slirp 4.7 introduces a new CFI-friendly timer callback that does
not pass function pointers within libslirp as callbacks for timers.
Check the version number and, if it is new enough, allow using CFI
even with a system libslirp.
Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
---
meson.build | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/meson.build b/meson.build
index 861de93c4f..92a83580a3 100644
--- a/meson.build
+++ b/meson.build
@@ -2485,21 +2485,21 @@ if have_system
slirp = declare_dependency(link_with: libslirp,
dependencies: slirp_deps,
include_directories: slirp_inc)
+ else
+ # slirp <4.7 is incompatible with CFI support in QEMU. This is because
+ # it passes function pointers within libslirp as callbacks for timers.
+ # When using a system-wide shared libslirp, the type information for the
+ # callback is missing and the timer call produces a false positive with
CFI.
+ #
+ # Now that slirp_opt has been defined, check if the selected slirp is
compatible
+ # with control-flow integrity.
+ if get_option('cfi') and slirp.found() and
slirp.version().version_compare('<4.7')
+ error('Control-Flow Integrity is not compatible with system-wide slirp.'
\
+ + ' Please configure with --enable-slirp=git or upgrade to
libslirp 4.7')
+ endif
endif
endif
-# For CFI, we need to compile slirp as a static library together with qemu.
-# This is because we register slirp functions as callbacks for QEMU Timers.
-# When using a system-wide shared libslirp, the type information for the
-# callback is missing and the timer call produces a false positive with CFI.
-#
-# Now that slirp_opt has been defined, check if the selected slirp is
compatible
-# with control-flow integrity.
-if get_option('cfi') and slirp_opt == 'system'
- error('Control-Flow Integrity is not compatible with system-wide slirp.' \
- + ' Please configure with --enable-slirp=git')
-endif
-
fdt = not_found
if have_system
fdt_opt = get_option('fdt')
--
2.35.1
