The build failure happens when trying to compile bpf related code. If I add "-fno-stack-protector" to bpf_clang_flags and bpf_gcc_flags within ${workdir}/systemd-stable-252.4/src/core/bpf/meson.build the build will complete. Reproducible: Always
Created attachment 847750 [details] Build log
sys-devel/gcc-12.2.1_p20221231 sys-devel/clang-15.0.6
FAILED: src/core/bpf/socket_bind/socket-bind.bpf.unstripped.o /usr/lib/llvm/15/bin/clang -std=gnu11 -Wno-compare-distinct-pointer-types -O2 -target bpf -g -c -D__x86_64__ -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-stable-252.4/src/core/bpf/socket_bind/socket-bind.bpf.c -o src/core/bpf/socket_bind/socket-bind.bpf.unstripped.o ../systemd-stable-252.4/src/core/bpf/socket_bind/socket-bind.bpf.c:96:5: error: A call to built-in function '__stack_chk_fail' is not supported. int sd_bind4(struct bpf_sock_addr *ctx) { ^ ../systemd-stable-252.4/src/core/bpf/socket_bind/socket-bind.bpf.c:104:5: error: A call to built-in function '__stack_chk_fail' is not supported. int sd_bind6(struct bpf_sock_addr *ctx) { ^ 2 errors generated. [462/2324] /usr/lib/llvm/15/bin/clang -std=gnu11 -Wno-compare-distinct-pointer-types -O2 -target bpf -g -c -D__x86_64__ -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-stable-252.4/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c -o src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o FAILED: src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o /usr/lib/llvm/15/bin/clang -std=gnu11 -Wno-compare-distinct-pointer-types -O2 -target bpf -g -c -D__x86_64__ -I. -isystem /usr/include/x86_64-pc-linux-gnu -idirafter /usr/include ../systemd-stable-252.4/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c -o src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.unstripped.o ../systemd-stable-252.4/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c:43:5: error: A call to built-in function '__stack_chk_fail' is not supported. int sd_restrictif_e(const struct __sk_buff *sk) { ^ ../systemd-stable-252.4/src/core/bpf/restrict_ifaces/restrict-ifaces.bpf.c:48:5: error: A call to built-in function '__stack_chk_fail' is not supported. int sd_restrictif_i(const struct __sk_buff *sk) { ^ 2 errors generated.
Note that this isn't GCC, it's Clang.
would that then be getting set by USE=hardened for the clang-common package?
(In reply to Reuben Martin from comment #5) > would that then be getting set by USE=hardened for the clang-common package? Yeah, exactly. Would you mind filing a bug upstream (possibly even sending a PR)? It should be pretty straightforward like you said, it's fine to do this unconditionally.
*** Bug 890164 has been marked as a duplicate of this bug. ***
Created attachment 847942 [details, diff] systemd-bpf.patch when compiling the bpf code, try to disable clang's stack-protector would fix the problem. I've tested on unmatched board (riscv64 machine), and solved my problem. also it would be great if we can avoid these bpf automagic issue, how about introducing an USE=bpf?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=036c5283994e19f567c9c674a8567a8b49879aa1 commit 036c5283994e19f567c9c674a8567a8b49879aa1 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-01-13 05:33:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-01-13 05:33:07 +0000 sys-apps/systemd: fix build w/ clang+ssp Bug: https://bugs.gentoo.org/890004 Signed-off-by: Sam James <sam@gentoo.org> .../systemd/files/252-no-stack-protector-bpf.patch | 26 ++++++++++++++++++++++ sys-apps/systemd/systemd-252.4-r1.ebuild | 1 + 2 files changed, 27 insertions(+)
Thanks. Leaving open for the automagic bpf dep/usage.
(In reply to Sam James from comment #10) > Thanks. Leaving open for the automagic bpf dep/usage. Let's close and handle it in the dedicated bug I just filed: bug 917228.
