From: Daniele Buono <dbuono@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Cc: "Thomas Huth" <thuth@redhat.com>,
"Philippe Mathieu-Daudé" <philmd@redhat.com>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>,
"Daniele Buono" <dbuono@linux.vnet.ibm.com>
Subject: [PATCH 2/2] gitlab-ci.yml: Add jobs to test CFI flags
Date: Mon, 22 Feb 2021 18:01:05 -0500 [thread overview]
Message-ID: <20210222230106.7030-3-dbuono@linux.vnet.ibm.com> (raw)
In-Reply-To: <20210222230106.7030-1-dbuono@linux.vnet.ibm.com>
QEMU has had options to enable control-flow integrity features
for a few months now. Add two sets of build/check/acceptance
jobs to ensure the binary produced is working fine.
The two sets allow testing of x86_64 binaries for every target
that is not deprecated.
Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com>
---
.gitlab-ci.yml | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 92 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5c198f05d4..f2fea8e2eb 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -479,6 +479,98 @@ clang-user:
--extra-cflags=-fsanitize=undefined --extra-cflags=-fno-sanitize-recover=undefined
MAKE_CHECK_ARGS: check-unit check-tcg
+# Set JOBS=1 because this requires LTO and ld consumes a large amount of memory.
+# On gitlab runners, default JOBS of 2 sometimes end up calling 2 lds concurrently
+# and triggers an Out-Of-Memory error
+#
+# Because of how slirp is used in QEMU, we need to have CFI also on libslirp.
+# System-wide version in fedora is not compiled with CFI so we recompile it using
+# -enable-slirp=git
+#
+# Split in two sets of build/check/acceptance because a single build job for every
+# target creates an artifact archive too big to be uploaded
+build-cfi-set1:
+ <<: *native_build_job_definition
+ needs:
+ - job: amd64-fedora-container
+ variables:
+ JOBS: 1
+ AR: llvm-ar
+ IMAGE: fedora
+ CONFIGURE_ARGS: --cc=clang --cxx=clang++ --enable-cfi --enable-cfi-debug
+ --enable-safe-stack --enable-slirp=git
+ TARGETS: aarch64-softmmu arm-softmmu alpha-softmmu i386-softmmu ppc-softmmu
+ ppc64-softmmu riscv32-softmmu riscv64-softmmu s390x-softmmu sparc-softmmu
+ sparc64-softmmu x86_64-softmmu
+ aarch64-linux-user aarch64_be-linux-user arm-linux-user i386-linux-user
+ ppc64-linux-user ppc64le-linux-user s390x-linux-user x86_64-linux-user
+ MAKE_CHECK_ARGS: check-build
+ timeout: 3h
+ artifacts:
+ expire_in: 2 days
+ paths:
+ - build
+
+check-cfi-set1:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-cfi-set1
+ artifacts: true
+ variables:
+ IMAGE: fedora
+ MAKE_CHECK_ARGS: check
+
+acceptance-cfi-set1:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-cfi-set1
+ artifacts: true
+ variables:
+ IMAGE: fedora
+ MAKE_CHECK_ARGS: check-acceptance
+ <<: *acceptance_definition
+
+build-cfi-set2:
+ <<: *native_build_job_definition
+ needs:
+ - job: amd64-fedora-container
+ variables:
+ JOBS: 1
+ AR: llvm-ar
+ IMAGE: fedora
+ CONFIGURE_ARGS: --cc=clang --cxx=clang++ --enable-cfi --enable-cfi-debug
+ --enable-safe-stack --enable-slirp=git
+ TARGETS: avr-softmmu cris-softmmu hppa-softmmu m68k-softmmu
+ microblaze-softmmu microblazeel-softmmu mips-softmmu mips64-softmmu
+ mips64el-softmmu mipsel-softmmu moxie-softmmu nios2-softmmu or1k-softmmu
+ rx-softmmu sh4-softmmu sh4eb-softmmu tricore-softmmu xtensa-softmmu
+ xtensaeb-softmmu
+ MAKE_CHECK_ARGS: check-build
+ timeout: 3h
+ artifacts:
+ expire_in: 2 days
+ paths:
+ - build
+
+check-cfi-set2:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-cfi-set2
+ artifacts: true
+ variables:
+ IMAGE: fedora
+ MAKE_CHECK_ARGS: check
+
+acceptance-cfi-set2:
+ <<: *native_test_job_definition
+ needs:
+ - job: build-cfi-set2
+ artifacts: true
+ variables:
+ IMAGE: fedora
+ MAKE_CHECK_ARGS: check-acceptance
+ <<: *acceptance_definition
+
tsan-build:
<<: *native_build_job_definition
variables:
--
2.30.0
next prev parent reply other threads:[~2021-02-22 23:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-22 23:01 [PATCH 0/2] gitlab-ci.yml: Add jobs to test CFI Daniele Buono
2021-02-22 23:01 ` [PATCH 1/2] gitlab-ci.yml: Allow custom make parallelism Daniele Buono
2021-02-23 8:12 ` Paolo Bonzini
2021-02-23 19:34 ` Daniele Buono
2021-02-24 7:44 ` Paolo Bonzini
2021-02-24 18:02 ` Daniele Buono
2021-02-23 15:03 ` Wainer dos Santos Moschetta
2021-02-22 23:01 ` Daniele Buono [this message]
2021-02-23 8:11 ` [PATCH 2/2] gitlab-ci.yml: Add jobs to test CFI flags Paolo Bonzini
2021-02-24 17:55 ` Daniele Buono
2021-02-24 18:28 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210222230106.7030-3-dbuono@linux.vnet.ibm.com \
--to=dbuono@linux.vnet.ibm.com \
--cc=alex.bennee@linaro.org \
--cc=pbonzini@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=thuth@redhat.com \
--cc=wainersm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.