gcc-9 in Ubuntu generate unbootable xen hypervisor
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | gcc-9 (Ubuntu) |
High
|
Unassigned | ||
Bug Description
This problem was first observed in Ubuntu 19.10 (Eoan) but persists in the current Focal development. The results are the same for the old Xen version (4.9.2) and the fresh 4.11 merge. As a test I took the xen-hypervisor binary from Debian Sid (which has been compiled with gcc-9 as well) and that succeeds in booting Xen (libraries and dom0 kernel are Ubuntu Focal).
There seems to be one major difference between build environments. The Xen hypervisor build is done with an external retpoline mitigation:
# Compile with thunk-extern, indirect-
ifneq ($(call cc-option,
CFLAGS += -mindirect-
CFLAGS += -DCONFIG_
export CONFIG_
endif
The use of -mindirect-branch is incompatible with -fcf-protection. To be able to build the hypervisor in Ubuntu, I have to add the following modifications to the make file:
--- xen.orig/
+++ xen/xen/
@@ -42,6 +42,10 @@ endif
# Compile with thunk-extern, indirect-
ifneq ($(call cc-option,
+ifneq ($(call cc-option,
+CFLAGS += -fcf-protection
+CXXFLAGS += -fcf-protection
+endif
CFLAGS += -mindirect-
CFLAGS += -DCONFIG_
export CONFIG_
I am wondering whether -fcf-protection
| Stefan Bader (smb) wrote : | #1 |
| Stefan Bader (smb) wrote : | #2 |
| tags: | added: aeppelwoi |
| Stefan Bader (smb) wrote : | #3 |
| Stefan Bader (smb) wrote : | #4 |
Advice how to disable cf-protaction when enabled by default was taken from: https:/
| Stefan Bader (smb) wrote : | #5 |
While modifying gcc I had the feeling that maybe -fno-cf-protection might be a valid flag, too. Should that be the same as -fcf-protection
| Stefan Bader (smb) wrote : | #6 |
We have found a fix for the issue now. There was one part of the hypervisor build which does use completely different flags. In particular it does not use -mindirect-branch, so it will not fail if cf-protection is turned on (this is under xen/arch/x86/boot and uses a buikd32.mk for setting flags). After adding -fcf-protection
@doko, just one additional observation: the documentation sounds a bit like -mindirect-
Think after all, we can close this as invalid (for gcc-9).
| Changed in gcc-9 (Ubuntu): | |
| status: | New → Invalid |
I have re-compiled gcc-9 from Focal after adding it to the list of releases which do not enable cf-protection by default. Then compiled Xen from Focal with that compiler. And it does boot!
# xen info
host : argabuthon
release : 5.4.0-14-generic
version : #17-Ubuntu SMP Thu Feb 6 22:47:59 UTC 2020
machine : x86_64
nr_cpus : 8
max_cpu_id : 15
nr_nodes : 2
cores_per_socket : 8
threads_per_core : 1
cpu_mhz : 2000.014
hw_caps : 178bf3ff:
virt_caps : hvm
total_memory : 32766
free_memory : 29333
sharing_
sharing_used_memory : 0
outstanding_claims : 0
free_cpus : 0
xen_major : 4
xen_minor : 11
xen_extra : .4-pre
xen_version : 4.11.4-pre
xen_caps : xen-3.0-x86_64 xen-3.0-x86_32p hvm-3.0-x86_32 hvm-3.0-x86_32p hvm-3.0-x86_64
xen_scheduler : credit
xen_pagesize : 4096
platform_params : virt_start=
xen_changeset :
xen_commandline : placeholder dom0_max_vcpus=4 dom0_vcpus_pin=true dom0_mem=
cc_compiler : gcc (Ubuntu 9.2.1-30ubuntu2
cc_compile_by : ubuntu-devel-di
cc_compile_domain : lists.ubuntu.com
cc_compile_date : Tue Mar 3 07:31:57 UTC 2020
build_id : e9eeb5132ed2948
xend_config_format : 4