[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 59/70] x86: Use control flow typechecking where possible

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Wed, 23 Feb 2022 15:21:44 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Ej7z5zi7D8K89Nvw/xyrnIcxV2VEYFlVY6IgcY0QquQ=; b=egpuUz21ggxuXZzpx6/sKQ89NumcHlTYxOCAWBIHIU/dZQQZlEdS4g4uEzalfD3abi0s/j0x52WlVmqkUhT1rk19/tNpgMDMq4y8GKBVfLGTw+Y22w7IlX9IkuLco+uGeJa0dk48ULI1GNIbL0C4aGfrvXqO8hNSXFQIAO5TyJOWneyFj95pyQLJiDrWwx1uiF9lKi0Rep9TkJ22+5VvZoBtqBuMMBHxeV4dQ1fs0ry+nQZzsRYtFx9pNuqlDw/Za6Iof9RtIZK1Z4WbHilzzgZCXOT5QZIzeEo8tFsM2TIIMQrT5Z2/Xf98Kh+r12HXLepjuYrWBkQtXnYl7EbgTA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kJY8aa4C4ZdvCoQT2oUJbd394hd+HhfgLn1LAgBZMDGpc5UsCAybi8P0BRE9K/9wjd54DoZzLedu0piccxc5X7HLqVCuWdMRbC6EJa+H8acVRwWNKmI5Xn6VAYLs4qL4GNmWbRRGaQHLzN7YyqoGp3TsIl8gTTMNnCPT8NsAPJ232JaTvWmg8+th56Z7ocvOHf0ElI6hEDd3R63Zx+PR6VgurK+hRAekOuCAYJooBSuBmc36V8TvlOiWgNQ6zYfKgdDMNuTXLXbFa6eeMig39+uplPROIaSj4IfKbu0RhsbgKzZmBtowE0rJcLYL8ZWcclZiGHQ2PVvCi/mq9u+cNA==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Roger Pau Monné <roger.pau@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Wed, 23 Feb 2022 14:22:13 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 22.02.2022 16:26, Andrew Cooper wrote:
> Now all callees have been annotated, turn on typechecking to catch issues in
> the future.
> 
> This extension isn't in a released version of GCC yet, so provide a container
> to use with the extention included, and add it to CI.  RANDCONFIG is necessary
> because some stubs for compiled-out subsystems are used as function pointer
> targets.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

I certainly see that we will want to have this extra level of safety.
Hence feel free to add
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>

But I'd like us to form a plan in case the change doesn't get committed
relatively soon after gcc re-opens for general development after gcc12
was branched off. We don't want to get into the position of needing to
maintain a gcc patch. Do you have any insight as to what is actually
blocking the committing of that change, seeing that it has been around
for a while?

Jan

> ---
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: Wei Liu <wl@xxxxxxx>
> 
> v3:
>  * Provide container.  Already pushed to Gitlab.
> ---
>  automation/build/debian/buster-gcc-ibt.dockerfile | 66 
> +++++++++++++++++++++++
>  automation/gitlab-ci/build.yaml                   |  6 +++
>  automation/scripts/containerize                   |  1 +
>  xen/arch/x86/arch.mk                              |  1 +
>  4 files changed, 74 insertions(+)
>  create mode 100644 automation/build/debian/buster-gcc-ibt.dockerfile
> 
> diff --git a/automation/build/debian/buster-gcc-ibt.dockerfile 
> b/automation/build/debian/buster-gcc-ibt.dockerfile
> new file mode 100644
> index 000000000000..441d9a9ab37a
> --- /dev/null
> +++ b/automation/build/debian/buster-gcc-ibt.dockerfile
> @@ -0,0 +1,66 @@
> +FROM debian:buster-slim AS builder
> +
> +ENV DEBIAN_FRONTEND=noninteractive
> +ENV USER root
> +
> +RUN apt-get update && \
> +    apt-get --quiet --yes install \
> +        bison \
> +        build-essential \
> +        flex \
> +        libc6-dev-i386 \
> +        libgmp-dev \
> +        libisl-dev \
> +        libmpc-dev \
> +        libmpfr-dev \
> +        patch \
> +        wget
> +
> +RUN mkdir /build
> +WORKDIR /build
> +
> +RUN wget -q https://ftp.gnu.org/gnu/gcc/gcc-11.2.0/gcc-11.2.0.tar.xz -O - | 
> tar xJ --strip=1
> +RUN wget -q 
> https://xenbits.xen.org/people/andrewcoop/gcc-11.2-Add-fcf-check-attribute-yes-no.patch
>  -O - | patch -p1
> +RUN ./configure \
> +        --prefix=/opt/gcc-11-ibt \
> +        --enable-languages=c \
> +        --disable-nls \
> +        --disable-threads \
> +        --disable-bootstrap \
> +        --disable-shared \
> +        --disable-libmudflap \
> +        --disable-libssp \
> +        --disable-libgomp \
> +        --disable-decimal-float \
> +        --disable-libquadmath \
> +        --disable-libatomic \
> +        --disable-libcc1 \
> +        --disable-libmpx
> +RUN make -j`nproc` && make -j`nproc` install
> +
> +
> +FROM debian:buster-slim
> +COPY --from=builder /opt/gcc-11-ibt /opt/gcc-11-ibt
> +
> +LABEL maintainer.name="The Xen Project" \
> +      maintainer.email="xen-devel@xxxxxxxxxxxxxxxxxxxx"
> +
> +ENV DEBIAN_FRONTEND=noninteractive
> +ENV USER root
> +ENV PATH="/opt/gcc-11-ibt/bin:${PATH}"
> +
> +RUN mkdir /build
> +WORKDIR /build
> +
> +RUN apt-get update && \
> +    apt-get --quiet --yes install \
> +        bison \
> +        checkpolicy \
> +        flex \
> +        gawk \
> +        make \
> +        python3 \
> +        && \
> +        apt-get autoremove -y && \
> +        apt-get clean && \
> +        rm -rf /var/lib/apt/lists* /tmp/* /var/tmp/*
> diff --git a/automation/gitlab-ci/build.yaml b/automation/gitlab-ci/build.yaml
> index fdd5c76582b3..cc36428cf55b 100644
> --- a/automation/gitlab-ci/build.yaml
> +++ b/automation/gitlab-ci/build.yaml
> @@ -294,6 +294,12 @@ debian-stretch-32-gcc-debug:
>    variables:
>      CONTAINER: debian:stretch-i386
>  
> +debian-buster-gcc-ibt:
> +  extends: .gcc-x86-64-build
> +  variables:
> +    CONTAINER: debian:buster-gcc-ibt
> +    RANDCONFIG: y
> +
>  debian-unstable-clang:
>    extends: .clang-x86-64-build
>    variables:
> diff --git a/automation/scripts/containerize b/automation/scripts/containerize
> index 7682ccd34759..8992c67278ae 100755
> --- a/automation/scripts/containerize
> +++ b/automation/scripts/containerize
> @@ -33,6 +33,7 @@ case "_${CONTAINER}" in
>      _focal) CONTAINER="${BASE}/ubuntu:focal" ;;
>      _jessie) CONTAINER="${BASE}/debian:jessie" ;;
>      _stretch|_) CONTAINER="${BASE}/debian:stretch" ;;
> +    _buster-gcc-ibt) CONTAINER="${BASE}/debian:buster-gcc-ibt" ;;
>      _unstable|_) CONTAINER="${BASE}/debian:unstable" ;;
>      _trusty) CONTAINER="${BASE}/ubuntu:trusty" ;;
>      _xenial) CONTAINER="${BASE}/ubuntu:xenial" ;;
> diff --git a/xen/arch/x86/arch.mk b/xen/arch/x86/arch.mk
> index f780c912a9cf..92fd19811013 100644
> --- a/xen/arch/x86/arch.mk
> +++ b/xen/arch/x86/arch.mk
> @@ -54,6 +54,7 @@ endif
>  
>  ifdef CONFIG_XEN_IBT
>  CFLAGS += -fcf-protection=branch -mmanual-endbr
> +$(call cc-option-add,CFLAGS,CC,-fcf-check-attribute=no)
>  else
>  $(call cc-option-add,CFLAGS,CC,-fcf-protection=none)
>  endif

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.