Yureka writes: > On 9/23/25 17:31, Alyssa Ross wrote: >> Yureka writes: >> >>> On 9/23/25 17:14, Alyssa Ross wrote: >>>> Yureka Lilian writes: >>>>> @@ -88,12 +94,15 @@ stdenv.mkDerivation (finalAttrs: { >>>>> mesonFlags = [ >>>>> (lib.mesonBool "app" appSupport) >>>>> (lib.mesonBool "host" hostSupport) >>>>> + (lib.mesonBool "driver" driverSupport) >>>>> "-Dhostfsrootdir=/run/virtiofs/virtiofs0" >>>>> "-Dtests=false" >>>>> "-Dunwind=false" >>>>> "-Dwerror=true" >>>>> ]; >>>>> >>>>> + hardeningDisable = lib.optionals driverSupport [ "zerocallusedregs" ]; >>>>> + >>>> Could we instead do this in bpf_o_cmd, so it's not disabled for >>>> userspace programs? >>> This environment variable works on the stdenv level, so it is difficult >>> to mix it in from the meson recipe. Any way to do this would add NixOS >>> specifics to the meson recipe and doesn't feel quite right. >> The environment variable in stdenv just adds >> -fzero-call-used-regs=used-gpr to the compiler flags, before the ones >> given on the command line, so I was thinking we could just add >> -fzero-call-used-regs=skip (the default) to bpf_o_cmd, to explicitly say >> we don't want it for these compiler invocations. It'll override the >> option given by the compiler wrapper, and won't do anything Nix-specific >> — it would be the right thing for other distros that change compiler >> defaults as well, which I think is not that uncommon. > > Sadly this does not work, because passing -fzero-call-used-regs=skip > results in > > clang: error: unsupported option '-fzero-call-used-regs=skip' for target > 'bpf' Ah okay, disabling the hardening is fine then.