On Mon, 29 Jun 2020 at 08:18, Kees Cook <keescook@xxxxxxxxxxxx> wrote: > > In preparation for building efi/libstub with -mbranch-protection=none > (EFI does not support branch protection features[1]), add no-op code > to work around a Clang bug that emits an unwanted .note.gnu.property > section for object files without code[2]. > > [1] https://lore.kernel.org/lkml/CAMj1kXHck12juGi=E=P4hWP_8vQhQ+-x3vBMc3TGeRWdQ-XkxQ@xxxxxxxxxxxxxx > [2] https://bugs.llvm.org/show_bug.cgi?id=46480 > > Cc: Ard Biesheuvel <ardb@xxxxxxxxxx> > Cc: Will Deacon <will@xxxxxxxxxx> > Cc: Dave Martin <Dave.Martin@xxxxxxx> > Cc: clang-built-linux@xxxxxxxxxxxxxxxx > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > lib/ctype.c | 10 ++++++++++ > 1 file changed, 10 insertions(+) > > diff --git a/lib/ctype.c b/lib/ctype.c > index c819fe269eb2..21245ed57d90 100644 > --- a/lib/ctype.c > +++ b/lib/ctype.c > @@ -36,3 +36,13 @@ _L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L,_L, /* 224-239 */ > _L,_L,_L,_L,_L,_L,_L,_P,_L,_L,_L,_L,_L,_L,_L,_L}; /* 240-255 */ > > EXPORT_SYMBOL(_ctype); > + > +/* > + * Clang will generate .note.gnu.property sections for object files > + * without code, even in the presence of -mbranch-protection=none. > + * To work around this, define an unused static function. > + * https://bugs.llvm.org/show_bug.cgi?id=46480 > + */ > +#ifdef CONFIG_CC_IS_CLANG > +void __maybe_unused __clang_needs_code_here(void) { } > +#endif > -- > 2.25.1 > I take it we don't need this horrible hack if we build the EFI stub with branch protections and filter out the .note.gnu.property section explicitly? Sorry to backpedal, but that is probably a better approach after all, given that the instructions don't hurt, and we will hopefully be able to arm them once UEFI (as well as PE/COFF) gets around to describing this in a way that both the firmware and the OS can consume.