Re: [PATCH] tools: bpf: Disable stack protector

From: Eduard Zingerman
Date: Mon Jan 16 2023 - 08:03:12 EST


On Mon, 2023-01-16 at 10:30 +0000, Quentin Monnet wrote:
> 2023-01-14 18:00 UTC-0500 ~ Peter Foley <pefoley2@xxxxxxxxxxx>
> > Avoid build errors on distros that force the stack protector on by
> > default.
> > e.g.
> > CLANG /home/peter/linux/work/tools/bpf/bpftool/pid_iter.bpf.o
> > skeleton/pid_iter.bpf.c:53:5: error: A call to built-in function '__stack_chk_fail' is not supported.
> > int iter(struct bpf_iter__task_file *ctx)
> > ^
> > 1 error generated.
> >
> > Signed-off-by: Peter Foley <pefoley2@xxxxxxxxxxx>
> > ---
> > tools/bpf/bpftool/Makefile | 1 +
> > tools/bpf/runqslower/Makefile | 5 +++--
> > 2 files changed, 4 insertions(+), 2 deletions(-)
> >
> > diff --git a/tools/bpf/bpftool/Makefile b/tools/bpf/bpftool/Makefile
> > index f610e184ce02a..36ac0002e386f 100644
> > --- a/tools/bpf/bpftool/Makefile
> > +++ b/tools/bpf/bpftool/Makefile
> > @@ -215,6 +215,7 @@ $(OUTPUT)%.bpf.o: skeleton/%.bpf.c $(OUTPUT)vmlinux.h $(LIBBPF_BOOTSTRAP)
> > -I$(or $(OUTPUT),.) \
> > -I$(srctree)/tools/include/uapi/ \
> > -I$(LIBBPF_BOOTSTRAP_INCLUDE) \
> > + -fno-stack-protector \
> > -g -O2 -Wall -target bpf -c $< -o $@
> > $(Q)$(LLVM_STRIP) -g $@
> >
>
> For bpftool, a similar patch was already submitted and merged to the
> bpf-next tree last Friday: 878625e1c7a1 ("bpftool: Always disable stack
> protection for BPF objects").
>
> > diff --git a/tools/bpf/runqslower/Makefile b/tools/bpf/runqslower/Makefile
> > index 8b3d87b82b7a2..f7313cc966a04 100644
> > --- a/tools/bpf/runqslower/Makefile
> > +++ b/tools/bpf/runqslower/Makefile
> > @@ -60,8 +60,9 @@ $(OUTPUT)/%.skel.h: $(OUTPUT)/%.bpf.o | $(BPFTOOL)
> > $(QUIET_GEN)$(BPFTOOL) gen skeleton $< > $@
> >
> > $(OUTPUT)/%.bpf.o: %.bpf.c $(BPFOBJ) | $(OUTPUT)
> > - $(QUIET_GEN)$(CLANG) -g -O2 -target bpf $(INCLUDES) \
> > - -c $(filter %.c,$^) -o $@ && \
> > + $(QUIET_GEN)$(CLANG) -g -O2 -target bpf $(INCLUDES) \
> > + -fno-stack-protector \
> > + -c $(filter %.c,$^) -o $@ && \
> > $(LLVM_STRIP) -g $@
> >
> > $(OUTPUT)/%.o: %.c | $(OUTPUT)
>
> This one looks good, thanks!
>
> I note a few more places in the repository where we compile to BPF using
> clang. Given that there have been patches to add -fno-stack-protector at
> several locations already, have you checked if any of these also need
> the flag, by any chance, so we could fix this once and for all?
>
> $ git grep -l 'target bpf ' | egrep -v '(Documentation|bpftool)'
> kernel/bpf/preload/iterators/Makefile
> samples/bpf/Makefile
> samples/bpf/test_lwt_bpf.sh
> tools/bpf/runqslower/Makefile
> tools/build/feature/Makefile
> tools/perf/Makefile.perf
> tools/perf/util/llvm-utils.c
> tools/testing/selftests/bpf/Makefile
> tools/testing/selftests/net/bpf/Makefile
> tools/testing/selftests/tc-testing/Makefile

A bit tangential, but since BPF LLVM backend does not support the
stack protector (should it?) there is also an option to adjust LLVM
to avoid this instrumentation, WDYT?