On 23/10/20 22:06, Daniele Buono wrote:
> +
> +if test "$cfi" = "yes"; then
> + # Compiler/Linker Flags that needs to be added for cfi:
> + # -fsanitize=cfi-icall to enable control-flow integrity checks on
> + # indirect function calls.
> + # -fsanitize-cfi-icall-generalize-pointers to allow indirect function calls
> + # with pointers of a different type (i.e. pass a void* to a
> + # function that expects a char*). Used in some spots in QEMU,
> + # with compile-time type checks done by macros
> + # -fno-sanitize-trap=cfi-icall, when debug is enabled, to display the
> + # position in the code that triggered a CFI violation
> +
> + # Make sure that LTO is enabled
> + if test "$lto" != "true"; then
> + error_exit "Control Flow Integrity requires Link-Time Optimization (LTO)"
> + fi
> +
> + test_cflag="-fsanitize=cfi-icall -fsanitize-cfi-icall-generalize-pointers"
> + test_ldflag="-fsanitize=cfi-icall"
Can you pass both options to the linker for simplicity?
Unless you need to add the flag to CONFIGURE_CFLAGS/CONFIGURE_LDFLAGS,
please do all the tests in meson instead, it's much simpler to do
something like
if get_option('cfi')
cfi_flags=['-fsanitize=cfi-icall',
'-fsanitize-cfi-icall-generalize-pointers']
if get_option('cfi_debug')
cfi_flags += 'fno-sanitize-trap=cfi-icall'
endif
if cc.get_supported_arguments(cfi_flags).length() != cfi_flags.length()
error('...')
endif
add_project_arguments(cfi_flags, native: false, language: ['c', 'cpp',
'objc'])
)
add_project_link_arguments(cfi_flags, native: false, language: ['c',
'cpp', 'objc'])
)
endif
> + if test "$cfi_debug" = "yes"; then
> + error_exit "Cannot enable Control Flow Integrity debugging since CFI is
> not enabled"
> + fi
> +fi
Generally dependent options are ignored so you can remove this part.
Paolo
