[PATCH 2/2] kbuild: add '-fcf-protection=none' to barebox build options

Ahmad Fatoum ahmad at a3f.at
Tue Feb 23 02:24:27 EST 2021

Ubuntu 19.10 enables this by default for x86 architectures. The option
instructs the compiler to generate special nop instruction at all places
where execution may jump to. This not only means the incoming setjmp
implementations will need to be adjusted[1], but in case the option is
extended to expose similar features of other microarches, this could
lead to breakages there with newer compilers. Only safe way to use it
seems to disable it wholesale and enable it selectively for platforms that
are aware of it. So do the disabling part.

[1]: https://github.com/ipxe/ipxe/commit/e8393c372

Signed-off-by: Ahmad Fatoum <ahmad at a3f.at>
 Makefile | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Makefile b/Makefile
index fa7fbbeb35f0..261c68c1865d 100644
--- a/Makefile
+++ b/Makefile
@@ -625,6 +625,10 @@ KBUILD_CFLAGS	+= $(call cc-option,-fno-strict-overflow)
 # Make sure -fstack-check isn't enabled (like gentoo apparently did)
 KBUILD_CFLAGS  += $(call cc-option,-fno-stack-check)
+# ensure -fcf-protection is disabled as it is incompatible with our sjlj
+# Platforms that have their setjmp appropriately implemented may override this
+KBUILD_CFLAGS += $(call cc-option,-fcf-protection=none)
 KBUILD_CFLAGS   += $(call cc-disable-warning, address-of-packed-member)
 # Align the bit size of userspace programs with the kernel

More information about the barebox mailing list