Ian Jackson, Roger Pau Monné

Users of EMBEDDED_EXTRA_CFLAGS already use -fno-asynchronous-unwind-tables, or
ought to.  This shrinks the size of the rombios 32bit stubs in guest memory.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: George Dunlap <George.Dunlap@eu.citrix.com>
CC: Ian Jackson <ian.jackson@citrix.com>
CC: Stefano Stabellini <sstabellini@kernel.org>
CC: Julien Grall <julien@xen.org>
---
 Config.mk                            | 2 +-
 tools/tests/x86_emulator/testcase.mk | 2 +-
 xen/arch/x86/arch.mk                 | 2 +-
 xen/arch/x86/boot/build32.mk         | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Config.mk b/Config.mk
index 3621162ae4..b0f16680f3 100644
--- a/Config.mk
+++ b/Config.mk
@@ -204,7 +204,7 @@ APPEND_LDFLAGS += $(foreach i, $(APPEND_LIB), -L$(i))
 APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
 
 EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
-EMBEDDED_EXTRA_CFLAGS += -fno-exceptions
+EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
 
 XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
 # All the files at that location were downloaded from elsewhere on
diff --git a/tools/tests/x86_emulator/testcase.mk b/tools/tests/x86_emulator/testcase.mk
index a565d15524..dafeb6caf7 100644
--- a/tools/tests/x86_emulator/testcase.mk
+++ b/tools/tests/x86_emulator/testcase.mk
@@ -4,7 +4,7 @@ include $(XEN_ROOT)/tools/Rules.mk
 
 $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS))
 
-CFLAGS += -fno-builtin -fno-asynchronous-unwind-tables -g0 $($(TESTCASE)-cflags)
+CFLAGS += -fno-builtin -g0 $($(TESTCASE)-cflags)
 
 .PHONY: all
 all: $(TESTCASE).bin
diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
index 2a51553edb..62b7c97007 100644
--- a/xen/arch/x86/arch.mk
+++ b/xen/arch/x86/arch.mk
@@ -56,7 +56,7 @@ $(call as-option-add,CFLAGS,CC,\
 $(call as-option-add,CFLAGS,CC,\
     ".L1: .L2: .nops (.L2 - .L1)$$(comma)9",-DHAVE_AS_NOPS_DIRECTIVE)
 
-CFLAGS += -mno-red-zone -fpic -fno-asynchronous-unwind-tables
+CFLAGS += -mno-red-zone -fpic
 
 # Xen doesn't use SSE interally.  If the compiler supports it, also skip the
 # SSE setup for variadic function calls.
diff --git a/xen/arch/x86/boot/build32.mk b/xen/arch/x86/boot/build32.mk
index 48c7407c00..5851ebff5f 100644
--- a/xen/arch/x86/boot/build32.mk
+++ b/xen/arch/x86/boot/build32.mk
@@ -4,7 +4,7 @@ include $(XEN_ROOT)/Config.mk
 
 $(call cc-options-add,CFLAGS,CC,$(EMBEDDED_EXTRA_CFLAGS))
 
-CFLAGS += -Werror -fno-asynchronous-unwind-tables -fno-builtin -g0 -msoft-float
+CFLAGS += -Werror -fno-builtin -g0 -msoft-float
 CFLAGS += -I$(XEN_ROOT)/xen/include
 CFLAGS := $(filter-out -flto,$(CFLAGS)) 
 
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [PATCH] x86/build: Unilaterally disable -fcf-protection
  2020-05-13 13:55 [PATCH] build: Fix build with Ubuntu Andrew Cooper
  2020-05-13 13:55 ` [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS Andrew Cooper
@ 2020-05-13 13:55 ` Andrew Cooper
  2020-05-13 14:13   ` Jan Beulich
  2020-05-13 14:54   ` Jason Andryuk
  1 sibling, 2 replies; 8+ messages in thread
From: Andrew Cooper @ 2020-05-13 13:55 UTC (permalink / raw)
  To: Xen-devel
  Cc: Wei Liu, Jason Andryuk, Andrew Cooper, Stefan Bader, Jan Beulich,
	Roger Pau Monné

Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
for supervisor use, but the livepatch functionality needs to learn not to
overwrite ENDBR64 instructions.

Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
version of GCC-9 which objects to it in combination with
-mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).

Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
beginning of the object.  These paths explode when .note.gnu.properties gets
put ahead of .text and we end up executing the notes data.

Disable -fcf-protection for all embedded objects.

Reported-by: Jason Andryuk <jandryuk@gmail.com>
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Jan Beulich <JBeulich@suse.com>
CC: Wei Liu <wl@xen.org>
CC: Roger Pau Monné <roger.pau@citrix.com>
CC: Jason Andryuk <jandryuk@gmail.com>
CC: Stefan Bader <stefan.bader@canonical.com>

v2:
 * Fix Rombios 32 stubs as well.
---
 Config.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Config.mk b/Config.mk
index b0f16680f3..7d556aed30 100644
--- a/Config.mk
+++ b/Config.mk
@@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
 
 EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
 EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
+EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
 
 XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
 # All the files at that location were downloaded from elsewhere on
-- 
2.11.0



^ permalink raw reply related	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS
  2020-05-13 13:55 ` [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS Andrew Cooper
@ 2020-05-13 14:11   ` Jan Beulich
  2020-05-13 14:18     ` Samuel Thibault
  0 siblings, 1 reply; 8+ messages in thread
From: Jan Beulich @ 2020-05-13 14:11 UTC (permalink / raw)
  To: Andrew Cooper, Samuel Thibault
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, George Dunlap,
	Ian Jackson, Xen-devel, Roger Pau Monné

On 13.05.2020 15:55, Andrew Cooper wrote:
> Users of EMBEDDED_EXTRA_CFLAGS already use -fno-asynchronous-unwind-tables, or
> ought to.

It's not really well defined what they're supposed to be used for
(and where it's not supposed to be used). I notice in particular
a use in stubdom/Makefile which I'm unsure whether it indeed wants
this adjustment. Therefore ...

>  This shrinks the size of the rombios 32bit stubs in guest memory.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
with the request that Samuel also ack (or otherwise) the change
from a stubdom perspective.

Jan


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/build: Unilaterally disable -fcf-protection
  2020-05-13 13:55 ` [PATCH] x86/build: Unilaterally disable -fcf-protection Andrew Cooper
@ 2020-05-13 14:13   ` Jan Beulich
  2020-05-13 14:40     ` Andrew Cooper
  2020-05-13 14:54   ` Jason Andryuk
  1 sibling, 1 reply; 8+ messages in thread
From: Jan Beulich @ 2020-05-13 14:13 UTC (permalink / raw)
  To: Andrew Cooper
  Cc: Xen-devel, Jason Andryuk, Stefan Bader, Wei Liu, Roger Pau Monné

On 13.05.2020 15:55, Andrew Cooper wrote:
> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
> for supervisor use, but the livepatch functionality needs to learn not to
> overwrite ENDBR64 instructions.
> 
> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
> version of GCC-9 which objects to it in combination with
> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
> 
> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
> beginning of the object.  These paths explode when .note.gnu.properties gets
> put ahead of .text and we end up executing the notes data.
> 
> Disable -fcf-protection for all embedded objects.
> 
> Reported-by: Jason Andryuk <jandryuk@gmail.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

For the immediate purpose
Reviewed-by: Jan Beulich <jbeulich@suse.com>

I wonder however ...

> --- a/Config.mk
> +++ b/Config.mk
> @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
>  
>  EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
>  EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none

... whether this isn't going to bite us once some of the consumers
of this variable want to enable some different mode.

Jan


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS
  2020-05-13 14:11   ` Jan Beulich
@ 2020-05-13 14:18     ` Samuel Thibault
  0 siblings, 0 replies; 8+ messages in thread
From: Samuel Thibault @ 2020-05-13 14:18 UTC (permalink / raw)
  To: Jan Beulich
  Cc: Stefano Stabellini, Julien Grall, Wei Liu, George Dunlap,
	Andrew Cooper, Xen-devel, Ian Jackson, Roger Pau Monné

Hello,

Jan Beulich, le mer. 13 mai 2020 16:11:00 +0200, a ecrit:
> On 13.05.2020 15:55, Andrew Cooper wrote:
> > Users of EMBEDDED_EXTRA_CFLAGS already use -fno-asynchronous-unwind-tables, or
> > ought to.
> 
> It's not really well defined what they're supposed to be used for
> (and where it's not supposed to be used). I notice in particular
> a use in stubdom/Makefile which I'm unsure whether it indeed wants
> this adjustment. Therefore ...

I don't know why this is there in mini-os. It dates back 2005
8afe079be ('Mini-OS cleanups. Bug fixes in x86_64 assembly code.')

It indeed looks to me like a general option to minimize binary size, so
I'd say it is fine to make its activation general.

> >  This shrinks the size of the rombios 32bit stubs in guest memory.
> > 
> > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> 
> Reviewed-by: Jan Beulich <jbeulich@suse.com>
> with the request that Samuel also ack (or otherwise) the change
> from a stubdom perspective.

Samuel


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/build: Unilaterally disable -fcf-protection
  2020-05-13 14:13   ` Jan Beulich
@ 2020-05-13 14:40     ` Andrew Cooper
  0 siblings, 0 replies; 8+ messages in thread
From: Andrew Cooper @ 2020-05-13 14:40 UTC (permalink / raw)
  To: Jan Beulich
  Cc: Xen-devel, Jason Andryuk, Stefan Bader, Wei Liu, Roger Pau Monné

On 13/05/2020 15:13, Jan Beulich wrote:
> [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments unless you have verified the sender and know the content is safe.
>
> On 13.05.2020 15:55, Andrew Cooper wrote:
>> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
>> for supervisor use, but the livepatch functionality needs to learn not to
>> overwrite ENDBR64 instructions.
>>
>> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
>> version of GCC-9 which objects to it in combination with
>> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
>>
>> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
>> beginning of the object.  These paths explode when .note.gnu.properties gets
>> put ahead of .text and we end up executing the notes data.
>>
>> Disable -fcf-protection for all embedded objects.
>>
>> Reported-by: Jason Andryuk <jandryuk@gmail.com>
>> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> For the immediate purpose
> Reviewed-by: Jan Beulich <jbeulich@suse.com>

Thanks.

>
> I wonder however ...
>
>> --- a/Config.mk
>> +++ b/Config.mk
>> @@ -205,6 +205,7 @@ APPEND_CFLAGS += $(foreach i, $(APPEND_INCLUDES), -I$(i))
>>  
>>  EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
>>  EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
>> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
> ... whether this isn't going to bite us once some of the consumers
> of this variable want to enable some different mode.

I'm not overly happy with EMBEDDED_EXTRA_CFLAGS as a concept, but these
build fixes do need backporting.

All embedded targets may in principle use some/all of these options at
some point in the future.

~Andrew


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH] x86/build: Unilaterally disable -fcf-protection
  2020-05-13 13:55 ` [PATCH] x86/build: Unilaterally disable -fcf-protection Andrew Cooper
  2020-05-13 14:13   ` Jan Beulich
@ 2020-05-13 14:54   ` Jason Andryuk
  1 sibling, 0 replies; 8+ messages in thread
From: Jason Andryuk @ 2020-05-13 14:54 UTC (permalink / raw)
  To: Andrew Cooper
  Cc: Stefan Bader, Xen-devel, Wei Liu, Jan Beulich, Roger Pau Monné

On Wed, May 13, 2020 at 9:56 AM Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>
> Xen doesn't support CET-IBT yet.  At a minimum, logic is required to enable it
> for supervisor use, but the livepatch functionality needs to learn not to
> overwrite ENDBR64 instructions.
>
> Furthermore, Ubuntu enables -fcf-protection by default, along with a buggy
> version of GCC-9 which objects to it in combination with
> -mindirect-branch=thunk-extern (Fixed in GCC 10, 9.4).
>
> Various objects (Xen boot path, Rombios 32 stubs) require .text to be at the
> beginning of the object.  These paths explode when .note.gnu.properties gets
> put ahead of .text and we end up executing the notes data.
>
> Disable -fcf-protection for all embedded objects.
>
> Reported-by: Jason Andryuk <jandryuk@gmail.com>
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jason Andryuk <jandryuk@gmail.com>

I have not re-tested this posting, but I tested an equivalent change
~2 weeks ago (in case that counts for Tested-by).

-Jason


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2020-05-13 15:01 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-13 13:55 [PATCH] build: Fix build with Ubuntu Andrew Cooper
2020-05-13 13:55 ` [PATCH] x86/build: move -fno-asynchronous-unwind-tables into EMBEDDED_EXTRA_CFLAGS Andrew Cooper
2020-05-13 14:11   ` Jan Beulich
2020-05-13 14:18     ` Samuel Thibault
2020-05-13 13:55 ` [PATCH] x86/build: Unilaterally disable -fcf-protection Andrew Cooper
2020-05-13 14:13   ` Jan Beulich
2020-05-13 14:40     ` Andrew Cooper
2020-05-13 14:54   ` Jason Andryuk

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.