On Mon, Jun 19, 2023 at 08:50:44AM -0600, Theo de Raadt wrote: > If you disable XSAVE_XSAVES, then userland IBT enforcement is also disabled. > > XSAVES is required to manage the IBT enforcement mechanism's internal state > over a context switch. > > All machines with IBT have XSAVES.
The thing is that this breaks it on machines without IBT> > > If I understand right, there are other ways of managing the state, but > this is the one that is recomended, and in use, and it appears there is > a bug. > > Theo Buehler <t...@theobuehler.org> wrote: > > > On Mon, Jun 19, 2023 at 04:31:19PM +0200, Solene Rapenne wrote: > > > Hi, I can't get lang/go to compile on my system, which is a Xen VM. > > > > > > I can compile almost anything, including qt or webkitgtk, but lang/go > > > is failing with various errors each time. I'm not sure it's a XEN bug > > > though, maybe an issue with recent IBT? > > > > Yes, it's the IBT diff in snaps breaking the bootstrapping process. > > An older go binary or one compiled on a another machine where it compiles > > works quite well (but not perfectly) with that diff. > > > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,AMCR8,ABM,SSE4A,MASSE,3DNOWP,DBKP,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES > > > > As far as I know machines with XSAVES are affected as long as they don't > > take the XSAVES disabling path in the ibt diff. If I force my machines > > with XSAVES to do the eax &= ~XSAVE_XSAVES thing then go compiles and > > works. That's as far as I got with debugging. > > > > I have no idea if this is a bug in the kernel diff or in lang/go or > > both. > >
