On 05/04/2022 11:18, Jan Beulich wrote:
> On 01.04.2022 17:05, Andrew Cooper wrote:
>> On 01/04/2022 15:48, Andrew Cooper wrote:
>>> On 01/04/2022 15:37, Roger Pau Monne wrote:
>>>> Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the
>>>> Makefile doesn't get it propagated to the subdirectories, so instead
>>>> set the flag in firmware/Rules.mk, like it's done for other compiler
>>>> flags.
>>>>
>>>> Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT')
>>>> Signed-off-by: Roger Pau Monné <[email protected]>
>>> Acked-by: Andrew Cooper <[email protected]>
>> This also needs backporting with the XSA-398 CET-IBT fixes.
> I don't think so - the backports of the original commit didn't include
> what this patch fixes. I have queued patch 2 of this series though.In which case I screwed up the backport. (I remember spotting this bug and thought I'd corrected it, but clearly not.) tools/firmware really does need to be -fcf-protection=none to counteract the defaults in Ubuntu/etc. ~Andrew
