On 13/03/19 14:31, Florian Weimer wrote: > * Paolo Bonzini: > >> Actually I might change it to cf-protection, since that's what the GCC >> flag is named. > > The GCC flag is supposed to generic, so that it can be used for similar > features other architectures might provide. Your code looks rather > x86-centric to me, so CET seems appropriate here.
The configure option is generic. When enabled, the Makefiles will *disable* CET features selectively on object files that do not support that feature, and the disabled feature will propagate to the binary. Even without any further target-specific patches, user-mode emulation binaries will always have shadow stacks, because they don't need coroutines and don't include the problematic util/coroutine-ucontext.o object file. Likewise, system-mode emulation binaries will have indirect branch tracking if built without binary translation support (i.e. Xen/KVM only). What the next patches do is to enable the full set of control flow protections on all binaries on Intel targets. However, a subset can be made available without any target-specific code, and that part is supposed to be generic just like GCC's -fcf-protection flag. And yes, all this probably should go in more verbose commit messages... Paolo
