From bf2f69d08bf158bfdbbe251357452f9576489b6d Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 11 Apr 2022 09:41:27 +0200 Subject: [PATCH] net: slirp: allow CFI with libslirp >= 4.7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit slirp 4.7 introduces a new CFI-friendly timer callback that does not pass function pointers within libslirp as callbacks for timers. Check the version number and, if it is new enough, allow using CFI even with a system libslirp. Reviewed-by: Samuel Thibault Reviewed-by: Marc-André Lureau Signed-off-by: Paolo Bonzini --- meson.build | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/meson.build b/meson.build index ea72ba7c2f..9b20dcd143 100644 --- a/meson.build +++ b/meson.build @@ -2637,10 +2637,25 @@ if have_system slirp_opt = get_option('slirp') if slirp_opt in ['enabled', 'auto', 'system'] have_internal = fs.exists(meson.current_source_dir() / 'slirp/meson.build') + slirp_dep_required = (slirp_opt == 'system' or + slirp_opt == 'enabled' and not have_internal) slirp = dependency('slirp', kwargs: static_kwargs, method: 'pkg-config', version: '>=4.1.0', - required: slirp_opt == 'system' or - slirp_opt == 'enabled' and not have_internal) + required: slirp_dep_required) + # slirp <4.7 is incompatible with CFI support in QEMU. This is because + # it passes function pointers within libslirp as callbacks for timers. + # When using a system-wide shared libslirp, the type information for the + # callback is missing and the timer call produces a false positive with CFI. + # Do not use the "version" keyword argument to produce a better error. + # with control-flow integrity. + if get_option('cfi') and slirp.found() and slirp.version().version_compare('<4.7') + if slirp_dep_required + error('Control-Flow Integrity requires libslirp 4.7.') + else + warning('Control-Flow Integrity requires libslirp 4.7, not using system-wide libslirp.') + slirp = not_found + endif + endif if slirp.found() slirp_opt = 'system' elif have_internal @@ -2713,18 +2728,6 @@ if have_system endif endif -# For CFI, we need to compile slirp as a static library together with qemu. -# This is because we register slirp functions as callbacks for QEMU Timers. -# When using a system-wide shared libslirp, the type information for the -# callback is missing and the timer call produces a false positive with CFI. -# -# Now that slirp_opt has been defined, check if the selected slirp is compatible -# with control-flow integrity. -if get_option('cfi') and slirp_opt == 'system' - error('Control-Flow Integrity is not compatible with system-wide slirp.' \ - + ' Please configure with --enable-slirp=git') -endif - fdt = not_found if have_system fdt_opt = get_option('fdt')