On Tue, Mar 02, 2021 at 04:01:17PM -0500, Daniele Buono wrote: > On 3/2/2021 11:40 AM, Daniel P. Berrangé wrote: > > The CFI protection is something I'd say is relevant to virtualization > > use cases, not to emulation use cases > > > > https://qemu-project.gitlab.io/qemu/system/security.html > > > > IOW, the targets that are important to test are the ones where KVM > > is available. > > > > So that's s390x, ppc, x86, mips, and arm. > > > > I think we can probably ignore mips as that's fairly niche. > > We can also reasonably limit ourselves to only test the 64-bit > > variants of the target, on the basis that 32-bit is increasingly > > legacy/niche too. > > > > So that gives us ppc64le, x86_64, aarch64 and s390x as the > > targets we should get CI coverage for CFI. > > Thanks Daniel, > I'll start working on a V3 that only contains those 4 targets, probably in > two sets of build/check/acceptance to maintain the jobs below the hour mark. > > These would still be x86 binaries that are not testing KVM, however, > because of the capabilities of the shared gitlab runners.
Yes, that's fine. > I see that there's some work from Cleber Rosa to allow running custom jobs > on aarch64 and s390x systems. I think that, when the infrastructure is > ready, having a KVM-based CFI test there would help a lot in terms of > coverage for those architectures. Yep, that should be possible. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
