On 3/2/2021 11:40 AM, Daniel P. Berrangé wrote:
The CFI protection is something I'd say is relevant to virtualization
use cases, not to emulation use cases
https://qemu-project.gitlab.io/qemu/system/security.html
IOW, the targets that are important to test are the ones where KVM
is available.
So that's s390x, ppc, x86, mips, and arm.
I think we can probably ignore mips as that's fairly niche.
We can also reasonably limit ourselves to only test the 64-bit
variants of the target, on the basis that 32-bit is increasingly
legacy/niche too.
So that gives us ppc64le, x86_64, aarch64 and s390x as the
targets we should get CI coverage for CFI.
Thanks Daniel,
I'll start working on a V3 that only contains those 4 targets, probably
in two sets of build/check/acceptance to maintain the jobs below the
hour mark.
These would still be x86 binaries that are not testing KVM, however,
because of the capabilities of the shared gitlab runners.
I see that there's some work from Cleber Rosa to allow running custom
jobs on aarch64 and s390x systems. I think that, when the infrastructure
is ready, having a KVM-based CFI test there would help a lot in terms of
coverage for those architectures.
