On 3/13/19 5:40 AM, Paolo Bonzini wrote: > +########################################## > +# detect CET support in the toolchain > + > +if test "$cet" != no; then > + write_c_skeleton; > + if ! compile_prog "-fcf-protection" "" ; then > + if test "$cet" = yes; then > + feature_not_found "cet" 'CET is not supported by your toolchain' > + fi > + cet=no > + fi > +fi > +if test "$cet" = ""; then > + cet=yes > + QEMU_CFLAGS="-fcf-protection $QEMU_CFLAGS" > +fi
Hmm. The gcc for aarch64 names the similar feature -mbranch-protection. I'm rather annoyed that the i386 gcc folk appropriated a generic -f name without actually making the feature generic at the same time. Thankfully the aarch64 version does not include shadow stacks, and so is less invasive into the normal abi -- ARM uses pointer authentication instead. r~
