From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from atuin.qyliss.net (localhost [IPv6:::1]) by atuin.qyliss.net (Postfix) with ESMTP id 45B0720E18; Tue, 21 Oct 2025 19:47:22 +0000 (UTC) Received: by atuin.qyliss.net (Postfix, from userid 993) id 4FAAC20DEC; Tue, 21 Oct 2025 19:47:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on atuin.qyliss.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DMARC_PASS,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=4.0.1 Received: from mail-yw1-x1129.google.com (mail-yw1-x1129.google.com [IPv6:2607:f8b0:4864:20::1129]) by atuin.qyliss.net (Postfix) with ESMTPS id EDB6520DEB for ; Tue, 21 Oct 2025 19:47:17 +0000 (UTC) Received: by mail-yw1-x1129.google.com with SMTP id 00721157ae682-781421f5bf5so69111387b3.3 for ; Tue, 21 Oct 2025 12:47:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1761076037; x=1761680837; darn=spectrum-os.org; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:from:to:cc:subject:date:message-id :reply-to; bh=BGTeL4Anpdw9mUAbQGzYPDRLep1gzUXL8fzxE6JBqaw=; b=QNa6Gb1GuoSLlqd/SftmGFjQ4JAgvmXC/pUnSqgxcppBqtZOjBj1euQECFXHvj47WJ DKKEXQAi0uveViwGcDfVgVxcE6Vrm06FailojsV89ZvT82qu+Th5el7rrSoSGVT41Jv6 gKIdI9aCiiY7GiGbYsO3F7Jw+IQ7tP1tV5BwHUG+qIwCd5pNRSS5nM0GYyxkOcAnWEiD kNRV4DUl6LKYVMB4XGRkuYrStvlMpzfjYayDVLqz2bA1Tn/Ta6NRAi9L4il2e5Bd50Rf uxlNQjL+L4G49PKivON1F0eLhXwrYWq0z1NsKBXJCl6ziPyy54IhewG7rUpmhFdJp5FZ AX5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761076037; x=1761680837; h=cc:to:in-reply-to:references:message-id:content-transfer-encoding :mime-version:subject:date:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BGTeL4Anpdw9mUAbQGzYPDRLep1gzUXL8fzxE6JBqaw=; b=meaiZWpOuwXTg7abN8+nH+HZXRuZERk1FslIbQQ+PyuwNH7QTR7SsxZW4AWnvDnHaG U62Ohzq3Yp8msSWRO+fa2O2YYbKRa3p7MGpHYqAyMXetSnQ+7ft7WS7rilHxJofJWiUJ dXD7eXT7Z/YNUgDNkK+9gkmMox7/DjtFcNKMrt/2wwrUD5AbBgEdyMqq8stETj1on93N uQiHwX1PphEdINnqMlxfAcsL2p4IajuBJdnCTGEGsA6nU2d1wT9fAa5x5V9TjB6HM9vt cjH+5xkNdQI4UaVmgdhkGjdXiDq4Hm8ABL7L8FI+eyvLnQj1J5zNDFSwuTUlyZHctnru yFhA== X-Gm-Message-State: AOJu0Yyl5ZNV1YqiwL9OWW5lsfGn46TAGSJjl8EpSYS9ap0+1r90IJ2B ExHalO2A1UzV+hzpeqPoRhfXe7s20w3loWLVcRTh0o1jjivh3vH3FY4QItdM4IAH X-Gm-Gg: ASbGncvZ7lDLeRixUD1c+RfMxEUk3yYDRrUIVdpjKKRUUtgPtPdIUfyM6fs7vUYvXRd flULsZq28A84emTWjy9RPX+pkkmoFYiK6Mf36bVW/e4BkTLM5/80Lj16F9HAA6Kp6XEcw0iAn8s R+Fd0gTNUoQutEjj9RMWUzOFnBdRm1Th28UHqxkP+mLeVRDHBE2No0kY8nXxEMdyTxAUjkd2Qhw wg3EFcRQ8/Mhfn89JwEVlUVWkIkn35WMqfhwjvcNkQ/Ol46nKc2KNGo+6MAMHUx5aoFd82SUxp3 siWzkHL3KQzlk1/upnd9oOXjFTLQD5XDkFpGPNNDLZ+430VkhruOS1TAvaSq8VGZQoAy8oRi0Uw wRDcPuNw+t6CGZidm2qucE/CQlofhwy+ViFmDEleZxP0JSm87sU2hL3+AXpN/hgqbM490G4/onS cYsHe8gEtrsH94tVbHfFtBzTAob+bPQTXmg0mjoVmQ69XTRxal+1gT10D0sY7Ng4I/rgaEFMuaS 6u7Y69BSV1RpNLWQNGofWGeTBxpvwXDsxM= X-Google-Smtp-Source: AGHT+IEMZlzatw7e2OEOfp/rsKg38G6m5qjE+IURgyPQ1x6dYCnh/AsGFOg6A7Qx7IWrKsgoAW/vGw== X-Received: by 2002:a05:690c:3341:b0:783:796c:c1a8 with SMTP id 00721157ae682-783796cc37cmr246244467b3.39.1761076036469; Tue, 21 Oct 2025 12:47:16 -0700 (PDT) Received: from localhost.localdomain (h96-60-249-169.cncrtn.broadband.dynamic.tds.net. [96.60.249.169]) by smtp.gmail.com with UTF8SMTPSA id 00721157ae682-784673bd838sm31244497b3.21.2025.10.21.12.47.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 21 Oct 2025 12:47:15 -0700 (PDT) From: Demi Marie Obenour Date: Tue, 21 Oct 2025 15:27:04 -0400 Subject: [PATCH v4 1/2] tools/xdp-forwarder: Do not include libc headers in eBPF programs MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <20251021-fix-forwarder-build-v4-1-b978718c004d@gmail.com> References: <20251021-fix-forwarder-build-v4-0-b978718c004d@gmail.com> In-Reply-To: <20251021-fix-forwarder-build-v4-0-b978718c004d@gmail.com> To: Spectrum OS Development X-Mailer: b4 0.14.3 X-Developer-Signature: v=1; a=ed25519-sha256; t=1761074823; l=7068; i=demiobenour@gmail.com; s=20250729; h=from:subject:message-id; bh=hlDXR68sh5WRfwIPy2eRKQMUj6pkTPowMWpnmC8sqXI=; b=loaozMmfL8wI2zWCzsbXats9I1hJJj/dwrdja7cGYyT05kTAFaekXNv2V2fB6bPutMSn3T/Qe XXGPDFgdCHVAhbvgnCsuvtpTrC48cGQIOjx928Y+MsuqJrjoKup8+9G X-Developer-Key: i=demiobenour@gmail.com; a=ed25519; pk=X57Q4/YQDj9t4SBeKaDwvXYKB6quZJVx/DE2Ly2out0= Message-ID-Hash: RRQZZ7I3MDCVGHE6Q4SS74AHBPH5MZGU X-Message-ID-Hash: RRQZZ7I3MDCVGHE6Q4SS74AHBPH5MZGU X-MailFrom: demiobenour@gmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-devel.spectrum-os.org-0; header-match-devel.spectrum-os.org-1; header-match-devel.spectrum-os.org-2; header-match-devel.spectrum-os.org-3; header-match-devel.spectrum-os.org-4; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Demi Marie Obenour , Alyssa Ross X-Mailman-Version: 3.3.9 Precedence: list List-Id: Patches and low-level development discussion Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: The build happened to work on arm64 because the glibc arm64 headers don't support multilib. On x86_64, glibc headers assume that BPF is a 32-bit platform (because __x86_64__ isn't defined) and fail to find the 32-bit headers. This is not a glibc bug. Rather, BPF programs should not be including glibc headers. Most Linux headers are not trivial to include in BPF programs. The version of the headers meant for userspace use do include glibc headers, and that isn't supported in BPF. The version meant for building kernel modules does not, but using it requires much more complicated build system. Solve this problem by only including headers intended for use in BPF programs. These headers include declarations explicitly intended for use in BPF programs, so if they do pull in libc headers that is a bug. Nix's wrapped clang would pull in libc headers automatically and is not suitable when a target is specified explicitly. Therefore, use an unwrapped clang. Signed-off-by: Demi Marie Obenour --- To check that the program does not include libc headers, one can add #include (or any other libc header) and check that one gets an appropriate error. Signed-off-by: Demi Marie Obenour --- tools/default.nix | 11 +++---- tools/meson.options | 4 +++ tools/xdp-forwarder/meson.build | 11 +++++-- tools/xdp-forwarder/parsing_helpers.h | 57 ----------------------------------- 4 files changed, 18 insertions(+), 65 deletions(-) diff --git a/tools/default.nix b/tools/default.nix index 2c6846c80073e7b64fb7a19488103f6cf97a4420..f4febc9aba394fad85f20a51bb33e6b3b9224bab 100644 --- a/tools/default.nix +++ b/tools/default.nix @@ -6,7 +6,7 @@ import ../lib/call-package.nix ( { src, lib, stdenv, fetchCrate, fetchurl, runCommand, buildPackages , meson, ninja, pkg-config, rustc , clang-tools, clippy, jq -, dbus +, dbus, linuxHeaders # clang 19 (current nixpkgs default) is too old to support -fwrapv-pointer , clang_21, libbpf , buildSupport ? false @@ -87,8 +87,8 @@ stdenv.mkDerivation (finalAttrs: { nativeBuildInputs = [ meson ninja ] ++ lib.optionals (appSupport || driverSupport) [ pkg-config ] ++ lib.optionals hostSupport [ rustc ] - ++ lib.optionals driverSupport [ clang_21 ]; - buildInputs = lib.optionals appSupport [ dbus ] ++ lib.optionals driverSupport [ libbpf ]; + ++ lib.optionals driverSupport [ clang_21.cc ]; + buildInputs = lib.optionals appSupport [ dbus ] ++ lib.optionals driverSupport [ libbpf linuxHeaders ]; postPatch = lib.optionals hostSupport (lib.concatMapStringsSep "\n" (crate: '' mkdir -p subprojects/packagecache @@ -104,11 +104,10 @@ stdenv.mkDerivation (finalAttrs: { "-Dtests=false" "-Dunwind=false" "-Dwerror=true" + ] ++ lib.optionals driverSupport [ + "-Dlinux-headers=${linuxHeaders}" ]; - # Not supported for target bpf - hardeningDisable = lib.optionals driverSupport [ "zerocallusedregs" ]; - passthru.tests = { clang-tidy = finalAttrs.finalPackage.overrideAttrs ( { name, src, nativeBuildInputs ? [], ... }: diff --git a/tools/meson.options b/tools/meson.options index 301efb9f677fdec57c8491fd6a6868f2d35cb076..2077cdeb33d6b962107b46733f855172ecfc499d 100644 --- a/tools/meson.options +++ b/tools/meson.options @@ -13,6 +13,10 @@ option('driver', type : 'boolean', value : false, option('hostfsrootdir', type : 'string', value : '/run/host', description : 'Path where the virtio-fs provided by the host will be mounted') +option('linux-headers', + type : 'string', + description : 'Path to Linux kernel package') + option('tests', type : 'boolean', description : 'Build tests') diff --git a/tools/xdp-forwarder/meson.build b/tools/xdp-forwarder/meson.build index b73130eb27b8000a102b0a8847ecb06b93a955d2..501540af4d3e786774cedc1bb092c9887a2f37d8 100644 --- a/tools/xdp-forwarder/meson.build +++ b/tools/xdp-forwarder/meson.build @@ -11,8 +11,13 @@ executable('set-router-iface', 'set_router_iface.c', clang = find_program('clang', native : true) +linux_headers_path = get_option('linux-headers') +if linux_headers_path == '' + error('Linux header path must be provided to build XDP forwarder') +endif + bpf_o_cmd = [ - clang.full_path(), + clang, '-fno-stack-protector', '-fno-strict-aliasing', '-fwrapv', '-fwrapv-pointer', @@ -22,10 +27,12 @@ bpf_o_cmd = [ '-Wno-sign-compare', '-O2', '-target', 'bpf', - '-I', meson.current_source_dir() + '/include', '-g', '-c', + '-std=gnu23', '-o', '@OUTPUT@', + '-I', libbpf.get_variable('includedir'), + '-I', linux_headers_path + '/include', '-MD', '-MQ', '@OUTPUT', '-MF', '@DEPFILE@', diff --git a/tools/xdp-forwarder/parsing_helpers.h b/tools/xdp-forwarder/parsing_helpers.h index da099346008bd58485af8308feb4d3391ceef8f5..1ea822100fdb9a75c2d28d34d93e6bb2b5d3ae26 100644 --- a/tools/xdp-forwarder/parsing_helpers.h +++ b/tools/xdp-forwarder/parsing_helpers.h @@ -26,8 +26,6 @@ #include #include #include -#include -#include #include #include @@ -46,16 +44,6 @@ struct vlan_hdr { __be16 h_vlan_encapsulated_proto; }; -/* - * Struct icmphdr_common represents the common part of the icmphdr and icmp6hdr - * structures. - */ -struct icmphdr_common { - __u8 type; - __u8 code; - __sum16 cksum; -}; - /* Allow users of header file to redefine VLAN max depth */ #ifndef VLAN_MAX_DEPTH #define VLAN_MAX_DEPTH 2 @@ -175,51 +163,6 @@ static __always_inline int parse_iphdr(struct hdr_cursor *nh, return iph->protocol; } -static __always_inline int parse_icmp6hdr(struct hdr_cursor *nh, - void *data_end, - struct icmp6hdr **icmp6hdr) -{ - struct icmp6hdr *icmp6h = nh->pos; - - if (icmp6h + 1 > data_end) - return -1; - - nh->pos = icmp6h + 1; - *icmp6hdr = icmp6h; - - return icmp6h->icmp6_type; -} - -static __always_inline int parse_icmphdr(struct hdr_cursor *nh, - void *data_end, - struct icmphdr **icmphdr) -{ - struct icmphdr *icmph = nh->pos; - - if (icmph + 1 > data_end) - return -1; - - nh->pos = icmph + 1; - *icmphdr = icmph; - - return icmph->type; -} - -static __always_inline int parse_icmphdr_common(struct hdr_cursor *nh, - void *data_end, - struct icmphdr_common **icmphdr) -{ - struct icmphdr_common *h = nh->pos; - - if (h + 1 > data_end) - return -1; - - nh->pos = h + 1; - *icmphdr = h; - - return h->type; -} - /* * parse_udphdr: parse the udp header and return the length of the udp payload */ -- 2.51.1