| Message ID | 20200521211720.20236-3-yu-cheng.yu@intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Update selftests/x86 for CET | expand |
On Thu, May 21, 2020 at 02:17:17PM -0700, Yu-cheng Yu wrote: > To build CET-enabled applications, GCC needs to support '-fcf-protection'. > Update x86 selftest makefile to detect and enable CET for x86 selftest > applications. > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> Reviewed-by: Kees Cook <keescook@chromium.org>
On Thu, 2020-05-21 at 15:44 -0700, Kees Cook wrote: > On Thu, May 21, 2020 at 02:17:17PM -0700, Yu-cheng Yu wrote: > > To build CET-enabled applications, GCC needs to support '-fcf-protection'. > > Update x86 selftest makefile to detect and enable CET for x86 selftest > > applications. > > > > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> > > Reviewed-by: Kees Cook <keescook@chromium.org> Thanks! I will fix issues you pointed out in the series. Yu-cheng
diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile index 5d49bfec1e9a..f1bf5ab87160 100644 --- a/tools/testing/selftests/x86/Makefile +++ b/tools/testing/selftests/x86/Makefile @@ -9,6 +9,7 @@ UNAME_M := $(shell uname -m) CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32) CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c) CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) trivial_program.c -no-pie) +CAN_BUILD_CET := $(shell ./check_cc.sh $(CC) trivial_program.c -fcf-protection) TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \ check_initial_reg_state sigreturn iopl ioperm \ @@ -35,6 +36,10 @@ BINARIES_64 := $(patsubst %,$(OUTPUT)/%,$(BINARIES_64)) CFLAGS := -O2 -g -std=gnu99 -pthread -Wall +ifeq ($(CAN_BUILD_CET),1) +CFLAGS += -fcf-protection -mshstk +endif + # call32_from_64 in thunks.S uses absolute addresses. ifeq ($(CAN_BUILD_WITH_NOPIE),1) CFLAGS += -no-pie
To build CET-enabled applications, GCC needs to support '-fcf-protection'. Update x86 selftest makefile to detect and enable CET for x86 selftest applications. Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com> --- tools/testing/selftests/x86/Makefile | 5 +++++ 1 file changed, 5 insertions(+)