lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 1 Jul 2020 14:57:47 +0200
From:   Michal Kubecek <mkubecek@...e.cz>
To:     Masahiro Yamada <masahiroy@...nel.org>
Cc:     Alexei Starovoitov <ast@...nel.org>, netdev@...r.kernel.org,
        bpf@...r.kernel.org, linux-kbuild@...r.kernel.org,
        linux-kernel@...r.kernel.org, Andrii Nakryiko <andriin@...com>,
        Daniel Borkmann <daniel@...earbox.net>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        John Fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...omium.org>,
        Martin KaFai Lau <kafai@...com>,
        Sam Ravnborg <sam@...nborg.org>,
        Song Liu <songliubraving@...com>,
        Valdis Kl ē tnieks <valdis.kletnieks@...edu>,
        Yonghong Song <yhs@...com>
Subject: Re: [PATCH] bpfilter: allow to build bpfilter_umh as a module
 without static library

On Wed, Jul 01, 2020 at 06:26:44PM +0900, Masahiro Yamada wrote:
> Originally, bpfilter_umh was linked with -static only when
> CONFIG_BPFILTER_UMH=y.
> 
> Commit 8a2cc0505cc4 ("bpfilter: use 'userprogs' syntax to build
> bpfilter_umh") silently, accidentally dropped the CONFIG_BPFILTER_UMH=y
> test in the Makefile. Revive it in order to link it dynamically when
> CONFIG_BPFILTER_UMH=m.
> 
> Since commit b1183b6dca3e ("bpfilter: check if $(CC) can link static
> libc in Kconfig"), the compiler must be capable of static linking to
> enable CONFIG_BPFILTER_UMH, but it requires more than needed.
> 
> To loosen the compiler requirement, I changed the dependency as follows:
> 
>     depends on CC_CAN_LINK
>     depends on m || CC_CAN_LINK_STATIC
> 
> If CONFIG_CC_CAN_LINK_STATIC in unset, CONFIG_BPFILTER_UMH is restricted
> to 'm' or 'n'.
> 
> In theory, CONFIG_CC_CAN_LINK is not required for CONFIG_BPFILTER_UMH=y,
> but I did not come up with a good way to describe it.
> 
> Fixes: 8a2cc0505cc4 ("bpfilter: use 'userprogs' syntax to build bpfilter_umh")
> Reported-by: Michal Kubecek <mkubecek@...e.cz>
> Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>

Tested-by: Michal Kubecek <mkubecek@...e.cz>

Thank you,
Michal

> ---
> 
>  net/bpfilter/Kconfig  | 10 ++++++----
>  net/bpfilter/Makefile |  2 ++
>  2 files changed, 8 insertions(+), 4 deletions(-)
> 
> diff --git a/net/bpfilter/Kconfig b/net/bpfilter/Kconfig
> index 84015ef3ee27..73d0b12789f1 100644
> --- a/net/bpfilter/Kconfig
> +++ b/net/bpfilter/Kconfig
> @@ -9,12 +9,14 @@ menuconfig BPFILTER
>  if BPFILTER
>  config BPFILTER_UMH
>  	tristate "bpfilter kernel module with user mode helper"
> -	depends on CC_CAN_LINK_STATIC
> +	depends on CC_CAN_LINK
> +	depends on m || CC_CAN_LINK_STATIC
>  	default m
>  	help
>  	  This builds bpfilter kernel module with embedded user mode helper
>  
> -	  Note: your toolchain must support building static binaries, since
> -	  rootfs isn't mounted at the time when __init functions are called
> -	  and do_execv won't be able to find the elf interpreter.
> +	  Note: To compile this as built-in, your toolchain must support
> +	  building static binaries, since rootfs isn't mounted at the time
> +	  when __init functions are called and do_execv won't be able to find
> +	  the elf interpreter.
>  endif
> diff --git a/net/bpfilter/Makefile b/net/bpfilter/Makefile
> index f23b53294fba..cdac82b8c53a 100644
> --- a/net/bpfilter/Makefile
> +++ b/net/bpfilter/Makefile
> @@ -7,10 +7,12 @@ userprogs := bpfilter_umh
>  bpfilter_umh-objs := main.o
>  userccflags += -I $(srctree)/tools/include/ -I $(srctree)/tools/include/uapi
>  
> +ifeq ($(CONFIG_BPFILTER_UMH), y)
>  # builtin bpfilter_umh should be linked with -static
>  # since rootfs isn't mounted at the time of __init
>  # function is called and do_execv won't find elf interpreter
>  userldflags += -static
> +endif
>  
>  $(obj)/bpfilter_umh_blob.o: $(obj)/bpfilter_umh
>  
> -- 
> 2.25.1
> 

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists