@@ -63,7 +63,16 @@ CFLAGS += -mno-red-zone -fpic -fno-asynchronous-unwind-tables
CFLAGS += -mno-sse $(call cc-option,$(CC),-mskip-rax-setup)
# Compile with thunk-extern, indirect-branch-register if avaiable.
-CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch=thunk-extern
+# Some versions of gcc error: "‘-mindirect-branch’ and ‘-fcf-protection’ are
+# not compatible". For those, we need to disable cf-protection with
+# -fcf-protection=none
+cc-mindirect-branch = $(shell if test -n "`echo 'void foo(void) {};' | \
+ LANG=C $(CC) -mindirect-branch=thunk-extern -S -o /dev/null -x c - 2>&1 | \
+ grep -- '-mindirect-branch.*-fcf-protection.*are not compatible' -`"; \
+ then echo "-mindirect-branch=thunk-extern -fcf-protection=none"; \
+ else echo "-mindirect-branch=thunk-extern"; fi ;)
+
+CFLAGS-$(CONFIG_INDIRECT_THUNK) += $(call cc-mindirect-branch)
CFLAGS-$(CONFIG_INDIRECT_THUNK) += -mindirect-branch-register
CFLAGS-$(CONFIG_INDIRECT_THUNK) += -fno-jump-tables
Ubuntu gcc-9 enables -fcf-protection by default, which conflicts with -mindirect-branch=extern and prevents building the hypervisor with CONFIG_INDIRECT_THUNK: xmalloc.h:81:1: error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible Detect this incompatible combination, and add -fcf-protection=none to allow the build to succeed. To actually generated the error, the compiled program must include a function. CC: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Jason Andryuk <jandryuk@gmail.com> --- xen/arch/x86/arch.mk | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)