acrn-dev@lists.projectacrn.org | [PATCH] Makefile: disable fcf-protection for some build env

Home Messages Hashtags Subgroups

Date Date 1 - 3 of 3

[PATCH] Makefile: disable fcf-protection for some build env

Yin, Fengwei <fengwei.yin@...> #26424 In some build env (Ubuntu 19.10 as example), gcc enabled the option -fcf-protection by default. But this option is not comptible with -mindirect-branch. Which could trigger following build error: fail to build with gcc-9 [error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible] -mindirect-branch is mandatory for repoline mitigation and always enabled for ACRN build. We disable -fcf-protection here for ACRN build. Tracked-On: #4358 Signed-off-by: Yin Fengwei <fengwei.yin@...> --- hypervisor/Makefile \| 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hypervisor/Makefile b/hypervisor/Makefile index e8694eef..0da7c550 100644 --- a/hypervisor/Makefile +++ b/hypervisor/Makefile @@ -97,6 +97,13 @@ endif CFLAGS += -DSTACK_PROTECTOR endif +# In case using Ubuntu 19.10 as build environment, its gcc has -fcf-protection enabled +# by default. But this option is not compatible with -mindirect-branch: +# https://bugs.launchpad.net/ubuntu/+source/gcc-9/+bug/1830961 +# +# We disable the -fcf-protection in ACRN build. +CFLAGS += -fcf-protection=none + ASFLAGS += -m64 -nostdinc -nostdlib LDFLAGS += -Wl,--gc-sections -nostartfiles -nostdlib -- 2.20.1
More All Messages By This Member
Wu, Binbin #26459 toggle quoted message Show quoted text -----Original Message----- From: acrn-dev@... <acrn-dev@...> On Behalf Of Yin, Fengwei Sent: Monday, January 13, 2020 10:24 AM To: acrn-dev@... Subject: [acrn-dev] [PATCH] Makefile: disable fcf-protection for some build env In some build env (Ubuntu 19.10 as example), gcc enabled the option -fcf- protection by default. But this option is not comptible with -mindirect-branch. typo "comptible" Others LGTM. Which could trigger following build error: fail to build with gcc-9 [error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible] -mindirect-branch is mandatory for repoline mitigation and always enabled for ACRN build. We disable -fcf-protection here for ACRN build. Tracked-On: #4358 Signed-off-by: Yin Fengwei <fengwei.yin@...> --- hypervisor/Makefile \| 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hypervisor/Makefile b/hypervisor/Makefile index e8694eef..0da7c550 100644 --- a/hypervisor/Makefile +++ b/hypervisor/Makefile @@ -97,6 +97,13 @@ endif CFLAGS += -DSTACK_PROTECTOR endif +# In case using Ubuntu 19.10 as build environment, its gcc has +-fcf-protection enabled # by default. But this option is not compatible with - mindirect-branch: +# https://bugs.launchpad.net/ubuntu/+source/gcc-9/+bug/1830961 +# +# We disable the -fcf-protection in ACRN build. +CFLAGS += -fcf-protection=none + ASFLAGS += -m64 -nostdinc -nostdlib LDFLAGS += -Wl,--gc-sections -nostartfiles -nostdlib -- 2.20.1
More All Messages By This Member
Yin, Fengwei <fengwei.yin@...> #26460 On 1/14/2020 1:59 PM, Wu, Binbin wrote: -----Original Message----- From: acrn-dev@... <acrn-dev@...> On Behalf Of Yin, Fengwei Sent: Monday, January 13, 2020 10:24 AM To: acrn-dev@... Subject: [acrn-dev] [PATCH] Makefile: disable fcf-protection for some build env In some build env (Ubuntu 19.10 as example), gcc enabled the option -fcf- protection by default. But this option is not comptible with -mindirect-branch. typo "comptible" Others LGTM. Thanks. I will PR with this typo fixed. Regards Yin, Fengwei Which could trigger following build error: fail to build with gcc-9 [error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible] -mindirect-branch is mandatory for repoline mitigation and always enabled for ACRN build. We disable -fcf-protection here for ACRN build. Tracked-On: #4358 Signed-off-by: Yin Fengwei <fengwei.yin@...> --- hypervisor/Makefile \| 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hypervisor/Makefile b/hypervisor/Makefile index e8694eef..0da7c550 100644 --- a/hypervisor/Makefile +++ b/hypervisor/Makefile @@ -97,6 +97,13 @@ endif CFLAGS += -DSTACK_PROTECTOR endif +# In case using Ubuntu 19.10 as build environment, its gcc has +-fcf-protection enabled # by default. But this option is not compatible with - mindirect-branch: +# https://bugs.launchpad.net/ubuntu/+source/gcc-9/+bug/1830961 +# +# We disable the -fcf-protection in ACRN build. +CFLAGS += -fcf-protection=none + ASFLAGS += -m64 -nostdinc -nostdlib LDFLAGS += -Wl,--gc-sections -nostartfiles -nostdlib -- 2.20.1
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Terms