[Bug 1863260] Re: gcc-9 in Ubuntu generate unbootable xen hypervisor

Matthias Klose doko at ubuntu.com
Wed Mar 11 08:33:14 UTC 2020 

** Changed in: gcc-9 (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gcc-9 in Ubuntu.
https://bugs.launchpad.net/bugs/1863260

Title:
  gcc-9 in Ubuntu generate unbootable xen hypervisor

Status in gcc-9 package in Ubuntu:
  Invalid

Bug description:
  This problem was first observed in Ubuntu 19.10 (Eoan) but persists in
  the current Focal development. The results are the same for the old
  Xen version (4.9.2) and the fresh 4.11 merge. As a test I took the
  xen-hypervisor binary from Debian Sid (which has been compiled with
  gcc-9 as well) and that succeeds in booting Xen (libraries and dom0
  kernel are Ubuntu Focal).

  There seems to be one major difference between build environments. The
  Xen hypervisor build is done with an external retpoline mitigation:

  # Compile with thunk-extern, indirect-branch-register if avaiable.
  ifneq ($(call cc-option,$(CC),-mindirect-branch-register,n),n)
  CFLAGS += -mindirect-branch=thunk-extern -mindirect-branch-register
  CFLAGS += -DCONFIG_INDIRECT_THUNK
  export CONFIG_INDIRECT_THUNK=y
  endif

  The use of -mindirect-branch is incompatible with -fcf-protection. To
  be able to build the hypervisor in Ubuntu, I have to add the following
  modifications to the make file:

  --- xen.orig/xen/arch/x86/Rules.mk
  +++ xen/xen/arch/x86/Rules.mk
  @@ -42,6 +42,10 @@ endif
   
   # Compile with thunk-extern, indirect-branch-register if avaiable.
   ifneq ($(call cc-option,$(CC),-mindirect-branch-register,n),n)
  +ifneq ($(call cc-option,$(CC),-fcf-protection,n),n)
  +CFLAGS += -fcf-protection=none
  +CXXFLAGS += -fcf-protection=none
  +endif
   CFLAGS += -mindirect-branch=thunk-extern -mindirect-branch-register
   CFLAGS += -DCONFIG_INDIRECT_THUNK
   export CONFIG_INDIRECT_THUNK=y

  I am wondering whether -fcf-protection=none is only partially
  effective and causes the binary to be unbootable (basically it causes
  an immediate reset when started).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gcc-9/+bug/1863260/+subscriptions

More information about the foundations-bugs mailing list