If you disable XSAVE_XSAVES, then userland IBT enforcement is also disabled.
XSAVES is required to manage the IBT enforcement mechanism's internal state over a context switch. All machines with IBT have XSAVES. If I understand right, there are other ways of managing the state, but this is the one that is recomended, and in use, and it appears there is a bug. Theo Buehler <t...@theobuehler.org> wrote: > On Mon, Jun 19, 2023 at 04:31:19PM +0200, Solene Rapenne wrote: > > Hi, I can't get lang/go to compile on my system, which is a Xen VM. > > > > I can compile almost anything, including qt or webkitgtk, but lang/go > > is failing with various errors each time. I'm not sure it's a XEN bug > > though, maybe an issue with recent IBT? > > Yes, it's the IBT diff in snaps breaking the bootstrapping process. > An older go binary or one compiled on a another machine where it compiles > works quite well (but not perfectly) with that diff. > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,AMCR8,ABM,SSE4A,MASSE,3DNOWP,DBKP,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > > As far as I know machines with XSAVES are affected as long as they don't > take the XSAVES disabling path in the ibt diff. If I force my machines > with XSAVES to do the eax &= ~XSAVE_XSAVES thing then go compiles and > works. That's as far as I got with debugging. > > I have no idea if this is a bug in the kernel diff or in lang/go or > both. >
