| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Aug 2023 20:58:09 +0200
From: Guilherme Amadio <amadio@...too.org>
To: Arnaldo Carvalho de Melo <acme@...nel.org>
Cc: Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Jiri Olsa <jolsa@...nel.org>, amadio@...stprotocols.net,
Namhyung Kim <namhyung@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: perf tools: Options being passed to clang when building the BPF
part of skels
Hi Arnaldo,
On Tue, Aug 22, 2023 at 09:33:16AM -0300, Arnaldo Carvalho de Melo wrote:
> Hi,
>
> On gentoo I'm noticing this:
>
> clang-16clang-16: : clang-16error: : error: clang-16clang-16: clang-16clang-16clang-16: clang-16error: clang-16: : ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]: : : clang-16error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]error: error: :
> error:
> error: error: error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]error: ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
>
> ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
>
> ignoring '-fstack-protector-strong' option as it is not currently supported for target 'bpf' [-Werror,-Woption-ignored]
>
> And while just doing:
>
> diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf
> index a5dd1ba..7726b57 100644
> --- a/tools/perf/Makefile.perf
> +++ b/tools/perf/Makefile.perf
> @@ -1101,7 +1101,7 @@ else
> endif
>
> $(SKEL_TMP_OUT)/%.bpf.o: util/bpf_skel/%.bpf.c $(LIBBPF) $(SKEL_OUT)/vmlinux.h | $(SKEL_TMP_OUT)
> - $(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
> + $(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror -Wno-option-ignored $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
> -c $(filter util/bpf_skel/%.bpf.c,$^) -o $@
>
> $(SKEL_OUT)/%.skel.h: $(SKEL_TMP_OUT)/%.bpf.o | $(BPFTOOL)
>
>
> "Fixes" it, I'm curious as where is that we're setting up the options
> that are being passed to clang at:
>
> tools/perf/Makefile.perf
>
> $(SKEL_TMP_OUT)/%.bpf.o: util/bpf_skel/%.bpf.c $(LIBBPF) $(SKEL_OUT)/vmlinux.h | $(SKEL_TMP_OUT)
> $(QUIET_CLANG)$(CLANG) -g -O2 --target=bpf -Wall -Werror $(BPF_INCLUDE) $(TOOLS_UAPI_INCLUDE) \
> -c $(filter util/bpf_skel/%.bpf.c,$^) -o $@
>
> Perhaps it is plain just using CFLAGS? I.e. maybe the native build
> CFLAGS is being passed to the BPF target clang calls?
>
> Ideas?
In the patches I sent previously, I had a commit to address this. In
summary, the extra flags you see are hardening flags added by default.
Have also a look at /usr/include/gentoo/fortify.h. I suppose other
distributions may add such flags as well. It's a pity the hardening
flags are added indiscriminately to all target architectures, but just
making the compiler not error out should be enough to work around the
issue. In my patch, I put -Werror under the control of the WERROR build
option and disabled it when configuring perf in the ebuild. Since other
warnings may be triggered in the future, having an easy way to disable
-Werror when building the package would be nice to have, otherwise when
a new compiler comes out users may hit build failures, since we are a
source based distribution.
Best regards,
-Guilherme
Powered by blists - more mailing lists