| commit | 9e62ba48ea7e4a95892f6032f89801e5dcb5c261 | |
| author | Daniele Buono <dbuono@linux.vnet.ibm.com> | |
| Fri, 4 Dec 2020 23:06:14 +0000 (4 18:06 -0500) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Sat, 2 Jan 2021 20:03:36 +0000 (2 21:03 +0100) | ||
| tree | df8ee4df0955260743db7e2ac7542121f7093cf9 | treesnapshot (tar.gz zip) |
| parent | 24496fe851268eec3994489a772842484376507d | commitdiff |
configure,meson: support Control-Flow Integrity
This patch adds a flag to enable/disable control flow integrity checks
on indirect function calls.
This feature only allows indirect function calls at runtime to functions
with compatible signatures.
This feature is only provided by LLVM/Clang, and depends on link-time
optimization which is currently supported only with LLVM/Clang >= 6.0
We also add an option to enable a debugging version of cfi, with verbose
output in case of a CFI violation.
CFI on indirect function calls does not support calls to functions in
shared libraries (since they were not known at compile time), and such
calls are forbidden. QEMU relies on dlopen/dlsym when using modules,
so we make modules incompatible with CFI.
All the checks are performed in meson.build. configure is only used to
forward the flags to meson
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201204230615.2392-5-dbuono@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This patch adds a flag to enable/disable control flow integrity checks
on indirect function calls.
This feature only allows indirect function calls at runtime to functions
with compatible signatures.
This feature is only provided by LLVM/Clang, and depends on link-time
optimization which is currently supported only with LLVM/Clang >= 6.0
We also add an option to enable a debugging version of cfi, with verbose
output in case of a CFI violation.
CFI on indirect function calls does not support calls to functions in
shared libraries (since they were not known at compile time), and such
calls are forbidden. QEMU relies on dlopen/dlsym when using modules,
so we make modules incompatible with CFI.
All the checks are performed in meson.build. configure is only used to
forward the flags to meson
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201204230615.2392-5-dbuono@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| configure | diffblobblamehistory | |
| meson.build | diffblobblamehistory | |
| meson_options.txt | diffblobblamehistory |