Hi
On Thu, May 5, 2022 at 1:04 AM Paolo Bonzini <pbonz...@redhat.com> wrote:
> slirp 4.7 introduces a new CFI-friendly timer callback that does
> not pass function pointers within libslirp as callbacks for timers.
> Check the version number and, if it is new enough, allow using CFI
> even with a system libslirp.
>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
>
Reviewed-by: Marc-André Lureau <marcandre.lur...@redhat.com>
> ---
> meson.build | 31 +++++++++++++++++--------------
> 1 file changed, 17 insertions(+), 14 deletions(-)
>
> diff --git a/meson.build b/meson.build
> index c26aa442d4..defe604065 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -2509,10 +2509,25 @@ if have_system
> slirp_opt = get_option('slirp')
> if slirp_opt in ['enabled', 'auto', 'system']
> have_internal = fs.exists(meson.current_source_dir() /
> 'slirp/meson.build')
> + slirp_dep_required = (slirp_opt == 'system' or
> + slirp_opt == 'enabled' and not have_internal)
> slirp = dependency('slirp', kwargs: static_kwargs,
> method: 'pkg-config',
> - required: slirp_opt == 'system' or
> - slirp_opt == 'enabled' and not
> have_internal)
> + required: slirp_dep_required)
> + # slirp <4.7 is incompatible with CFI support in QEMU. This is
> because
> + # it passes function pointers within libslirp as callbacks for timers.
> + # When using a system-wide shared libslirp, the type information for
> the
> + # callback is missing and the timer call produces a false positive
> with CFI.
> + # Do not use the "version" keyword argument to produce a better error.
> + # with control-flow integrity.
> + if get_option('cfi') and slirp.found() and
> slirp.version().version_compare('<4.7')
> + if slirp_dep_required
> + error('Control-Flow Integrity requires libslirp 4.7.')
> + else
> + warning('Control-Flow Integrity requires libslirp 4.7, not using
> system-wide libslirp.')
> + slirp = not_found
> + endif
> + endif
> if slirp.found()
> slirp_opt = 'system'
> elif have_internal
> @@ -2585,18 +2600,6 @@ if have_system
> endif
> endif
>
> -# For CFI, we need to compile slirp as a static library together with
> qemu.
> -# This is because we register slirp functions as callbacks for QEMU
> Timers.
> -# When using a system-wide shared libslirp, the type information for the
> -# callback is missing and the timer call produces a false positive with
> CFI.
> -#
> -# Now that slirp_opt has been defined, check if the selected slirp is
> compatible
> -# with control-flow integrity.
> -if get_option('cfi') and slirp_opt == 'system'
> - error('Control-Flow Integrity is not compatible with system-wide
> slirp.' \
> - + ' Please configure with --enable-slirp=git')
> -endif
> -
> fdt = not_found
> if have_system
> fdt_opt = get_option('fdt')
> --
> 2.35.1
>
>
>
--
Marc-André Lureau
