|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 2/2] x86/boot: Drop .note.gnu.properties in build32.lds
On 12/05/2020 17:11, Jan Beulich wrote: > [CAUTION - EXTERNAL EMAIL] DO NOT reply, click links, or open attachments > unless you have verified the sender and know the content is safe. > > On 12.05.2020 17:58, Andrew Cooper wrote: >> On 12/05/2020 16:32, Jan Beulich wrote: >>> On 12.05.2020 05:39, Jason Andryuk wrote: >>>> Discard the .note.gnu.property section when linking to avoid the extra >>>> bytes. >>> If we go this route (and if, as per above, I'm misremembering, >>> meaning we didn't reject such a change earlier on), why would we >>> not strip .note and .note.* in one go? >>> >>>> Stefan Bader also noticed that build32.mk requires -fcf-protection=none >>>> or else the hypervisor will not boot. >>>> https://bugs.launchpad.net/ubuntu/+source/gcc-9/+bug/1863260 >>> How's this related to the change here? >> I think there is a bit of confusion as to exactly what is going on. >> >> Ubuntu defaults -fcf-protection to enabled, which has a side effect of >> turning on CET, which inserts ENDBR{32,64} instructions and generates >> .note.gnu.properties indicating that the binary is CET-IBT compatible. > I.e. in principle this 2nd patch wouldn't be necessary at all if > we forced -fcf-protection=none unilaterally, and provided build32.mk > properly inherits CFLAGS. Discarding note sections may still be > a desirable thing to do though ... Even if we disable unilaterally for now, we'll still want to re-enable at some point, so this will come and bite us again. I'm currently testing Ubuntu's default behaviour in combination with livepatch, because I bet there are further breakages to be found. ~Andrew
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |