From nobody Mon Nov 10 01:14:39 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=fail(p=none dis=none)  header.from=redhat.com
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1552481164791276.7761229221171;
 Wed, 13 Mar 2019 05:46:04 -0700 (PDT)
Received: from localhost ([127.0.0.1]:43991 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1h43Gk-00059T-Lp
	for importer@patchew.org; Wed, 13 Mar 2019 08:46:02 -0400
Received: from eggs.gnu.org ([209.51.188.92]:33268)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1h43Bu-0001K4-Qr
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 08:41:03 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <pbonzini@redhat.com>) id 1h43Bs-0005JH-SD
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 08:41:02 -0400
Received: from mx1.redhat.com ([209.132.183.28]:56340)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <pbonzini@redhat.com>) id 1h43Bo-0005Gk-TN
	for qemu-devel@nongnu.org; Wed, 13 Mar 2019 08:40:58 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 581EB30FAF16;
	Wed, 13 Mar 2019 12:40:55 +0000 (UTC)
Received: from donizetti.redhat.com (ovpn-112-43.ams2.redhat.com
	[10.36.112.43])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9A4331001E6A;
	Wed, 13 Mar 2019 12:40:53 +0000 (UTC)
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Date: Wed, 13 Mar 2019 13:40:38 +0100
Message-Id: <20190313124042.12855-4-pbonzini@redhat.com>
In-Reply-To: <20190313124042.12855-1-pbonzini@redhat.com>
References: <20190313124042.12855-1-pbonzini@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.44]);
	Wed, 13 Mar 2019 12:40:55 +0000 (UTC)
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.132.183.28
Subject: [Qemu-devel] [PATCH 3/7] configure: add CET support
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: fweimer@redhat.com, kwolf@redhat.com, richard.henderson@linaro.org,
	stefanha@redhat.com
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Content-Type: text/plain; charset="utf-8"

CET requires object files to note which features are supported.  The linker
will merge them to the set of features that are supported by all object
files.  The compiler creates these notes when the -fcf-protection option
is passed, but we have to blacklist some object files that only support
a subset of the full CET feature set.  The next patches will improve the
situation so that QEMU can be built with full protection.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 configure          | 27 +++++++++++++++++++++++++++
 Makefile.target    |  3 +++
 util/Makefile.objs |  5 +++++
 3 files changed, 35 insertions(+)

diff --git a/configure b/configure
index 42a7e479fd..4470fe8e74 100755
--- a/configure
+++ b/configure
@@ -446,6 +446,7 @@ win_sdk=3D"no"
 want_tools=3D"yes"
 libiscsi=3D""
 libnfs=3D""
+cet=3D"no"      # leave it disabled until we can test performance
 coroutine=3D""
 coroutine_pool=3D""
 debug_stack_usage=3D"no"
@@ -1246,6 +1247,10 @@ for opt do
   ;;
   --with-pkgversion=3D*) pkgversion=3D"$optarg"
   ;;
+  --enable-cet) cet=3D"yes"
+  ;;
+  --disable-cet) cet=3D"no"
+  ;;
   --with-coroutine=3D*) coroutine=3D"$optarg"
   ;;
   --disable-coroutine-pool) coroutine_pool=3D"no"
@@ -1757,6 +1762,7 @@ disabled with --disable-FEATURE, default is enabled i=
f available:
   lzfse           support of lzfse compression library
                   (for reading lzfse-compressed dmg images)
   seccomp         seccomp support
+  cet             Control-flow Enforcement Technology
   coroutine-pool  coroutine freelist (better performance)
   glusterfs       GlusterFS backend
   tpm             TPM support
@@ -5074,6 +5080,23 @@ if have_backend "dtrace"; then
   fi
 fi
=20
+##########################################
+# detect CET support in the toolchain
+
+if test "$cet" !=3D no; then
+  write_c_skeleton;
+  if ! compile_prog "-fcf-protection" "" ; then
+    if test "$cet" =3D yes; then
+      feature_not_found "cet" 'CET is not supported by your toolchain'
+    fi
+    cet=3Dno
+  fi
+fi
+if test "$cet" =3D ""; then
+  cet=3Dyes
+  QEMU_CFLAGS=3D"-fcf-protection $QEMU_CFLAGS"
+fi
+
 ##########################################
 # check and set a backend for coroutine
=20
@@ -6258,6 +6281,7 @@ echo "netmap support    $netmap"
 echo "Linux AIO support $linux_aio"
 echo "ATTR/XATTR support $attr"
 echo "Install blobs     $blobs"
+echo "CET support       $cet"
 echo "KVM support       $kvm"
 echo "HAX support       $hax"
 echo "HVF support       $hvf"
@@ -6468,6 +6492,9 @@ fi
 if test "$profiler" =3D "yes" ; then
   echo "CONFIG_PROFILER=3Dy" >> $config_host_mak
 fi
+if test "$cet" =3D "yes" ; then
+  echo "CONFIG_CET=3Dy" >> $config_host_mak
+fi
 if test "$slirp" !=3D "no"; then
   echo "CONFIG_SLIRP=3Dy" >> $config_host_mak
   echo "CONFIG_SMBD_COMMAND=3D\"$smbd\"" >> $config_host_mak
diff --git a/Makefile.target b/Makefile.target
index d8048aab8f..fa143d7b4b 100644
--- a/Makefile.target
+++ b/Makefile.target
@@ -113,6 +113,9 @@ obj-y +=3D exec.o
 obj-y +=3D accel/
 obj-$(CONFIG_TCG) +=3D tcg/tcg.o tcg/tcg-op.o tcg/tcg-op-vec.o tcg/tcg-op-=
gvec.o
 obj-$(CONFIG_TCG) +=3D tcg/tcg-common.o tcg/optimize.o
+ifeq ($(CONFIG_CET),y)
+tcg/tcg.o-cflags :=3D -fcf-protection=3Dreturn
+endif
 obj-$(CONFIG_TCG_INTERPRETER) +=3D tcg/tci.o
 obj-$(CONFIG_TCG_INTERPRETER) +=3D disas/tci.o
 obj-$(CONFIG_TCG) +=3D fpu/softfloat.o
diff --git a/util/Makefile.objs b/util/Makefile.objs
index 0808d86a19..93a8397aae 100644
--- a/util/Makefile.objs
+++ b/util/Makefile.objs
@@ -39,6 +39,11 @@ util-obj-y +=3D qemu-coroutine.o qemu-coroutine-lock.o q=
emu-coroutine-io.o
 util-obj-y +=3D qemu-coroutine-sleep.o
 util-obj-y +=3D coroutine-$(CONFIG_COROUTINE_BACKEND).o
 coroutine-x86.o-cflags :=3D -mno-red-zone
+ifeq ($(CONFIG_CET),y)
+coroutine-sigaltstack.o-cflags :=3D -fcf-protection=3Dbranch
+coroutine-ucontext.o-cflags :=3D -fcf-protection=3Dbranch
+coroutine-x86.o-cflags +=3D -fcf-protection=3Dbranch
+endif
 util-obj-y +=3D buffer.o
 util-obj-y +=3D timed-average.o
 util-obj-y +=3D base64.o
--=20
2.20.1