[1/2] libbpf: add fPIC option for static library

Message ID	20220924101209.50653-2-liuxin350@huawei.com (mailing list archive)
State	Changes Requested
Delegated to:	BPF
Headers	show Return-Path: <bpf-owner@kernel.org> From: Xin Liu <liuxin350@huawei.com> To: <ast@kernel.org>, <daniel@iogearbox.net>, <andrii@kernel.org>, <martin.lau@linux.dev>, <song@kernel.org>, <yhs@fb.com>, <john.fastabend@gmail.com>, <kpsingh@kernel.org>, <sdf@google.com>, <haoluo@google.com>, <jolsa@kernel.org> CC: <bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <yanan@huawei.com>, <wuchangye@huawei.com>, <xiesongyang@huawei.com>, <zhudi2@huawei.com>, <kongweibin2@huawei.com>, <liuxin350@huawei.com> Subject: [PATCH 1/2] libbpf: add fPIC option for static library Date: Sat, 24 Sep 2022 18:12:08 +0800 Message-ID: <20220924101209.50653-2-liuxin350@huawei.com> In-Reply-To: <20220924101209.50653-1-liuxin350@huawei.com> References: <20220924101209.50653-1-liuxin350@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	ebpf: improves bpftool security \| expand [0/2] ebpf: improves bpftool security [1/2] libbpf: add fPIC option for static library [2/2] bpftool: add fPIE option for bpftool

Context	Check	Description
netdev/tree_selection	success	Not a local patch
bpf/vmtest-bpf-next-VM_Test-9	success	Logs for test_progs on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-7	success	Logs for test_maps on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-8	success	Logs for test_maps on x86_64 with llvm-16
bpf/vmtest-bpf-next-PR	fail	PR summary
bpf/vmtest-bpf-next-VM_Test-16	success	Logs for test_verifier on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-17	success	Logs for test_verifier on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-13	success	Logs for test_progs_no_alu32 on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-14	success	Logs for test_progs_no_alu32 on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-10	success	Logs for test_progs on x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-11	success	Logs for test_progs on x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-12	success	Logs for test_progs_no_alu32 on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-15	success	Logs for test_verifier on s390x with gcc
bpf/vmtest-bpf-next-VM_Test-1	fail	Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-2	fail	Logs for build for s390x with gcc
bpf/vmtest-bpf-next-VM_Test-3	success	Logs for build for x86_64 with gcc
bpf/vmtest-bpf-next-VM_Test-4	success	Logs for build for x86_64 with llvm-16
bpf/vmtest-bpf-next-VM_Test-5	success	Logs for llvm-toolchain
bpf/vmtest-bpf-next-VM_Test-6	success	Logs for set-matrix

Xin Liu Sept. 24, 2022, 10:12 a.m. UTC

Some programs depned on libbpf.a(eg:bpftool). If libbpf.a miss -fPIC,
this will cause a similar error at compile time:

/usr/bin/ld: .../libbpf.a(libbpf-in.o): relocation
R_AARCH64_ADR_PREL_PG_HI21 against symbol `stderr@@GLIBC_2.17' which
may bind externally can not be used when making a sharedobject;
recompile with -fPIC

Use -fPIC for static library compilation to solve this problem.

Signed-off-by: Xin Liu <liuxin350@huawei.com>
---
 tools/lib/bpf/Makefile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Quentin Monnet Sept. 27, 2022, 10:21 a.m. UTC | #1

Sat Sep 24 2022 11:12:08 GMT+0100 ~ Xin Liu <liuxin350@huawei.com>
> Some programs depned on libbpf.a(eg:bpftool). If libbpf.a miss -fPIC,

Typo "depned"

> this will cause a similar error at compile time:
> 
> /usr/bin/ld: .../libbpf.a(libbpf-in.o): relocation
> R_AARCH64_ADR_PREL_PG_HI21 against symbol `stderr@@GLIBC_2.17' which
> may bind externally can not be used when making a sharedobject;
> recompile with -fPIC
> 
> Use -fPIC for static library compilation to solve this problem.
> 
> Signed-off-by: Xin Liu <liuxin350@huawei.com>
> ---
>  tools/lib/bpf/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile
> index 4c904ef0b47e..427e971f4fcd 100644
> --- a/tools/lib/bpf/Makefile
> +++ b/tools/lib/bpf/Makefile
> @@ -91,9 +91,10 @@ override CFLAGS += $(INCLUDES)
>  override CFLAGS += -fvisibility=hidden
>  override CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
>  override CFLAGS += $(CLANG_CROSS_FLAGS)
> +override CFLAGS += -fPIC
>  
>  # flags specific for shared library
> -SHLIB_FLAGS := -DSHARED -fPIC
> +SHLIB_FLAGS := -DSHARED
>  
>  ifeq ($(VERBOSE),1)
>    Q =

Hi, the two patches look OK to me, but it would be nice to have a bit
more context on what the flags do other than “fixing this particular
issue” and how they improve bpftool security. It would also be
interesting to have a note on what it does on various architectures, my
understanding is that only some archs are supported (I read AArch64,
m68k, PowerPC and SPARC), I guess the flags are silently ignored on x86
for example?

Thanks,
Quentin

Xin Liu Sept. 28, 2022, 8:32 a.m. UTC | #2

On Tue, 27 Sep 2022 at 6:21:20 PM Quentin <quentin@isovalent.com> wrote:
> Sat Sep 24 2022 11:12:08 GMT+0100 ~ Xin Liu <liuxin350@huawei.com>
> > Some programs depned on libbpf.a(eg:bpftool). If libbpf.a miss -fPIC,
> 
> Typo "depned"
> 
> > this will cause a similar error at compile time:
> > 
> > /usr/bin/ld: .../libbpf.a(libbpf-in.o): relocation
> > R_AARCH64_ADR_PREL_PG_HI21 against symbol `stderr@@GLIBC_2.17' which
> > may bind externally can not be used when making a sharedobject;
> > recompile with -fPIC
> > 
> > Use -fPIC for static library compilation to solve this problem.
> > 
> > Signed-off-by: Xin Liu <liuxin350@huawei.com>
> > ---
> >  tools/lib/bpf/Makefile | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile
> > index 4c904ef0b47e..427e971f4fcd 100644
> > --- a/tools/lib/bpf/Makefile
> > +++ b/tools/lib/bpf/Makefile
> > @@ -91,9 +91,10 @@ override CFLAGS += $(INCLUDES)
> >  override CFLAGS += -fvisibility=hidden
> >  override CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
> >  override CFLAGS += $(CLANG_CROSS_FLAGS)
> > +override CFLAGS += -fPIC
> >  
> >  # flags specific for shared library
> > -SHLIB_FLAGS := -DSHARED -fPIC
> > +SHLIB_FLAGS := -DSHARED
> >  
> >  ifeq ($(VERBOSE),1)
> >    Q =
> 
> Hi, the two patches look OK to me, but it would be nice to have a bit
> more context on what the flags do other than “fixing this particular
> issue” and how they improve bpftool security. It would also be
> interesting to have a note on what it does on various architectures, my
> understanding is that only some archs are supported (I read AArch64,
> m68k, PowerPC and SPARC), I guess the flags are silently ignored on x86
> for example?
> 
> Thanks,
> Quentin
> 
This advice is very useful to me. Thank you very much for your reply.
I'll fix it in the V2 version.

Thansk,
Xin Liu

Andrii Nakryiko Sept. 28, 2022, 10:59 p.m. UTC | #3

On Sat, Sep 24, 2022 at 3:13 AM Xin Liu <liuxin350@huawei.com> wrote:
>
> Some programs depned on libbpf.a(eg:bpftool). If libbpf.a miss -fPIC,
> this will cause a similar error at compile time:
>
> /usr/bin/ld: .../libbpf.a(libbpf-in.o): relocation
> R_AARCH64_ADR_PREL_PG_HI21 against symbol `stderr@@GLIBC_2.17' which
> may bind externally can not be used when making a sharedobject;
> recompile with -fPIC
>
> Use -fPIC for static library compilation to solve this problem.
>
> Signed-off-by: Xin Liu <liuxin350@huawei.com>
> ---
>  tools/lib/bpf/Makefile | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile
> index 4c904ef0b47e..427e971f4fcd 100644
> --- a/tools/lib/bpf/Makefile
> +++ b/tools/lib/bpf/Makefile
> @@ -91,9 +91,10 @@ override CFLAGS += $(INCLUDES)
>  override CFLAGS += -fvisibility=hidden
>  override CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
>  override CFLAGS += $(CLANG_CROSS_FLAGS)
> +override CFLAGS += -fPIC
>

It seems wrong to force -fPIC for static library just because in some
situations users might want to statically link their *shared* library
with *static* libbpf. It's a bit unconventional, even though I see
situations in which this might be useful.

But I don't think this can be a default. I see three possible solutions:

1. Do nothing. Let users specify EXTRA_CFLAGS=-fPIC if they need
position-independent static lib
2. Let packagers decide this (again, through EXTRA_CFLAGS or by
patching Makefile, whichever is best). Or maybe build both PIC and
non-PIC static libraries and package both?
3. Produce PIC and non-PIC libbpf.a libraries from libbpf's Makefile.

I'm not sure which one is the best answer, would be nice to hear
opinions of people who do the packaging and distribution of libbpf in
distros.

>  # flags specific for shared library
> -SHLIB_FLAGS := -DSHARED -fPIC
> +SHLIB_FLAGS := -DSHARED
>
>  ifeq ($(VERBOSE),1)
>    Q =
> --
> 2.33.0
>

John Fastabend Sept. 30, 2022, 2:16 a.m. UTC | #4

Andrii Nakryiko wrote:
> On Sat, Sep 24, 2022 at 3:13 AM Xin Liu <liuxin350@huawei.com> wrote:
> >
> > Some programs depned on libbpf.a(eg:bpftool). If libbpf.a miss -fPIC,
> > this will cause a similar error at compile time:
> >
> > /usr/bin/ld: .../libbpf.a(libbpf-in.o): relocation
> > R_AARCH64_ADR_PREL_PG_HI21 against symbol `stderr@@GLIBC_2.17' which
> > may bind externally can not be used when making a sharedobject;
> > recompile with -fPIC
> >
> > Use -fPIC for static library compilation to solve this problem.
> >
> > Signed-off-by: Xin Liu <liuxin350@huawei.com>
> > ---
> >  tools/lib/bpf/Makefile | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/tools/lib/bpf/Makefile b/tools/lib/bpf/Makefile
> > index 4c904ef0b47e..427e971f4fcd 100644
> > --- a/tools/lib/bpf/Makefile
> > +++ b/tools/lib/bpf/Makefile
> > @@ -91,9 +91,10 @@ override CFLAGS += $(INCLUDES)
> >  override CFLAGS += -fvisibility=hidden
> >  override CFLAGS += -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
> >  override CFLAGS += $(CLANG_CROSS_FLAGS)
> > +override CFLAGS += -fPIC
> >
> 
> It seems wrong to force -fPIC for static library just because in some
> situations users might want to statically link their *shared* library
> with *static* libbpf. It's a bit unconventional, even though I see
> situations in which this might be useful.
> 
> But I don't think this can be a default. I see three possible solutions:
> 
> 1. Do nothing. Let users specify EXTRA_CFLAGS=-fPIC if they need
> position-independent static lib
> 2. Let packagers decide this (again, through EXTRA_CFLAGS or by
> patching Makefile, whichever is best). Or maybe build both PIC and
> non-PIC static libraries and package both?
> 3. Produce PIC and non-PIC libbpf.a libraries from libbpf's Makefile.
> 
> I'm not sure which one is the best answer, would be nice to hear
> opinions of people who do the packaging and distribution of libbpf in
> distros.

Not a distro or pkg maintainer but my $.02 is I would just leave it
for 1 and 2.

> 
> >  # flags specific for shared library
> > -SHLIB_FLAGS := -DSHARED -fPIC
> > +SHLIB_FLAGS := -DSHARED
> >
> >  ifeq ($(VERBOSE),1)
> >    Q =
> > --
> > 2.33.0
> >

[1/2] libbpf: add fPIC option for static library

Checks

Commit Message

Comments

Patch