[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] xen/build: Fix build failure from LDFLAGS mismatch

  • To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
  • From: Jan Beulich <jbeulich@xxxxxxxx>
  • Date: Tue, 26 Apr 2022 10:04:40 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=wSEbWyfkd3Vts7MZQe+N0h3vIdDUe9n+9BmIm5uJE5A=; b=mrhADl5mjmIcaRPF7G1Xoce1Kaez0LyA2s7A7Cdkli77COiyL/1gNLnkbUsU9DswPyHvGSV6vKqa7gwt6TIQ8X8xBvbFZuUfpkOJercvH8SpZGkVKbrjxktkbG80l1EnxxzXr2UYLVrPKP3erMAU6yGmKpzeJqiFdlT7h1XY2rHFq5ECoz/XDfYZl/Cyav1SiYmlAN/dNbcN/pOtgN06PJ5OVZjfa2tMi69Ok+Xw/fdUUc/b9ZcFIEt4DrrdYK58bfGuoxCCWdw2BZePvLUFHAjrpxVeXKKu0JpufdilBdt9+ofGH1vsE+wlLm7yqlGDfx3v6K50GWs1xVjQuHPbvw==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DQ2b5MPBUAqjRiVQKCRaVGxntuaHV0MHmhqzN12QPUGhzl7Sxi4Bk8wA/18L2Iuz/lITPs4gdJdyHCwYOqnisgdMuYIRmtkeziG8eb3wipO4C7ghAVFGolc9mpGnlHRhaT5xLkJzNjT3feHPYRrXyoqgdG3obrHaouNLtPUnvN45BI7pYe+X0AGuzs9oLzLOIK+FnnwmRUNH03FRKwmz9TPi6p3JXRmPIU0kQyXYHN5DyQqFPSXeHxNtI5kK2+0y4kNogRj4od9LsSTj0eR7M97Tx3ozI5Ffdx1tU0+rSj0w9857WDVMWmsot0Oj2zUzkZke+DiwjUP2p3N42xV13w==
  • Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
  • Cc: Anthony PERARD <anthony.perard@xxxxxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, George Dunlap <George.Dunlap@xxxxxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Wei Liu <wl@xxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 26 Apr 2022 08:05:06 +0000
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 26.04.2022 01:06, Andrew Cooper wrote:
> In a GNU compatbile makefile, $(LDFLAGS) are passed to $(CC), not $(LD).

I have to admit that I have always been puzzled by this anomaly.

> In a default CentOS 7 build environment, $(LDFLAGS) is set to -Wl,-z,relro,
> which causes the Xen build to explode with:
> 
>   ld: unrecognized option '-Wl,-z,relro'
>   ld: use the --help option for usage information
> 
> It turns out that many downstreams identify this as a breakage in Xen's build
> system and bodge around it in various ways, mostly by unsetting all of
> $(CFLAGS), $(AFLAGS) and $(LDFLAGS).
> 
> However, that is a security issue because it means that tools/ is not built
> with the distro-wide hardening flags that are otherwise expected of
> packages (relro, _FORTIFY_SOURCE, stack-protector, etc).

This "security issue" is introduced by them, I would say. They simply
shouldn't build everything in one go, but rather build "tools" with
the flags left intact and "xen" with the flags suitably pruned. (We
do build "xen" separately, albeit for different reasons.) The way
./Config.mk works this would look to be advisable anyway. And
xen/Makefile should perhaps arrange for Config.mk to skip this
massaging when including it.

> tools/ specifically should honour the packaging environment's choice of flags,
> while xen/ must not pass $(LDFLAGS) to $(LD), and should not be influenced by
> the others either.

I'm not convinced of the last part of what you say. Why should it be
impossible to say "make CFLAGS=... xen" just like "make CC=... xen"
can be used?

> --- a/xen/Makefile
> +++ b/xen/Makefile
> @@ -254,6 +254,8 @@ export KBUILD_DEFCONFIG := $(ARCH)_defconfig
>  # reparsing Config.mk by e.g. arch/x86/boot/.
>  export XEN_TREEWIDE_CFLAGS := $(CFLAGS)
>  
> +LDFLAGS :=

Instead of this, why don't we do away with the few uses of $(LDFLAGS)?
If I haven't overlooked anything, there are exactly two lines (three
if also counting a comment) which would need changing.

Or why don't we transform -Wl,... into the form understood by $(LD)?
-z relro, for example, looks to be benign to the linking of Xen, the
more that this option can also be enabled by default and we haven't
found a need to disable it (afaics this option solely determines
which linker script to use when none was specified).

Jan

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.