diff options
author | Daniele Buono <dbuono@linux.vnet.ibm.com> | 2020-12-04 18:06:13 -0500 |
---|---|---|
committer | Paolo Bonzini <pbonzini@redhat.com> | 2021-01-02 21:03:36 +0100 |
commit | 24496fe851268eec3994489a772842484376507d (patch) | |
tree | 28e15b3013593d86f3103d4863c30d243305b9ad /tests | |
parent | c905a3680dc1dae044ea6b9aaf9f0482e5ebf63c (diff) |
check-block: enable iotests with cfi-icall
cfi-icall is a form of Control-Flow Integrity for indirect function
calls implemented by llvm. It is enabled with a -fsanitize flag.
iotests are currently disabled when -fsanitize options is used, with the
exception of SafeStack.
This patch implements a generic filtering mechanism to allow iotests
with a set of known-to-be-safe -fsanitize option. Then marks SafeStack
and the new options used for cfi-icall safe for iotests
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
Message-Id: <20201204230615.2392-4-dbuono@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Diffstat (limited to 'tests')
-rwxr-xr-x | tests/check-block.sh | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/tests/check-block.sh b/tests/check-block.sh index f6b1bda7b9..fb4c1baae9 100755 --- a/tests/check-block.sh +++ b/tests/check-block.sh @@ -21,14 +21,18 @@ if grep -q "CONFIG_GPROF=y" config-host.mak 2>/dev/null ; then exit 0 fi -# Disable tests with any sanitizer except for SafeStack -CFLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ) -SANITIZE_FLAGS="" -#Remove all occurrencies of -fsanitize=safe-stack -for i in ${CFLAGS}; do - if [ "${i}" != "-fsanitize=safe-stack" ]; then - SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}" +# Disable tests with any sanitizer except for specific ones +SANITIZE_FLAGS=$( grep "CFLAGS.*-fsanitize" config-host.mak 2>/dev/null ) +ALLOWED_SANITIZE_FLAGS="safe-stack cfi-icall" +#Remove all occurrencies of allowed Sanitize flags +for j in ${ALLOWED_SANITIZE_FLAGS}; do + TMP_FLAGS=${SANITIZE_FLAGS} + SANITIZE_FLAGS="" + for i in ${TMP_FLAGS}; do + if ! echo ${i} | grep -q "${j}" 2>/dev/null; then + SANITIZE_FLAGS="${SANITIZE_FLAGS} ${i}" fi + done done if echo ${SANITIZE_FLAGS} | grep -q "\-fsanitize" 2>/dev/null; then # Have a sanitize flag that is not allowed, stop |