From: sashiko-bot@kernel.org
To: "Jan Polensky" <japo@linux.ibm.com>
Cc: linux-perf-users@vger.kernel.org
Subject: Re: [PATCH 1/1] perf build: Fix Python extension build with GCC 16 hardening
Date: Wed, 20 May 2026 13:09:05 +0000 [thread overview]
Message-ID: <20260520130905.9C85D1F000E9@smtp.kernel.org> (raw)
In-Reply-To: <20260520125637.105681-1-japo@linux.ibm.com>
Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
- [Medium] The patch explicitly allows text relocations in the Python extension shared object (`perf.so`) by adding `-Wl,-z,notext`, masking the root cause of missing `-fPIC` flags and breaking W^X (Write XOR Execute) security protections.
--
commit f3832fb0ad0d1f9c2e69039b2a5110f77d220d5e
Author: Jan Polensky <japo@linux.ibm.com>
perf build: Fix Python extension build with GCC 16 hardening
This commit addresses a build failure in the Python extension caused by GCC 16
stricter security policies regarding dynamic relocations in read-only segments.
It adds the -Wl,-z,notext flag to the linker to explicitly allow text
relocations in the Python extension shared object.
> diff --git a/tools/perf/Makefile.perf b/tools/perf/Makefile.perf
> index 76b35ac19acbf..eea170d6576db 100644
> --- a/tools/perf/Makefile.perf
> +++ b/tools/perf/Makefile.perf
> @@ -749,7 +749,7 @@ all: shell_compatibility_test $(ALL_PROGRAMS) $(LANG_BINDINGS) $(OTHER_PROGRAMS)
> $(shell [ -d '$(OUTPUT)python' ] || mkdir -p '$(OUTPUT)python')
>
> $(OUTPUT)python/perf$(PYTHON_EXTENSION_SUFFIX): util/python.c util/setup.py $(PERFLIBS_PY)
> - $(QUIET_GEN)LDSHARED="$(CC) -pthread -shared" \
> + $(QUIET_GEN)LDSHARED="$(CC) -pthread -shared -Wl,-z,notext" \
[Severity: Medium]
Does adding -Wl,-z,notext mask the root cause of the GCC 16 linker error?
The error regarding dynamic relocations in a read-only segment usually
indicates that non-position-independent code from the static libraries
is being linked into the shared library.
Using -Wl,-z,notext suppresses this error by allowing text relocations, which
forces the dynamic linker to map the executable text segment as writable at
load time. This breaks W^X security protections and weakens the security of
any Python process loading the extension.
Should the required object files be compiled with -fPIC instead to properly
resolve the linker error without compromising security?
> CFLAGS='$(CFLAGS)' LDFLAGS='$(LDFLAGS) $(LIBS_PY)' \
> $(PYTHON_WORD) util/setup.py \
> --quiet build_ext; \
--
Sashiko AI review · https://sashiko.dev/#/patchset/20260520125637.105681-1-japo@linux.ibm.com?part=1
next prev parent reply other threads:[~2026-05-20 13:09 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-20 12:56 [PATCH 1/1] perf build: Fix Python extension build with GCC 16 hardening Jan Polensky
2026-05-20 13:09 ` sashiko-bot [this message]
2026-05-24 2:49 ` Arnaldo Carvalho de Melo
2026-05-26 10:30 ` Jan Polensky
2026-05-26 15:23 ` Ian Rogers
2026-05-26 16:20 ` Jan Polensky
2026-05-26 16:59 ` Ian Rogers
2026-05-27 18:02 ` Jan Polensky
2026-05-27 21:08 ` Namhyung Kim
2026-05-28 21:55 ` Ian Rogers
2026-06-03 15:22 ` Ian Rogers
2026-06-10 11:47 ` Jens Remus
2026-05-20 13:38 ` Thomas Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260520130905.9C85D1F000E9@smtp.kernel.org \
--to=sashiko-bot@kernel.org \
--cc=japo@linux.ibm.com \
--cc=linux-perf-users@vger.kernel.org \
--cc=sashiko-reviews@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.