[PATCH] kbuild: add -fcf-protection=none to retpoline flags

From: Seth Forshee
Date: Tue Jul 09 2019 - 14:49:24 EST

Next message: Geert Uytterhoeven: "Re: [PATCH] gpio: em: use the managed version of gpiochip_add_data()"
Previous message: Thomas Garnier: "Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support"
Next in thread: Masahiro Yamada: "Re: [PATCH] kbuild: add -fcf-protection=none to retpoline flags"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-mindirect-branch and -fcf-protection are not compatible, and
so kernel builds fail with a gcc build where -fcf-protection is
enabled by default. Add -fcf-protection=none to the retpoline
flags to fix this.

Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx>
---
Makefile | 4 ++++
1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index 3e4868a6498b..050f11d19777 100644
--- a/Makefile
+++ b/Makefile
@@ -636,6 +636,10 @@ RETPOLINE_CFLAGS_CLANG := -mretpoline-external-thunk
RETPOLINE_VDSO_CFLAGS_CLANG := -mretpoline
RETPOLINE_CFLAGS := $(call cc-option,$(RETPOLINE_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_CFLAGS_CLANG)))
RETPOLINE_VDSO_CFLAGS := $(call cc-option,$(RETPOLINE_VDSO_CFLAGS_GCC),$(call cc-option,$(RETPOLINE_VDSO_CFLAGS_CLANG)))
+# -mindirect-branch is incompatible with -fcf-protection, so ensure the
+# latter is disabled
+RETPOLINE_CFLAGS += $(call cc-option,-fcf-protection=none,)
+RETPOLINE_VDSO_CFLAGS += $(call cc-option,-fcf-protection=none,)
export RETPOLINE_CFLAGS
export RETPOLINE_VDSO_CFLAGS

--
2.20.1

Next message: Geert Uytterhoeven: "Re: [PATCH] gpio: em: use the managed version of gpiochip_add_data()"
Previous message: Thomas Garnier: "Re: [PATCH v8 06/11] x86/CPU: Adapt assembly for PIE support"
Next in thread: Masahiro Yamada: "Re: [PATCH] kbuild: add -fcf-protection=none to retpoline flags"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]