Re: HAS_CC_CET_IBT misdetected
Tue, 2 May 2023 14:41:25 +0100 Andrew Cooper : > Does this improve things for you? ./checker: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by ./checker) make[2]: *** [Makefile:24: check-headers] Error 1 I think as soon as tools/ or stubdom/ is built, more issues like that will appear. Olaf pgpvsoZY3X7gN.pgp Description: Digitale Signatur von OpenPGP
Re: HAS_CC_CET_IBT misdetected
Tue, 2 May 2023 15:44:41 +0200 Jan Beulich : > How would an out-of-tree build help (which for the hypervisor we now > have support for)? An incremental build there will hit exactly the same > issue afaict. Each container target will use a separate output directory. The Leap container will only see Leap things, the Tumbleweed container will only see Tumbleweed things. A toolchain update within a container will be no different than it is today. But there will be no unexpected jumps anymore. Olaf pgpFe_iBTlC3m.pgp Description: Digitale Signatur von OpenPGP
Re: HAS_CC_CET_IBT misdetected
On 02.05.2023 15:36, Olaf Hering wrote: > Tue, 2 May 2023 15:29:19 +0200 Jan Beulich : > >> Getting this to work automatically is a continued subject of discussion. > > I think the only real solution is an out-of-tree build. Essentially every > single component needs to detect a toolchain change. This is unrealistic. How would an out-of-tree build help (which for the hypervisor we now have support for)? An incremental build there will hit exactly the same issue afaict. Jan
Re: HAS_CC_CET_IBT misdetected
On 02/05/2023 1:04 pm, Olaf Hering wrote: > Tue, 2 May 2023 13:33:13 +0200 Olaf Hering : > >> I will investigate why it failed to build for me. > This happens if one builds first with the Tumbleweed container, and later > with the Leap container, without a 'git clean -dffx' in between. > > Is there a way to invalidate everything if the toolchain changes? I thought we had a fix for this. But it turns out it's still on the list. https://lore.kernel.org/xen-devel/20230320152836.43205-1-anthony.per...@citrix.com/ Does this improve things for you? ~Andrew
Re: HAS_CC_CET_IBT misdetected
Tue, 2 May 2023 15:29:19 +0200 Jan Beulich : > Getting this to work automatically is a continued subject of discussion. I think the only real solution is an out-of-tree build. Essentially every single component needs to detect a toolchain change. This is unrealistic. Olaf pgpjSDzLmeFs3.pgp Description: Digitale Signatur von OpenPGP
Re: HAS_CC_CET_IBT misdetected
On 02.05.2023 14:04, Olaf Hering wrote: > Tue, 2 May 2023 13:33:13 +0200 Olaf Hering : > >> I will investigate why it failed to build for me. > > This happens if one builds first with the Tumbleweed container, and later > with the Leap container, without a 'git clean -dffx' in between. > > Is there a way to invalidate everything if the toolchain changes? Getting this to work automatically is a continued subject of discussion. Touching xen/.config before starting the build ought to work, though. Jan
Re: HAS_CC_CET_IBT misdetected
Tue, 2 May 2023 13:33:13 +0200 Olaf Hering : > I will investigate why it failed to build for me. This happens if one builds first with the Tumbleweed container, and later with the Leap container, without a 'git clean -dffx' in between. Is there a way to invalidate everything if the toolchain changes? Olaf pgpQqBruBn6oh.pgp Description: Digitale Signatur von OpenPGP
Re: HAS_CC_CET_IBT misdetected
On 02/05/2023 12:33 pm, Olaf Hering wrote: > Tue, 2 May 2023 09:31:56 +0200 Jan Beulich : > >> How does 2.37 vs 2.39 matter? CET-IBT support is present in gas as of 2.29. > I have no idea. It turned out, the previous Leap image was based on 15.3, > while the current one will be 15.4. > > If I run this manually, it appears the error is produced properly: > > gcc -Wall -fcf-protection=branch -mmanual-endbr > -mindirect-branch=thunk-extern -c -x assembler -o /dev/null - ; echo $? > gcc: error: unrecognized command line option ‘-fcf-protection=branch’; did > you mean ‘-fno-protect-parens’? > gcc: error: unrecognized command line option ‘-mmanual-endbr’ > 1 > > An for some reason there is no failure with the refreshed image on gitlab: > > https://gitlab.com/xen-project/xen/-/jobs/4210269545/artifacts/external_file/build.log > > I will investigate why it failed to build for me. CET-IBT is far more dependent on the compiler, than it is on binutils. The minimum version of GCC necessary is 9, but if you've backported the requisite options then an older GCC will work too. ~Andrew
Re: HAS_CC_CET_IBT misdetected
Tue, 2 May 2023 09:31:56 +0200 Jan Beulich : > How does 2.37 vs 2.39 matter? CET-IBT support is present in gas as of 2.29. I have no idea. It turned out, the previous Leap image was based on 15.3, while the current one will be 15.4. If I run this manually, it appears the error is produced properly: gcc -Wall -fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern -c -x assembler -o /dev/null - ; echo $? gcc: error: unrecognized command line option ‘-fcf-protection=branch’; did you mean ‘-fno-protect-parens’? gcc: error: unrecognized command line option ‘-mmanual-endbr’ 1 An for some reason there is no failure with the refreshed image on gitlab: https://gitlab.com/xen-project/xen/-/jobs/4210269545/artifacts/external_file/build.log I will investigate why it failed to build for me. Olaf pgp0RK4oaSuzU.pgp Description: Digitale Signatur von OpenPGP
Re: HAS_CC_CET_IBT misdetected
On 02.05.2023 09:31, Jan Beulich wrote: > On 02.05.2023 07:48, Olaf Hering wrote: >> The next push to xen.git#staging will trigger a build failure in the >> refreshed Leap docker image. >> >> For some reason HAS_CC_CET_IBT will evaluate to true. I think the >> significant change is the binutils upgrade from 2.37 to 2.39 in November >> 2022. >> >> The comment indicates the combination of gcc7 and binutils 2.39 is supposed >> to evaluate HAS_CC_CET_IBT to false. > > How does 2.37 vs 2.39 matter? CET-IBT support is present in gas as of 2.29. > IOW I think it all ought to be tied to gcc being 7.x when 9.x is the > supposed minimum. Did you / could you check which of the three options > (-fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern) > is/are possibly recognized by the (likely also updated) gcc7 there? That > may provide a hint at what's going wrong ... Oh, it might further be relevant that Kconfig's cc-option passes -E to the compiler, yet none of the options actually affect pre-processing (and hence might not tried to be evaluated with -E). Jan
Re: HAS_CC_CET_IBT misdetected
On 02.05.2023 07:48, Olaf Hering wrote: > The next push to xen.git#staging will trigger a build failure in the > refreshed Leap docker image. > > For some reason HAS_CC_CET_IBT will evaluate to true. I think the significant > change is the binutils upgrade from 2.37 to 2.39 in November 2022. > > The comment indicates the combination of gcc7 and binutils 2.39 is supposed > to evaluate HAS_CC_CET_IBT to false. How does 2.37 vs 2.39 matter? CET-IBT support is present in gas as of 2.29. IOW I think it all ought to be tied to gcc being 7.x when 9.x is the supposed minimum. Did you / could you check which of the three options (-fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern) is/are possibly recognized by the (likely also updated) gcc7 there? That may provide a hint at what's going wrong ... Jan