Xen project Mailing List

[PATCH v3 59/70] x86: Use control flow typechecking where possible

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 22 Feb 2022 15:26:43 +0000

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Jan Beulich <JBeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>

Delivery-date: Tue, 22 Feb 2022 15:35:21 +0000

Ironport-data: A9a23:9f87lqxvqKXxUqAZRPN6t+czxirEfRIJ4+MujC+fZmUNrF6WrkVUz zYXWWjTb6uPNDP9c91yOd7k8kpXvMOBn9c2SFE5rSAxQypGp/SeCIXCJC8cHc8zwu4v7q5Dx 59DAjUVBJlsFhcwnj/0bv656yMUOZigHtIQMsadUsxKbVIiGHdJZS5LwbZj2NYy24LhWWthh PupyyHhEA79s9JLGjp8B5Kr8HuDa9yr5Vv0FnRnDRx6lAe2e0s9VfrzFonoR5fMeaFGH/bSe gr25OrRElU1XfsaIojNfr7TKiXmS1NJVOSEoiI+t6OK2nCuqsGuu0qS2TV1hUp/0l20c95NJ Nplmca6ZwgFE4r3kfk/fxtdT3BGBvBN0eqSSZS/mZT7I0zudnLtx7NlDV0sPJ1e8eFyaY1M3 aVGcnZXNEnF3r/ohuLgIgVvrp1LwM3DFYUToHx/ixreCu4rW8vrSKTW/95Imjw3g6iiGN6AO 5VCNWA/PHwsZTVSH1A2AZ8lwNyumyOnLhZUqV2E/I4Otj27IAtZj+G2bYu9lsaxbdpRtlaVo CTB5WuRKjMwOcGbyDGF2mmxneKJliT+MKoCGbv9+vN0jVm7wm0IFAZQRVa9ueO+iEO1R5RYM UN8x8Y1hfFsrgrxFIC7BkDm5i7f1vIBZzZOO8Fg4i+C5ofz2A+EJEQGS2IQUOd7v+ZjEFTGy WS1t9/uADVutpicRnSc6qqYoFuOBMQFEYMRTXRaFFVYurEPtKl210uSFYg7TMZZm/WoQWmY/ tyckMQpa1z/Z+Yv3r7zw13IiinESnPhHl9svVW/so5IA2pEiG+Zi26AtACzARVodt/xory9U J4swZP2AAcmV8zlqcB1aL9RdIxFHt7cWNEmvXZhHoM66xOm8GO5cIZb7VlWfRk1b5paKGK0O hOK4Wu9AaO/2lPwNsebhKrrVqwXIVXIT4y5Bpg4kPIUCnSOSON31H43PhPBt4wcuEMtjbs+K f+mnTWEVh4n5VBc5GPuHY81iOZzrghnnD+7bc2rnnyPjOvFDFbIGOhtDbd7Rr1ghE9yiF6Oq Ig32grj40g3bdASlQGNr9ZIdAhSdSJT6FKfg5U/S9Nv6zFOQAkJY8I9C5t4JOSJQ4w9ej/0w 0yA

Ironport-hdrordr: A9a23:Ea+c66hT0RpqdHBmgBOp4kyCs3BQXuIji2hC6mlwRA09TySZ// rBoB19726MtN9xYgBHpTnuAsm9qB/nmaKdpLNhWItKPzOW31dATrsSjrcKqgeIc0aVm9K1l5 0QF5SWYOeAdWSS5vya3ODXKbkdKaG8gcKVuds=

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Now all callees have been annotated, turn on typechecking to catch issues in the future. This extension isn't in a released version of GCC yet, so provide a container to use with the extention included, and add it to CI. RANDCONFIG is necessary because some stubs for compiled-out subsystems are used as function pointer targets. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Jan Beulich <JBeulich@xxxxxxxx> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx> CC: Wei Liu <wl@xxxxxxx> v3: * Provide container. Already pushed to Gitlab. --- automation/build/debian/buster-gcc-ibt.dockerfile | 66 +++++++++++++++++++++++ automation/gitlab-ci/build.yaml | 6 +++ automation/scripts/containerize | 1 + xen/arch/x86/arch.mk | 1 + 4 files changed, 74 insertions(+) create mode 100644 automation/build/debian/buster-gcc-ibt.dockerfile diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile b/automation/build/debian/buster-gcc-ibt.dockerfile new file mode 100644 index 000000000000..441d9a9ab37a --- /dev/null +++ b/automation/build/debian/buster-gcc-ibt.dockerfile @@ -0,0 +1,66 @@ +FROM debian:buster-slim AS builder + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + build-essential \ + flex \ + libc6-dev-i386 \ + libgmp-dev \ + libisl-dev \ + libmpc-dev \ + libmpfr-dev \ + patch \ + wget + +RUN mkdir /build +WORKDIR /build + +RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz -O - | tar xJ --strip=1 +RUN wget -q https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch -O - | patch -p1 +RUN ./configure \ + --prefix=/opt/gcc-11-ibt \ + --enable-languages=c \ + --disable-nls \ + --disable-threads \ + --disable-bootstrap \ + --disable-shared \ + --disable-libmudflap \ + --disable-libssp \ + --disable-libgomp \ + --disable-decimal-float \ + --disable-libquadmath \ + --disable-libatomic \ + --disable-libcc1 \ + --disable-libmpx +RUN make -j`nproc` && make -j`nproc` install + + +FROM debian:buster-slim +COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt + +LABEL maintainer.name="The Xen Project" \ + maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx" + +ENV DEBIAN_FRONTEND=noninteractive +ENV USER root +ENV PATH="/opt/gcc-11-ibt/bin:${PATH}" + +RUN mkdir /build +WORKDIR /build + +RUN apt-get update && \ + apt-get --quiet --yes install \ + bison \ + checkpolicy \ + flex \ + gawk \ + make \ + python3 \ + && \ + apt-get autoremove -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/* diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml index fdd5c76582b3..cc36428cf55b 100644 --- a/automation/gitlab-ci/build.yaml +++ b/automation/gitlab-ci/build.yaml @@ -294,6 +294,12 @@ debian-stretch-32-gcc-debug: variables: CONTAINER: debian:stretch-i386 +debian-buster-gcc-ibt: + extends: .gcc-x86-64-build + variables: + CONTAINER: debian:buster-gcc-ibt + RANDCONFIG: y + debian-unstable-clang: extends: .clang-x86-64-build variables: diff --git a/automation/scripts/containerize b/automation/scripts/containerize index 7682ccd34759..8992c67278ae 100755 --- a/automation/scripts/containerize +++ b/automation/scripts/containerize @@ -33,6 +33,7 @@ case "_${CONTAINER}" in _focal) CONTAINER="${BASE}/ubuntu:focal" ;; _jessie) CONTAINER="${BASE}/debian:jessie" ;; _stretch|_) CONTAINER="${BASE}/debian:stretch" ;; + _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;; _unstable|_) CONTAINER="${BASE}/debian:unstable" ;; _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;; _xenial) CONTAINER="${BASE}/ubuntu:xenial" ;; diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk index f780c912a9cf..92fd19811013 100644 --- a/xen/arch/x86/arch.mk +++ b/xen/arch/x86/arch.mk @@ -54,6 +54,7 @@ endif ifdef CONFIG_XEN_IBT CFLAGS += -fcf-protection=branch -mmanual-endbr +$(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no) else $(call cc-option-add,CFLAGS,CC,-fcf-protection=none) endif -- 2.11.0

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.