lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZOUFQc-IIw3kbHsY@gentoo.org>
Date:   Tue, 22 Aug 2023 20:58:09 +0200
From:   Guilherme Amadio <amadio@...too.org>
To:     Arnaldo Carvalho de Melo <acme@...nel.org>
Cc:     Ian Rogers <irogers@...gle.com>,
        Adrian Hunter <adrian.hunter@...el.com>,
        Jiri Olsa <jolsa@...nel.org>, amadio@...stprotocols.net,
        Namhyung Kim <namhyung@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: perf tools: Options being passed to clang when building the BPF
 part of skels

Hi Arnaldo,

On Tue, Aug 22, 2023 at 09:33:16AM -0300, Arnaldo Carvalho de Melo wrote:
> Hi,
> 
> 	On gentoo I'm noticing this:
> 
> clang-16clang-16: : clang-16error: : error: clang-16clang-16: clang-16clang-16clang-16: clang-16error: clang-16: : ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]: : : clang-16error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]error: error: : 
> error: 
> error: error: error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
> 
> ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
> 
> ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
> 
> And while just doing:
> 
> diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf
> index a5dd1ba..7726b57 100644
> --- a/tools/perf/Makefile.perf
> +++ b/tools/perf/Makefile.perf
> @@ -1101,7 +1101,7 @@ else
>  endif
>  
>  $(SKEL_TMP_OUT)/%.bpf.o: util/bpf_skel/%.bpf.c $(LIBBPF) $(SKEL_OUT)/vmlinux.h | $(SKEL_TMP_OUT)
> -	$(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
> +	$(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror -Wno-option-ignored $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
>  	  -c $(filter util/bpf_skel/%.bpf.c,$^) -o $@
>  
>  $(SKEL_OUT)/%.skel.h: $(SKEL_TMP_OUT)/%.bpf.o | $(BPFTOOL)
> 
> 
> "Fixes" it, I'm curious as where is that we're setting up the options
> that are being passed to clang at:
> 
> tools/perf/Makefile.perf
> 
> $(SKEL_TMP_OUT)/%.bpf.o: util/bpf_skel/%.bpf.c $(LIBBPF) $(SKEL_OUT)/vmlinux.h | $(SKEL_TMP_OUT)
>         $(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
>           -c $(filter util/bpf_skel/%.bpf.c,$^) -o $@
> 
> Perhaps it is plain just using CFLAGS? I.e. maybe the native build
> CFLAGS is being passed to the BPF target clang calls?
> 
> Ideas?

In the patches I sent previously, I had a commit to address this. In
summary, the extra flags you see are hardening flags added by default.
Have also a look at /usr/include/gentoo/fortify.h. I suppose other 
distributions may add such flags as well. It's a pity the hardening
flags are added indiscriminately to all target architectures, but just
making the compiler not error out should be enough to work around the
issue. In my patch, I put -Werror under the control of the WERROR build
option and disabled it when configuring perf in the ebuild. Since other
warnings may be triggered in the future, having an easy way to disable
-Werror when building the package would be nice to have, otherwise when
a new compiler comes out users may hit build failures, since we are a
source based distribution.

Best regards,
-Guilherme



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ