| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Jan 2023 23:34:01 -0800
From: Yonghong Song <yhs@...a.com>
To: Eduard Zingerman <eddyz87@...il.com>,
Peter Foley <pefoley2@...oley.com>,
Quentin Monnet <quentin@...valent.com>,
Alexei Starovoitov <ast@...nel.org>,
Daniel Borkmann <daniel@...earbox.net>,
Andrii Nakryiko <andrii@...nel.org>,
Martin KaFai Lau <martin.lau@...ux.dev>,
Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>,
John Fastabend <john.fastabend@...il.com>,
KP Singh <kpsingh@...nel.org>,
Stanislav Fomichev <sdf@...gle.com>,
Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Tom Rix <trix@...hat.com>
Cc: bpf@...r.kernel.org, linux-kernel@...r.kernel.org,
llvm@...ts.linux.dev
Subject: Re: [PATCH] tools: bpf: Disable stack protector
On 1/18/23 11:28 AM, Eduard Zingerman wrote:
> On Sat, 2023-01-14 at 18:00 -0500, Peter Foley wrote:
>> Avoid build errors on distros that force the stack protector on by
>> default.
>> e.g.
>> CLANG /home/peter/linux/work/tools/bpf/bpftool/pid_iter.bpf.o
>> skeleton/pid_iter.bpf.c:53:5: error: A call to built-in function '__stack_chk_fail' is not supported.
>> int iter(struct bpf_iter__task_file *ctx)
>> ^
>> 1 error generated.
>>
>> Signed-off-by: Peter Foley <pefoley2@...oley.com>
>> ---
>> tools/bpf/bpftool/Makefile | 1 +
>> tools/bpf/runqslower/Makefile | 5 +++--
>> 2 files changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile
>> index f610e184ce02a..36ac0002e386f 100644
>> --- a/tools/bpf/bpftool/Makefile
>> +++ b/tools/bpf/bpftool/Makefile
>> @@ -215,6 +215,7 @@ $(OUTPUT)%.bpf.o: skeleton/%.bpf.c $(OUTPUT)vmlinux.h $(LIBBPF_BOOTSTRAP)
>> -I$(or $(OUTPUT),.) \
>> -I$(srctree)/tools/include/uapi/ \
>> -I$(LIBBPF_BOOTSTRAP_INCLUDE) \
>> + -fno-stack-protector \
>
> While working on clang patch to disable stack protector
> for BPF target I've noticed that there is an option to
> disable default configuration file altogether [1]:
>
> --no-default-config
>
> Should we consider it instead of -fno-stack-protector
> to shield ourselves from any potential distro-specific
> changes?
Peter, could you help check whether adding --no-default-config works
in your environment or not?
>
> [1] https://clang.llvm.org/docs/ClangCommandLineReference.html#cmdoption-clang-no-default-config
>
>> -g -O2 -Wall -target bpf -c $< -o $@
>> $(Q)$(LLVM_STRIP) -g $@
>>
>> diff --git a/tools/bpf/runqslower/Makefile b/tools/bpf/runqslower/Makefile
>> index 8b3d87b82b7a2..f7313cc966a04 100644
>> --- a/tools/bpf/runqslower/Makefile
>> +++ b/tools/bpf/runqslower/Makefile
>> @@ -60,8 +60,9 @@ $(OUTPUT)/%.skel.h: $(OUTPUT)/%.bpf.o | $(BPFTOOL)
>> $(QUIET_GEN)$(BPFTOOL) gen skeleton $< > $@
>>
>> $(OUTPUT)/%.bpf.o: %.bpf.c $(BPFOBJ) | $(OUTPUT)
>> - $(QUIET_GEN)$(CLANG) -g -O2 -target bpf $(INCLUDES) \
>> - -c $(filter %.c,$^) -o $@ && \
>> + $(QUIET_GEN)$(CLANG) -g -O2 -target bpf $(INCLUDES) \
>> + -fno-stack-protector \
>> + -c $(filter %.c,$^) -o $@ && \
>> $(LLVM_STRIP) -g $@
>>
>> $(OUTPUT)/%.o: %.c | $(OUTPUT)
>>
>> ---
>> base-commit: 97ec4d559d939743e8af83628be5af8da610d9dc
>> change-id: 20230114-bpf-918ae127b77a
>>
>> Best regards,
>
Powered by blists - more mailing lists