lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 28 Dec 2022 02:57:38 +0100
From:   Ahelenia Ziemiańska 
        <nabijaczleweli@...ijaczleweli.xyz>
To:     unlisted-recipients:; (no To-header on input)
Cc:     Peter Zijlstra <peterz@...radead.org>,
        Ingo Molnar <mingo@...hat.com>,
        Arnaldo Carvalho de Melo <acme@...nel.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Jiri Olsa <jolsa@...nel.org>,
        Namhyung Kim <namhyung@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Tom Rix <trix@...hat.com>, linux-perf-users@...r.kernel.org,
        linux-kernel@...r.kernel.org, llvm@...ts.linux.dev
Subject: [PATCH v2 1/4] perf python: make clang feature detection work

As it stands, it's /entirely/ broken: cc_options is pasted together
with the tested option /as a single argument/.

For example, for CC='cc -O3', this will run (the equivalent of)
  cc "-O3 -mcet" ../build/feature/test-heello.c
  cc "-O3 -fcf-protection" ../build/feature/test-heello.c
  ..
which, obviously, doesn't work, and has /never/ worked. The commit
referenced in Fixes: is just the first one that uses this approach.

Instead of emulating shell tokenisation and turning tokens into words
badly (well, we barely do it, which is even more alarming. the only way
I can foresee this having ever worked for anyone is if it, very literally,
returned False for /every/ clang_has_option() invocation with
non-single-token $CC, which, I mean, sure, but it means that every clang
build like this has all hardening off), just... run these through the
shell, like they will be at point-of-use anyway.

As a demo, with CC='/tmp/cc -O3' and /tmp/cc consisting of
  #!/bin/sh
  echo "$*" | grep -qFe '-mcet' && printf 'CC:"%s"\n' "$@" "" > /dev/tty
  exec cc "$@"
before:
    AR      /mnt/filling/store/nabijaczleweli/code/linux/tools/perf/libsubcmd/libsubcmd.a
  CC:"-O3 -mcet"
  CC:"/mnt/filling/store/nabijaczleweli/code/linux/tools/build/feature/test-hello.c"
  CC:""
  CC:"-O3 -mcet"
  CC:"/mnt/filling/store/nabijaczleweli/code/linux/tools/build/feature/test-hello.c"
  CC:""
    LD      /mnt/filling/store/nabijaczleweli/code/linux/tools/perf/libbpf/staticobjs/libbpf-in.o
after:
    GEN     python/perf.cpython-39-x86_64-linux-gnu.so
  CC:"-O3"
  CC:"-mcet"
  CC:"/mnt/filling/store/nabijaczleweli/code/linux/tools/build/feature/test-hello.c"
  CC:""
  CC:"-O3"
  CC:"-mcet"
  CC:"/mnt/filling/store/nabijaczleweli/code/linux/tools/build/feature/test-hello.c"
  CC:""
    LD      /mnt/filling/store/nabijaczleweli/code/linux/tools/perf/libbpf/staticobjs/libbpf-in.o

Fixes: commit 3cad53a6f9cdb ("perf python: Account for multiple words in
 CC")
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
---
 tools/perf/util/setup.py | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/tools/perf/util/setup.py b/tools/perf/util/setup.py
index c294db713677..1cee26c63613 100644
--- a/tools/perf/util/setup.py
+++ b/tools/perf/util/setup.py
@@ -2,21 +2,11 @@ from os import getenv, path
 from subprocess import Popen, PIPE
 from re import sub
 
-cc = getenv("CC")
-
-# Check if CC has options, as is the case in yocto, where it uses CC="cc --sysroot..."
-cc_tokens = cc.split()
-if len(cc_tokens) > 1:
-    cc = cc_tokens[0]
-    cc_options = " ".join([str(e) for e in cc_tokens[1:]]) + " "
-else:
-    cc_options = ""
-
-cc_is_clang = b"clang version" in Popen([cc, "-v"], stderr=PIPE).stderr.readline()
+cc_is_clang = b"clang version" in Popen(["/bin/sh", "-c", "$CC -v"], stderr=PIPE).stderr.readline()
 src_feature_tests  = getenv('srctree') + '/tools/build/feature'
 
 def clang_has_option(option):
-    cc_output = Popen([cc, cc_options + option, path.join(src_feature_tests, "test-hello.c") ], stderr=PIPE).stderr.readlines()
+    cc_output = Popen(["/bin/sh", "-c", '$CC "$@"', "", option, path.join(src_feature_tests, "test-hello.c")], stderr=PIPE).stderr.readlines()
     return [o for o in cc_output if ((b"unknown argument" in o) or (b"is not supported" in o))] == [ ]
 
 if cc_is_clang:
-- 
2.30.2


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ