On 01/04/2022 15:50, Anthony PERARD wrote:
> On Fri, Apr 01, 2022 at 04:37:18PM +0200, Roger Pau Monne wrote:
>> Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the
>> Makefile doesn't get it propagated to the subdirectories, so instead
>> set the flag in firmware/Rules.mk, like it's done for other compiler
>> flags.
>>
>> Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT')
>> Signed-off-by: Roger Pau Monné <[email protected]>
>> ---
>> tools/firmware/Makefile | 2 --
>> tools/firmware/Rules.mk | 2 ++
>> 2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/firmware/Makefile b/tools/firmware/Makefile
>> index 53ed4f161e..345037b93b 100644
>> --- a/tools/firmware/Makefile
>> +++ b/tools/firmware/Makefile
>> @@ -6,8 +6,6 @@ TARGET := hvmloader/hvmloader
>> INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR)
>> DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR)
>>
>> -EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
>> -
>> SUBDIRS-y :=
>> SUBDIRS-$(CONFIG_OVMF) += ovmf-dir
>> SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir
>> diff --git a/tools/firmware/Rules.mk b/tools/firmware/Rules.mk
>> index 9f78a7dec9..efbbc73a45 100644
>> --- a/tools/firmware/Rules.mk
>> +++ b/tools/firmware/Rules.mk
>> @@ -13,6 +13,8 @@ endif
>>
>> CFLAGS += -Werror
>>
>> +EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
>> +
> I think making modification to $(EMBEDDED_EXTRA_CFLAGS) outside of
> "Config.mk" is confusing and would be better be avoided.
EMBEDDED_EXTRA_CFLAGS in the root Config.mk is conceptually broken and
needs deleting.
Yes, xen/ and tools/firmware/ are freestanding from C's point of view,
and embedded from many peoples points of view, but this doesn't mean
they have shared build requirements.
-nopie isn't even a CFLAG. It's spelt -no-pie and is an LDFLAG. This
bug is hidden by everything being cc-option'd behind the scenes.
Stack protector we'd absolutely have in Xen if it weren't for a quirk of
supporting PV guests.
-fno-exceptions is C++ only so not relevant for anything in xen.git
~Andrew
