[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PATCH RFC] x86: convert CET tool chain feature checks to mixed Kconfig/Makefile model
To make sure user choices solely affected by tool chain capabilities can't silently go off, convert the two Kconfig controls from "depends on ..." to "default ...". Suggest a default matching what the presently selected tool chain is capable of. To compensate, double check compiler option availability as well as the assembler recognizing the necessary insns early on when actually starting a build. This then also allows to run the configure step with a compiler version different from (perhaps older than) the one later used for actual building. Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- Using warnings instead of errors in the Makefile-based checks for now, despite the opposite suggestion during the design session in Cambridge. This is primarily to avoid failing the build just in case our double- checking is flawed. And in fact there is such a quirk right now with the changes made here: arch.mk is included ahead of .config being updated, so the checks are carried out with potentially stale CONFIG_* settings. Perhaps the checks need suppressing when .config is in the process of being updated (after which make will re-start, then doing the checks with the correct CONFIG_* values). It's not (yet) clear to me how to arrange for that, though, as the inclusion of arch.mk already sits inside the !config-build section of the top-level Makefile. For initial feedback I've modelled cc-option-check pretty closely after cc-option-add, whereas I've tried to make as-insn-check's output more useful while at the same time removing the need to pass both CFLAGS and CC into the macro (if anything, HOST would now need passing if the check was for the host compiler; we could certainly decide to drop that likely unnecessary flexibility). --- unstable.orig/Config.mk 2023-02-09 15:08:24.195431817 +0100 +++ unstable/Config.mk 2023-02-09 14:09:05.000000000 +0100 @@ -105,6 +105,18 @@ endef cc-options-add = $(foreach o,$(3),$(call cc-option-add,$(1),$(2),$(o))) +# cc-option-check: Double-check availablility of a compiler option. +# Usage: $(call cc-option-check CFLAGS,CC,-march=winchip-c6) +cc-option-check = $(eval $(call cc-option-check-closure,$(1),$(2),$(3))) +define cc-option-check-closure + ifeq ($$(call cc-option,$$($(2)),$(3),n),n) + $$(warning '$$($(2))' does not recognize '$(3)') + endif + $(1) += $(3) +endef + +cc-options-check = $(foreach o,$(3),$(call cc-option-check,$(1),$(2),$(o))) + # cc-ver: Check compiler against the version requirement. Return boolean 'y'/'n'. # Usage: ifeq ($(call cc-ver,$(CC),ge,0x030400),y) cc-ver = $(shell if [ $$((`$(1) -dumpversion | awk -F. \ --- unstable.orig/xen/arch/x86/Kconfig 2023-02-09 15:08:24.195431817 +0100 +++ unstable/xen/arch/x86/Kconfig 2023-02-09 11:59:29.000000000 +0100 @@ -119,9 +119,8 @@ config HVM config XEN_SHSTK bool "Supervisor Shadow Stacks" - depends on HAS_AS_CET_SS - default y - ---help--- + default HAS_AS_CET_SS + help Control-flow Enforcement Technology (CET) is a set of features in hardware designed to combat Return-oriented Programming (ROP, also call/jump COP/JOP) attacks. Shadow Stacks are one CET feature @@ -133,8 +132,7 @@ config XEN_SHSTK config XEN_IBT bool "Supervisor Indirect Branch Tracking" - depends on HAS_CC_CET_IBT - default y + default HAS_CC_CET_IBT help Control-flow Enforcement Technology (CET) is a set of features in hardware designed to combat Return-oriented Programming (ROP, also --- unstable.orig/xen/arch/x86/arch.mk 2023-02-09 15:08:24.195431817 +0100 +++ unstable/xen/arch/x86/arch.mk 2023-02-09 15:08:37.088842654 +0100 @@ -34,6 +34,10 @@ $(call as-option-add,CFLAGS,CC,\ $(call as-option-add,CFLAGS,CC,\ ".L1: .L2: .nops (.L2 - .L1)$$(comma)9",-DHAVE_AS_NOPS_DIRECTIVE) +$(call as-insn-check,XEN_IBT,,endbr64) +$(call as-insn-check,XEN_SHSTK,,wrssq %rax$(comma)0) +$(call as-insn-check,XEN_SHSTK,,setssbsy) + CFLAGS += -mno-red-zone -fpic # Xen doesn't use MMX or SSE interally. If the compiler supports it, also skip @@ -51,10 +55,11 @@ CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpol endif ifdef CONFIG_XEN_IBT +$(call cc-options-check,CFLAGS,CC,-fcf-protection=branch -mmanual-endbr) # Force -fno-jump-tables to work around # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 # https://github.com/llvm/llvm-project/issues/54247 -CFLAGS += -fcf-protection=branch -mmanual-endbr -fno-jump-tables +CFLAGS += -fno-jump-tables $(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) --- unstable.orig/xen/scripts/Kbuild.include 2023-02-09 15:08:24.195431817 +0100 +++ unstable/xen/scripts/Kbuild.include 2023-02-09 14:13:52.000000000 +0100 @@ -73,6 +73,18 @@ define as-option-add-closure endif endef +# as-insn-check: Double-check that the assembler backing (or built into) the +# compiler recognizes "insn" +# Usage: $(call as-insn-check,<config>,<tool-variant>,<insn>) +as-insn-check = $(eval $(call as-insn-check-closure,$(1),$(2),$(3))) +define as-insn-check-closure + ifeq ($$(CONFIG_$(1)),y) + ifneq ($$(call as-insn,$$($(2)CC) $$($(2)CFLAGS),"$$(3)",y,n),y) + $$(warning CONFIG_$(1)=y but assembler used by '$$($(2)CC)' doesn't recognize '$$(3)') + endif + endif +endef + # $(call if-success,<command>,<then>,<else>) # Return <then> if <command> exits with 0, <else> otherwise. if-success = $(shell { $(1); } >/dev/null 2>&1 && echo "$(2)" || echo "$(3)")
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |