[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] tools/firmware: fix setting of fcf-protection=none


  • To: Jan Beulich <jbeulich@xxxxxxxx>
  • From: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
  • Date: Tue, 5 Apr 2022 10:58:32 +0000
  • Accept-language: en-GB, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nQXkbqVvO9aFaBPbtP4E4+jIi/uqOgMO+4KOZd8P4E0=; b=CQiygrMxM148RAtS5IAuNEk9JxZzJR4fZysUcqldcUnx5oHhDnzat+st7dDe1KLoN9JPKYiHKw2jc+wpdz7bUw366ao7Vb9AIpsqQP4xBcC/Xlosk5zQPGCWaQiDPcEGBPAMG8W1v4SwhVPj/leSCF1dPya1yY+wuTPOImHpH1bVH9jfvSIcWoPKkQGi/2J+2PzJr4TCw0oQ5Y0iedhZu/3vcM6DIjVbzGJ7IHNRj1QO0wqhojzjWJ74kRp/UOu+YCaqTuDalfyANB1QqcHIXinhdSueITxAQ/qg0l6lBlTVUDwU/hIXToB5i/yA1uGEZ1yRV9cYp1/v+YuaTjZ+ag==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=P4cG2PbO6jf0Gq/XEA524mPFFhIkQBUcAoZ4+KVvTIGe7R1bjtces2tLvAbrUA2gua8kTuOCj6yuqeIpZn/lKyox7rpVwKLtSl03AjuiyEPovxBbc0su1C1zW56CscRuAX/Cq95sl45nFWP31+Q3H708YHqWumcb1kPPK/2ifqZC2GGg2A8BangJxzc8RCd/fUaxbo/d2XGakfj2pzH4w72jE3DTm+Hcg6+fa+UGs8Mb7DnUHEAhGeYuto3drN89xr6r+hrXvPL7MfkE/g/FUKaK9Vz8fFady4Sep45dVgu/Na+7XI7dNNtYQIpFgyyB0T9V5UrHZNlkuMQtT7T/8g==
  • Authentication-results: esa3.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: Wei Liu <wl@xxxxxxx>, Anthony Perard <anthony.perard@xxxxxxxxxx>, "Roger Pau Monne" <roger.pau@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 05 Apr 2022 10:58:40 +0000
  • Ironport-data: A9a23:VCxZq6IWSgKeRVHKFE+Rw5UlxSXFcZb7ZxGr2PjKsXjdYENS1mBVy zNJC2CHPvjcM2ekfN9waYzl9kpVsMfUm4A2SQtlqX01Q3x08seUXt7xwmUcns+xwm8vaGo9s q3yv/GZdJhcokf0/0vrav67xZVF/fngqoDUUYYoAQgsA148IMsdoUg7wbRh3tY12YHR7z6l4 rseneWOYDdJ5BYsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DQUIhMdtNWc s6YpF2PEsE1yD92Yj+tuu6TnkTn2dc+NyDW4pZdc/DKbhSvOkXee0v0XRYRQR4/ttmHozx+4 MsVtLDhWzoFAq3VxtoPciVjDhtdE4QTrdcrIVDn2SCS50jPcn+qyPRyFkAme4Yf/46bA0kXq 6ZecmpUKEne2aTmm9pXScE17ignBODtMJkSpTdLyjbBAOx9aZvCX7/L9ZlT2zJYasVmQ6aGP JNANWoHgBLoIA9vZHsxWK8HmvqvtGbndyF2h16fnP9ii4TU5FMoi+W8WDbPQfSaSMMQkkuGq 2bu+2XiHgpcJNGZ0SCC8H+nmqnIhyyTcJ0WPK218LhtmlL77m4ZBQASVFC7ieKkkUP4UNVaQ 3H44QJ38/J0rhbyCICgAVvo+xZooyLwRfJOS+wWuROw5pbU+linFEk4dSN7S/IP4ZpeqSMR6 neFmNbgBDpKubKTSG6A+rr8kQ5eKRT5PkdZO3ZaEFJtD83L5dhq00mRFooL/Lud1IWdJN3m/ 9ydQMHSbZ03hNVD6ai09Euvb9mE9smQFV5dCuk6swuYAuJFiGyNOtfABbvzt68owGOlor+p5 iVsdy+2tr1mMH11vHbRKNjh5Znwjxp/DBXSgER0A74q/Cm39niocOh4uW8idR8zappZJWS1P Cc/XD+9ArcJYRNGioctPeqM5zkCl/C8RbwJqNiKBjaxXnSBXFDep3w/DaJh92vsjFItgckC1 WSzKq6R4YIhIf0/llKeHr5FuZdyn3xW7T6DFPjTkkX8uZLDNSH9dFvwGAbXBgzPxPjf+1u9H hc2H5bi9iizp8WlO3ONrNFKcQ5RRZX5bLivw/Fqmie4ClMOMEkqCuPLwKNnfIpgnq9PkfzP8 G37UUhdoGcTT1WdQelWQhiPsI/SYKs=
  • Ironport-hdrordr: A9a23:D1P8CKMEdIH9gMBcTqKjsMiBIKoaSvp037BL7SBMoHluGfBw+P rCoB1273XJYVUqOU3I5+ruBEDoexq1yXcf2+Us1NmZMjXbhA==
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
  • Thread-index: AQHYRdaC1Ty1lDbR3E6vxjqdlx39GKzbI4SAgAAExYCABfjsgIAAC0sA
  • Thread-topic: [PATCH 1/2] tools/firmware: fix setting of fcf-protection=none

On 05/04/2022 11:18, Jan Beulich wrote:
> On 01.04.2022 17:05, Andrew Cooper wrote:
>> On 01/04/2022 15:48, Andrew Cooper wrote:
>>> On 01/04/2022 15:37, Roger Pau Monne wrote:
>>>> Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the
>>>> Makefile doesn't get it propagated to the subdirectories, so instead
>>>> set the flag in firmware/Rules.mk, like it's done for other compiler
>>>> flags.
>>>>
>>>> Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT')
>>>> Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
>>> Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
>> This also needs backporting with the XSA-398 CET-IBT fixes.
> I don't think so - the backports of the original commit didn't include
> what this patch fixes. I have queued patch 2 of this series though.

In which case I screwed up the backport.  (I remember spotting this bug
and thought I'd corrected it, but clearly not.)  tools/firmware really
does need to be -fcf-protection=none to counteract the defaults in
Ubuntu/etc.

~Andrew

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.