To build CET-enabled applications, GCC needs to support '-fcf-protection'. Update x86 selftest makefile to detect and enable CET for x86 selftest applications. Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx> --- tools/testing/selftests/x86/Makefile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/testing/selftests/x86/Makefile b/tools/testing/selftests/x86/Makefile index 5d49bfec1e9a..f1bf5ab87160 100644 --- a/tools/testing/selftests/x86/Makefile +++ b/tools/testing/selftests/x86/Makefile @@ -9,6 +9,7 @@ UNAME_M := $(shell uname -m) CAN_BUILD_I386 := $(shell ./check_cc.sh $(CC) trivial_32bit_program.c -m32) CAN_BUILD_X86_64 := $(shell ./check_cc.sh $(CC) trivial_64bit_program.c) CAN_BUILD_WITH_NOPIE := $(shell ./check_cc.sh $(CC) trivial_program.c -no-pie) +CAN_BUILD_CET := $(shell ./check_cc.sh $(CC) trivial_program.c -fcf-protection) TARGETS_C_BOTHBITS := single_step_syscall sysret_ss_attrs syscall_nt test_mremap_vdso \ check_initial_reg_state sigreturn iopl ioperm \ @@ -35,6 +36,10 @@ BINARIES_64 := $(patsubst %,$(OUTPUT)/%,$(BINARIES_64)) CFLAGS := -O2 -g -std=gnu99 -pthread -Wall +ifeq ($(CAN_BUILD_CET),1) +CFLAGS += -fcf-protection -mshstk +endif + # call32_from_64 in thunks.S uses absolute addresses. ifeq ($(CAN_BUILD_WITH_NOPIE),1) CFLAGS += -no-pie -- 2.21.0
