build: Disable compiler control flow protection

Compiler flag -fcf-protection sets control-flow integrity measures
that improve security, and sometimes defaults to enabled on distro
compilers. Some aspects of this feature are implemented in the compiler
header <cet.h> for e.g., stack unwinders. If this header is missing some
programs fail to compile.
Since we don't (yet) support pulling compiler headers into unikraft
build, this change disables cf-protection globally.

Signed-off-by: Andrei Tatar <andrei@unikraft.io>
Reviewed-by: Maria Sfiraiala <maria.sfiraiala@gmail.com>
Reviewed-by: Radu Nichita <radunichita99@gmail.com>
Approved-by: Razvan Deaconescu <razvand@unikraft.io>
Tested-by: Unikraft CI <monkey@unikraft.io>
GitHub-Closes: #881

diff --git a/Makefile.uk b/Makefile.uk
index 2fd68e5aeee4b7145a60041d8941156111a5dee2..668dca7aae0f48d644b0bac2fa90d18e694f36ef 100644 (file)
--- a/Makefile.uk
+++ b/Makefile.uk
@@ -11,6 +11,8 @@ COMPFLAGS-$(call have_gcc)    += -fno-tree-sra -fno-split-stack -nostdinc
 ifneq ($(HAVE_STACKPROTECTOR),y)
 COMPFLAGS    += -fno-stack-protector
 endif
+COMPFLAGS    += -fcf-protection=none
+
 COMPFLAGS    += -Wall -Wextra
 COMPFLAGS-$(call have_clang)   += -Wdocumentation -Wdocumentation-pedantic