On 05.04.2022 12:58, Andrew Cooper wrote: > On 05/04/2022 11:18, Jan Beulich wrote: >> On 01.04.2022 17:05, Andrew Cooper wrote: >>> On 01/04/2022 15:48, Andrew Cooper wrote: >>>> On 01/04/2022 15:37, Roger Pau Monne wrote: >>>>> Setting the fcf-protection=none option in EMBEDDED_EXTRA_CFLAGS in the >>>>> Makefile doesn't get it propagated to the subdirectories, so instead >>>>> set the flag in firmware/Rules.mk, like it's done for other compiler >>>>> flags. >>>>> >>>>> Fixes: 3667f7f8f7 ('x86: Introduce support for CET-IBT') >>>>> Signed-off-by: Roger Pau Monné <roger....@citrix.com> >>>> Acked-by: Andrew Cooper <andrew.coop...@citrix.com> >>> This also needs backporting with the XSA-398 CET-IBT fixes. >> I don't think so - the backports of the original commit didn't include >> what this patch fixes. I have queued patch 2 of this series though. > > In which case I screwed up the backport. (I remember spotting this bug > and thought I'd corrected it, but clearly not.) tools/firmware really > does need to be -fcf-protection=none to counteract the defaults in > Ubuntu/etc.
Okay, I'll adjust title and description some then while doing the backport. Jan