[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 3/7] configure: add CET support
|
From: |
Paolo Bonzini |
|
Subject: |
Re: [Qemu-devel] [PATCH 3/7] configure: add CET support |
|
Date: |
Wed, 13 Mar 2019 14:35:50 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
On 13/03/19 14:31, Florian Weimer wrote:
> * Paolo Bonzini:
>
>> Actually I might change it to cf-protection, since that's what the GCC
>> flag is named.
>
> The GCC flag is supposed to generic, so that it can be used for similar
> features other architectures might provide. Your code looks rather
> x86-centric to me, so CET seems appropriate here.
The configure option is generic. When enabled, the Makefiles will
*disable* CET features selectively on object files that do not support
that feature, and the disabled feature will propagate to the binary.
Even without any further target-specific patches, user-mode emulation
binaries will always have shadow stacks, because they don't need
coroutines and don't include the problematic util/coroutine-ucontext.o
object file. Likewise, system-mode emulation binaries will have
indirect branch tracking if built without binary translation support
(i.e. Xen/KVM only).
What the next patches do is to enable the full set of control flow
protections on all binaries on Intel targets. However, a subset can be
made available without any target-specific code, and that part is
supposed to be generic just like GCC's -fcf-protection flag.
And yes, all this probably should go in more verbose commit messages...
Paolo
[Qemu-devel] [PATCH 7/7] coroutine-x86: add CET shadow stack support, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 4/7] tcg: add tcg_out_start, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 6/7] linux-user: add IBT support to x86 safe-syscall.S, Paolo Bonzini, 2019/03/13