9e62ba48ea
This patch adds a flag to enable/disable control flow integrity checks on indirect function calls. This feature only allows indirect function calls at runtime to functions with compatible signatures. This feature is only provided by LLVM/Clang, and depends on link-time optimization which is currently supported only with LLVM/Clang >= 6.0 We also add an option to enable a debugging version of cfi, with verbose output in case of a CFI violation. CFI on indirect function calls does not support calls to functions in shared libraries (since they were not known at compile time), and such calls are forbidden. QEMU relies on dlopen/dlsym when using modules, so we make modules incompatible with CFI. All the checks are performed in meson.build. configure is only used to forward the flags to meson Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com> Message-Id: <20201204230615.2392-5-dbuono@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
87 lines
4.3 KiB
Meson
87 lines
4.3 KiB
Meson
option('qemu_suffix', type : 'string', value: 'qemu',
|
|
description: 'Suffix for QEMU data/modules/config directories (can be empty)')
|
|
option('docdir', type : 'string', value : 'doc',
|
|
description: 'Base directory for documentation installation (can be empty)')
|
|
option('qemu_firmwarepath', type : 'string', value : '',
|
|
description: 'search PATH for firmware files')
|
|
option('sphinx_build', type : 'string', value : '',
|
|
description: 'Use specified sphinx-build [$sphinx_build] for building document (default to be empty)')
|
|
|
|
option('docs', type : 'feature', value : 'auto',
|
|
description: 'Documentations build support')
|
|
option('gettext', type : 'feature', value : 'auto',
|
|
description: 'Localization of the GTK+ user interface')
|
|
option('install_blobs', type : 'boolean', value : true,
|
|
description: 'install provided firmware blobs')
|
|
option('sparse', type : 'feature', value : 'auto',
|
|
description: 'sparse checker')
|
|
|
|
option('malloc_trim', type : 'feature', value : 'auto',
|
|
description: 'enable libc malloc_trim() for memory optimization')
|
|
option('malloc', type : 'combo', choices : ['system', 'tcmalloc', 'jemalloc'],
|
|
value: 'system', description: 'choose memory allocator to use')
|
|
|
|
option('kvm', type: 'feature', value: 'auto',
|
|
description: 'KVM acceleration support')
|
|
option('hax', type: 'feature', value: 'auto',
|
|
description: 'HAX acceleration support')
|
|
option('whpx', type: 'feature', value: 'auto',
|
|
description: 'WHPX acceleration support')
|
|
option('hvf', type: 'feature', value: 'auto',
|
|
description: 'HVF acceleration support')
|
|
option('xen', type: 'feature', value: 'auto',
|
|
description: 'Xen backend support')
|
|
option('xen_pci_passthrough', type: 'feature', value: 'auto',
|
|
description: 'Xen PCI passthrough support')
|
|
option('tcg', type: 'feature', value: 'auto',
|
|
description: 'TCG support')
|
|
option('cfi', type: 'boolean', value: 'false',
|
|
description: 'Control-Flow Integrity (CFI)')
|
|
option('cfi_debug', type: 'boolean', value: 'false',
|
|
description: 'Verbose errors in case of CFI violation')
|
|
|
|
option('cocoa', type : 'feature', value : 'auto',
|
|
description: 'Cocoa user interface (macOS only)')
|
|
option('mpath', type : 'feature', value : 'auto',
|
|
description: 'Multipath persistent reservation passthrough')
|
|
option('iconv', type : 'feature', value : 'auto',
|
|
description: 'Font glyph conversion support')
|
|
option('curses', type : 'feature', value : 'auto',
|
|
description: 'curses UI')
|
|
option('libudev', type : 'feature', value : 'auto',
|
|
description: 'Use libudev to enumerate host devices')
|
|
option('sdl', type : 'feature', value : 'auto',
|
|
description: 'SDL user interface')
|
|
option('sdl_image', type : 'feature', value : 'auto',
|
|
description: 'SDL Image support for icons')
|
|
option('u2f', type : 'feature', value : 'auto',
|
|
description: 'U2F emulation support')
|
|
option('vnc', type : 'feature', value : 'enabled',
|
|
description: 'VNC server')
|
|
option('vnc_jpeg', type : 'feature', value : 'auto',
|
|
description: 'JPEG lossy compression for VNC server')
|
|
option('vnc_png', type : 'feature', value : 'auto',
|
|
description: 'PNG compression for VNC server')
|
|
option('vnc_sasl', type : 'feature', value : 'auto',
|
|
description: 'SASL authentication for VNC server')
|
|
option('xkbcommon', type : 'feature', value : 'auto',
|
|
description: 'xkbcommon support')
|
|
option('virtiofsd', type: 'feature', value: 'auto',
|
|
description: 'build virtiofs daemon (virtiofsd)')
|
|
option('vhost_user_blk_server', type: 'feature', value: 'auto',
|
|
description: 'build vhost-user-blk server')
|
|
option('fuse', type: 'feature', value: 'auto',
|
|
description: 'FUSE block device export')
|
|
option('fuse_lseek', type : 'feature', value : 'auto',
|
|
description: 'SEEK_HOLE/SEEK_DATA support for FUSE exports')
|
|
|
|
option('capstone', type: 'combo', value: 'auto',
|
|
choices: ['disabled', 'enabled', 'auto', 'system', 'internal'],
|
|
description: 'Whether and how to find the capstone library')
|
|
option('slirp', type: 'combo', value: 'auto',
|
|
choices: ['disabled', 'enabled', 'auto', 'system', 'internal'],
|
|
description: 'Whether and how to find the slirp library')
|
|
option('fdt', type: 'combo', value: 'auto',
|
|
choices: ['disabled', 'enabled', 'auto', 'system', 'internal'],
|
|
description: 'Whether and how to find the libfdt library')
|