aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xconfigure22
-rw-r--r--meson.build44
-rw-r--r--meson_options.txt4
3 files changed, 68 insertions, 2 deletions
diff --git a/configure b/configure
index b6fb188151..5c8f3e5d81 100755
--- a/configure
+++ b/configure
@@ -411,6 +411,8 @@ coroutine=""
coroutine_pool="$default_feature"
debug_stack_usage="no"
crypto_afalg="no"
+cfi="false"
+cfi_debug="false"
seccomp="$default_feature"
glusterfs="$default_feature"
glusterfs_xlator_opt="no"
@@ -1195,6 +1197,16 @@ for opt do
;;
--disable-safe-stack) safe_stack="no"
;;
+ --enable-cfi)
+ cfi="true";
+ lto="true";
+ ;;
+ --disable-cfi) cfi="false"
+ ;;
+ --enable-cfi-debug) cfi_debug="true"
+ ;;
+ --disable-cfi-debug) cfi_debug="false"
+ ;;
--disable-curses) curses="disabled"
;;
--enable-curses) curses="enabled"
@@ -1788,7 +1800,13 @@ disabled with --disable-FEATURE, default is enabled if available
sparse sparse checker
safe-stack SafeStack Stack Smash Protection. Depends on
clang/llvm >= 3.7 and requires coroutine backend ucontext.
-
+ cfi Enable Control-Flow Integrity for indirect function calls.
+ In case of a cfi violation, QEMU is terminated with SIGILL
+ Depends on lto and is incompatible with modules
+ Automatically enables Link-Time Optimization (lto)
+ cfi-debug In case of a cfi violation, a message containing the line that
+ triggered the error is written to stderr. After the error,
+ QEMU is still terminated with SIGILL
gnutls GNUTLS cryptography support
nettle nettle cryptography support
gcrypt libgcrypt cryptography support
@@ -6971,7 +6989,7 @@ NINJA=$ninja $meson setup \
-Db_pie=$(if test "$pie" = yes; then echo true; else echo false; fi) \
${staticpic:+-Db_staticpic=$staticpic} \
-Db_coverage=$(if test "$gcov" = yes; then echo true; else echo false; fi) \
- -Db_lto=$lto \
+ -Db_lto=$lto -Dcfi=$cfi -Dcfi_debug=$cfi_debug \
-Dmalloc=$malloc -Dmalloc_trim=$malloc_trim -Dsparse=$sparse \
-Dkvm=$kvm -Dhax=$hax -Dwhpx=$whpx -Dhvf=$hvf \
-Dxen=$xen -Dxen_pci_passthrough=$xen_pci_passthrough -Dtcg=$tcg \
diff --git a/meson.build b/meson.build
index d05d880114..94ef023ad1 100644
--- a/meson.build
+++ b/meson.build
@@ -773,6 +773,7 @@ elif get_option('vhost_user_blk_server').disabled() or not have_system
have_vhost_user_blk_server = false
endif
+
if get_option('fuse').disabled() and get_option('fuse_lseek').enabled()
error('Cannot enable fuse-lseek while fuse is disabled')
endif
@@ -795,6 +796,46 @@ if not get_option('fuse_lseek').disabled()
endif
endif
+if get_option('cfi')
+ cfi_flags=[]
+ # Check for dependency on LTO
+ if not get_option('b_lto')
+ error('Selected Control-Flow Integrity but LTO is disabled')
+ endif
+ if config_host.has_key('CONFIG_MODULES')
+ error('Selected Control-Flow Integrity is not compatible with modules')
+ endif
+ # Check for cfi flags. CFI requires LTO so we can't use
+ # get_supported_arguments, but need a more complex "compiles" which allows
+ # custom arguments
+ if cc.compiles('int main () { return 0; }', name: '-fsanitize=cfi-icall',
+ args: ['-flto', '-fsanitize=cfi-icall'] )
+ cfi_flags += '-fsanitize=cfi-icall'
+ else
+ error('-fsanitize=cfi-icall is not supported by the compiler')
+ endif
+ if cc.compiles('int main () { return 0; }',
+ name: '-fsanitize-cfi-icall-generalize-pointers',
+ args: ['-flto', '-fsanitize=cfi-icall',
+ '-fsanitize-cfi-icall-generalize-pointers'] )
+ cfi_flags += '-fsanitize-cfi-icall-generalize-pointers'
+ else
+ error('-fsanitize-cfi-icall-generalize-pointers is not supported by the compiler')
+ endif
+ if get_option('cfi_debug')
+ if cc.compiles('int main () { return 0; }',
+ name: '-fno-sanitize-trap=cfi-icall',
+ args: ['-flto', '-fsanitize=cfi-icall',
+ '-fno-sanitize-trap=cfi-icall'] )
+ cfi_flags += '-fno-sanitize-trap=cfi-icall'
+ else
+ error('-fno-sanitize-trap=cfi-icall is not supported by the compiler')
+ endif
+ endif
+ add_project_arguments(cfi_flags, native: false, language: ['c', 'cpp', 'objc'])
+ add_project_link_arguments(cfi_flags, native: false, language: ['c', 'cpp', 'objc'])
+endif
+
#################
# config-host.h #
#################
@@ -831,6 +872,7 @@ config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
config_host_data.set('CONFIG_STATX', has_statx)
config_host_data.set('CONFIG_FUSE', fuse.found())
config_host_data.set('CONFIG_FUSE_LSEEK', fuse_lseek.found())
+config_host_data.set('CONFIG_CFI', get_option('cfi'))
config_host_data.set('QEMU_VERSION', '"@0@"'.format(meson.project_version()))
config_host_data.set('QEMU_VERSION_MAJOR', meson.project_version().split('.')[0])
config_host_data.set('QEMU_VERSION_MINOR', meson.project_version().split('.')[1])
@@ -2195,6 +2237,8 @@ if targetos == 'windows'
summary_info += {'QGA MSI support': config_host.has_key('CONFIG_QGA_MSI')}
endif
summary_info += {'seccomp support': config_host.has_key('CONFIG_SECCOMP')}
+summary_info += {'CFI support': get_option('cfi')}
+summary_info += {'CFI debug support': get_option('cfi_debug')}
summary_info += {'coroutine backend': config_host['CONFIG_COROUTINE_BACKEND']}
summary_info += {'coroutine pool': config_host['CONFIG_COROUTINE_POOL'] == '1'}
summary_info += {'debug stack usage': config_host.has_key('CONFIG_DEBUG_STACK_USAGE')}
diff --git a/meson_options.txt b/meson_options.txt
index f8f053b5c8..242e0769fb 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -35,6 +35,10 @@ option('xen_pci_passthrough', type: 'feature', value: 'auto',
description: 'Xen PCI passthrough support')
option('tcg', type: 'feature', value: 'auto',
description: 'TCG support')
+option('cfi', type: 'boolean', value: 'false',
+ description: 'Control-Flow Integrity (CFI)')
+option('cfi_debug', type: 'boolean', value: 'false',
+ description: 'Verbose errors in case of CFI violation')
option('cocoa', type : 'feature', value : 'auto',
description: 'Cocoa user interface (macOS only)')