From 4716425bb770e3f47e850cdee77094e75a104f4a Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 26 May 2021 11:52:38 +0800 Subject: [PATCH 1/3] add sp --- 0014-add-secure-compile-option-fstack.patch | 79 +++++++++++++++++++++ dpdk.spec | 7 +- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 0014-add-secure-compile-option-fstack.patch diff --git a/0014-add-secure-compile-option-fstack.patch b/0014-add-secure-compile-option-fstack.patch new file mode 100644 index 0000000..3d82061 --- /dev/null +++ b/0014-add-secure-compile-option-fstack.patch @@ -0,0 +1,79 @@ +diff -Nur dpdk-19.11/drivers/net/mlx4/Makefile dpdk-19.11-new/drivers/net/mlx4/Makefile +--- dpdk-19.11/drivers/net/mlx4/Makefile 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/drivers/net/mlx4/Makefile 2021-05-26 11:14:55.979999787 +0800 +@@ -42,7 +42,7 @@ + ifeq ($(CONFIG_RTE_IBVERBS_LINK_DLOPEN),y) + CFLAGS += -DMLX4_GLUE='"$(LIB_GLUE)"' + CFLAGS += -DMLX4_GLUE_VERSION='"$(LIB_GLUE_VERSION)"' +-CFLAGS_mlx4_glue.o += -fPIC ++CFLAGS_mlx4_glue.o += -fPIC -fstack-protector-strong + LDLIBS += -ldl + else ifeq ($(CONFIG_RTE_IBVERBS_LINK_STATIC),y) + LDLIBS += $(shell $(RTE_SDK)/buildtools/options-ibverbs-static.sh) +diff -Nur dpdk-19.11/drivers/net/mlx5/Makefile dpdk-19.11-new/drivers/net/mlx5/Makefile +--- dpdk-19.11/drivers/net/mlx5/Makefile 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/drivers/net/mlx5/Makefile 2021-05-26 11:15:30.016181283 +0800 +@@ -57,7 +57,7 @@ + ifeq ($(CONFIG_RTE_IBVERBS_LINK_DLOPEN),y) + CFLAGS += -DMLX5_GLUE='"$(LIB_GLUE)"' + CFLAGS += -DMLX5_GLUE_VERSION='"$(LIB_GLUE_VERSION)"' +-CFLAGS_mlx5_glue.o += -fPIC ++CFLAGS_mlx5_glue.o += -fPIC -fstack-protector-strong + LDLIBS += -ldl + else ifeq ($(CONFIG_RTE_IBVERBS_LINK_STATIC),y) + LDLIBS += $(shell $(RTE_SDK)/buildtools/options-ibverbs-static.sh) +diff -Nur dpdk-19.11/mk/exec-env/linux/rte.vars.mk dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk +--- dpdk-19.11/mk/exec-env/linux/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk 2021-05-26 11:17:05.012687847 +0800 +@@ -12,9 +12,9 @@ + # examples for RTE_EXEC_ENV: linux, freebsd + # + ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) +-EXECENV_CFLAGS = -pthread -fPIC ++EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong + else +-EXECENV_CFLAGS = -pthread ++EXECENV_CFLAGS = -pthread -fstack-protector-strong + endif + + # include in every library to build +diff -Nur dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk +--- dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk 2021-05-26 11:17:05.012687847 +0800 +@@ -12,9 +12,9 @@ + # examples for RTE_EXEC_ENV: linux, freebsd + # + ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) +-EXECENV_CFLAGS = -pthread -fPIC ++EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong + else +-EXECENV_CFLAGS = -pthread ++EXECENV_CFLAGS = -pthread -fstack-protector-strong + endif + + # include in every library to build +diff -Nur dpdk-19.11/mk/rte.lib.mk dpdk-19.11-new/mk/rte.lib.mk +--- dpdk-19.11/mk/rte.lib.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/rte.lib.mk 2021-05-26 11:19:27.637448389 +0800 +@@ -53,6 +53,7 @@ + + ifeq ($(LINK_USING_CC),1) + # Override the definition of LD here, since we're linking with CC ++CPU_CFLAGS += -fstack-protector-strong + LD := $(CC) $(CPU_CFLAGS) $(EXTRA_CFLAGS) + _CPU_LDFLAGS := $(call linkerprefix,$(CPU_LDFLAGS)) + override EXTRA_LDFLAGS := $(call linkerprefix,$(EXTRA_LDFLAGS)) +diff -Nur dpdk-19.11/mk/target/generic/rte.vars.mk dpdk-19.11-new/mk/target/generic/rte.vars.mk +--- dpdk-19.11/mk/target/generic/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/target/generic/rte.vars.mk 2021-05-26 11:20:38.701827337 +0800 +@@ -75,8 +75,8 @@ + include $(RTE_SDK)/mk/rte.cpuflags.mk + + # merge all CFLAGS +-CFLAGS := $(CPU_CFLAGS) $(EXECENV_CFLAGS) $(TOOLCHAIN_CFLAGS) $(MACHINE_CFLAGS) +-CFLAGS += $(TARGET_CFLAGS) ++CFLAGS := $(CPU_CFLAGS) $(EXECENV_CFLAGS) $(TOOLCHAIN_CFLAGS) $(MACHINE_CFLAGS) ++CFLAGS += $(TARGET_CFLAGS) -fstack-protector-strong + + # merge all LDFLAGS + LDFLAGS := $(CPU_LDFLAGS) $(EXECENV_LDFLAGS) $(TOOLCHAIN_LDFLAGS) $(MACHINE_LDFLAGS) diff --git a/dpdk.spec b/dpdk.spec index 0443e4f..d3b59e1 100644 --- a/dpdk.spec +++ b/dpdk.spec @@ -1,6 +1,6 @@ Name: dpdk Version: 19.11 -Release: 10 +Release: 11 Packager: packaging@6wind.com URL: http://dpdk.org %global source_version 19.11 @@ -40,6 +40,7 @@ Patch30: 0010-dpdk-fix-error-in-clearing-secondary-process-memseg-lists.patch Patch31: 0011-dpdk-fix-coredump-when-primary-process-attach-without-shared-file.patch Patch32: 0012-dpdk-fix-fbarray-memseg-destory-error-during-detach.patch Patch33: 0013-dpdk-optimize-the-efficiency-of-compiling-dpdk.patch +Patch34: 0014-add-secure-compile-option-fstack.patch Summary: Data Plane Development Kit core Group: System Environment/Libraries @@ -128,6 +129,7 @@ This package contains the pdump tool for capture the dpdk network packets. %patch9 -p1 %patch10 -p1 %patch33 -p1 +%patch34 -p1 %build namer=%{kern_devel_ver} @@ -222,6 +224,9 @@ strip -g $RPM_BUILD_ROOT/lib/modules/${namer}/extra/dpdk/rte_kni.ko /usr/sbin/depmod %changelog +* Wed May 26 2021 zhangyao - 19.11-11 +- add sp + * Mon May 24 2021 renmingshuai - 19.11-10 - optimize the efficiency of compiling dpdk -- Gitee From 39241b8fe4478276cd28cb0e9c0eb80b995fbc17 Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 26 May 2021 13:35:56 +0800 Subject: [PATCH 2/3] add sp --- 0014-add-secure-compile-option-fstack.patch | 93 ++++----------------- 1 file changed, 18 insertions(+), 75 deletions(-) diff --git a/0014-add-secure-compile-option-fstack.patch b/0014-add-secure-compile-option-fstack.patch index 3d82061..5f259f3 100644 --- a/0014-add-secure-compile-option-fstack.patch +++ b/0014-add-secure-compile-option-fstack.patch @@ -1,79 +1,22 @@ diff -Nur dpdk-19.11/drivers/net/mlx4/Makefile dpdk-19.11-new/drivers/net/mlx4/Makefile --- dpdk-19.11/drivers/net/mlx4/Makefile 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/drivers/net/mlx4/Makefile 2021-05-26 11:14:55.979999787 +0800 -@@ -42,7 +42,7 @@ - ifeq ($(CONFIG_RTE_IBVERBS_LINK_DLOPEN),y) - CFLAGS += -DMLX4_GLUE='"$(LIB_GLUE)"' - CFLAGS += -DMLX4_GLUE_VERSION='"$(LIB_GLUE_VERSION)"' --CFLAGS_mlx4_glue.o += -fPIC -+CFLAGS_mlx4_glue.o += -fPIC -fstack-protector-strong - LDLIBS += -ldl - else ifeq ($(CONFIG_RTE_IBVERBS_LINK_STATIC),y) - LDLIBS += $(shell $(RTE_SDK)/buildtools/options-ibverbs-static.sh) ++++ dpdk-19.11-new/drivers/net/mlx4/Makefile 2021-05-26 13:33:36.758776651 +0800 +@@ -32,6 +32,7 @@ + # Basic CFLAGS. + CFLAGS += -O3 + CFLAGS += -std=c11 -Wall -Wextra ++CFLAGS += -fstack-protector-strong + CFLAGS += -g + CFLAGS += -I. + CFLAGS += -D_BSD_SOURCE diff -Nur dpdk-19.11/drivers/net/mlx5/Makefile dpdk-19.11-new/drivers/net/mlx5/Makefile --- dpdk-19.11/drivers/net/mlx5/Makefile 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/drivers/net/mlx5/Makefile 2021-05-26 11:15:30.016181283 +0800 -@@ -57,7 +57,7 @@ - ifeq ($(CONFIG_RTE_IBVERBS_LINK_DLOPEN),y) - CFLAGS += -DMLX5_GLUE='"$(LIB_GLUE)"' - CFLAGS += -DMLX5_GLUE_VERSION='"$(LIB_GLUE_VERSION)"' --CFLAGS_mlx5_glue.o += -fPIC -+CFLAGS_mlx5_glue.o += -fPIC -fstack-protector-strong - LDLIBS += -ldl - else ifeq ($(CONFIG_RTE_IBVERBS_LINK_STATIC),y) - LDLIBS += $(shell $(RTE_SDK)/buildtools/options-ibverbs-static.sh) -diff -Nur dpdk-19.11/mk/exec-env/linux/rte.vars.mk dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk ---- dpdk-19.11/mk/exec-env/linux/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk 2021-05-26 11:17:05.012687847 +0800 -@@ -12,9 +12,9 @@ - # examples for RTE_EXEC_ENV: linux, freebsd - # - ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) --EXECENV_CFLAGS = -pthread -fPIC -+EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong - else --EXECENV_CFLAGS = -pthread -+EXECENV_CFLAGS = -pthread -fstack-protector-strong - endif - - # include in every library to build -diff -Nur dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk ---- dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk 2021-05-26 11:17:05.012687847 +0800 -@@ -12,9 +12,9 @@ - # examples for RTE_EXEC_ENV: linux, freebsd - # - ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) --EXECENV_CFLAGS = -pthread -fPIC -+EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong - else --EXECENV_CFLAGS = -pthread -+EXECENV_CFLAGS = -pthread -fstack-protector-strong - endif - - # include in every library to build -diff -Nur dpdk-19.11/mk/rte.lib.mk dpdk-19.11-new/mk/rte.lib.mk ---- dpdk-19.11/mk/rte.lib.mk 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/mk/rte.lib.mk 2021-05-26 11:19:27.637448389 +0800 -@@ -53,6 +53,7 @@ - - ifeq ($(LINK_USING_CC),1) - # Override the definition of LD here, since we're linking with CC -+CPU_CFLAGS += -fstack-protector-strong - LD := $(CC) $(CPU_CFLAGS) $(EXTRA_CFLAGS) - _CPU_LDFLAGS := $(call linkerprefix,$(CPU_LDFLAGS)) - override EXTRA_LDFLAGS := $(call linkerprefix,$(EXTRA_LDFLAGS)) -diff -Nur dpdk-19.11/mk/target/generic/rte.vars.mk dpdk-19.11-new/mk/target/generic/rte.vars.mk ---- dpdk-19.11/mk/target/generic/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 -+++ dpdk-19.11-new/mk/target/generic/rte.vars.mk 2021-05-26 11:20:38.701827337 +0800 -@@ -75,8 +75,8 @@ - include $(RTE_SDK)/mk/rte.cpuflags.mk - - # merge all CFLAGS --CFLAGS := $(CPU_CFLAGS) $(EXECENV_CFLAGS) $(TOOLCHAIN_CFLAGS) $(MACHINE_CFLAGS) --CFLAGS += $(TARGET_CFLAGS) -+CFLAGS := $(CPU_CFLAGS) $(EXECENV_CFLAGS) $(TOOLCHAIN_CFLAGS) $(MACHINE_CFLAGS) -+CFLAGS += $(TARGET_CFLAGS) -fstack-protector-strong - - # merge all LDFLAGS - LDFLAGS := $(CPU_LDFLAGS) $(EXECENV_LDFLAGS) $(TOOLCHAIN_LDFLAGS) $(MACHINE_LDFLAGS) ++++ dpdk-19.11-new/drivers/net/mlx5/Makefile 2021-05-26 13:30:10.237676396 +0800 +@@ -47,6 +47,7 @@ + # Basic CFLAGS. + CFLAGS += -O3 + CFLAGS += -std=c11 -Wall -Wextra ++CFLAGS += -fstack-protector-strong + CFLAGS += -g + CFLAGS += -I. + CFLAGS += -D_BSD_SOURCE -- Gitee From fb1b79e2d9ed7a05314c297cf6c5ae416d2a811f Mon Sep 17 00:00:00 2001 From: boris Date: Wed, 26 May 2021 13:55:24 +0800 Subject: [PATCH 3/3] add sp -test-2 --- 0014-add-secure-compile-option-fstack.patch | 30 +++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/0014-add-secure-compile-option-fstack.patch b/0014-add-secure-compile-option-fstack.patch index 5f259f3..be18dd6 100644 --- a/0014-add-secure-compile-option-fstack.patch +++ b/0014-add-secure-compile-option-fstack.patch @@ -20,3 +20,33 @@ diff -Nur dpdk-19.11/drivers/net/mlx5/Makefile dpdk-19.11-new/drivers/net/mlx5/M CFLAGS += -g CFLAGS += -I. CFLAGS += -D_BSD_SOURCE +diff -Nur dpdk-19.11/mk/exec-env/linux/rte.vars.mk dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk +--- dpdk-19.11/mk/exec-env/linux/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/exec-env/linux/rte.vars.mk 2021-05-26 13:54:01.525107672 +0800 +@@ -12,9 +12,9 @@ + # examples for RTE_EXEC_ENV: linux, freebsd + # + ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) +-EXECENV_CFLAGS = -pthread -fPIC ++EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong + else +-EXECENV_CFLAGS = -pthread ++EXECENV_CFLAGS = -pthread -fstack-protector-strong + endif + + # include in every library to build +diff -Nur dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk +--- dpdk-19.11/mk/exec-env/linuxapp/rte.vars.mk 2020-02-24 18:59:55.000000000 +0800 ++++ dpdk-19.11-new/mk/exec-env/linuxapp/rte.vars.mk 2021-05-26 13:54:01.525107672 +0800 +@@ -12,9 +12,9 @@ + # examples for RTE_EXEC_ENV: linux, freebsd + # + ifeq ($(CONFIG_RTE_BUILD_SHARED_LIB),y) +-EXECENV_CFLAGS = -pthread -fPIC ++EXECENV_CFLAGS = -pthread -fPIC -fstack-protector-strong + else +-EXECENV_CFLAGS = -pthread ++EXECENV_CFLAGS = -pthread -fstack-protector-strong + endif + + # include in every library to build -- Gitee