[PATCH 0/2] Fix CI build on Free BSD 13

[PATCH 0/2] Fix CI build on Free BSD 13

[Daniel P. Berrangé]

FreeBSD seems to have prematurely purged the 13.2 images from gcloud,
despite 13.3 not being announced until tomorrow. Historically the old
images were left available for quite some time, until we noticed ports
failing due to missing symbols. Either way we need to update to 13.3

This exposed a clang bug so needs a workaround adding too.

Daniel P. Berrangé (2):
  meson: detect broken clang 17 with -fzero-call-used-regs
  gitlab: update FreeBSD Cirrus CI image to 13.3

 .gitlab-ci.d/cirrus.yml |  2 +-
 meson.build             | 17 ++++++++++++-----
 2 files changed, 13 insertions(+), 6 deletions(-)

-- 
2.43.0

[PATCH 1/2] meson: detect broken clang 17 with -fzero-call-used-regs

[Daniel P. Berrangé]

Clang 17 will segv if given  -fzero-call-used-regs and optimization
is enabled. Since upstream hasn't triaged the bug, distros are
increasingly shipping with broken Clang.

https://github.com/llvm/llvm-project/issues/75168
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277474
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 meson.build | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/meson.build b/meson.build
index 0ef1654e86..762798f2ee 100644
--- a/meson.build
+++ b/meson.build
@@ -555,17 +555,24 @@ endif
 # Check further flags that make QEMU more robust against malicious parties
 
 hardening_flags = [
-    # Zero out registers used during a function call
-    # upon its return. This makes it harder to assemble
-    # ROP gadgets into something usable
-    '-fzero-call-used-regs=used-gpr',
-
     # Initialize all stack variables to zero. This makes
     # it harder to take advantage of uninitialized stack
     # data to drive exploits
     '-ftrivial-auto-var-init=zero',
 ]
 
+# Zero out registers used during a function call
+# upon its return. This makes it harder to assemble
+# ROP gadgets into something usable
+#
+# NB: CLang 17 is broken and SEGVs
+# https://github.com/llvm/llvm-project/issues/75168
+if cc.compiles('extern struct { void (*cb)(void); } s; void f(void) { s.cb(); }',
+               name: '-fzero-call-used-regs=used-gpr',
+               args: ['-O2', '-fzero-call-used-regs=used-gpr'])
+    hardening_flags += '-fzero-call-used-regs=used-gpr'
+endif
+
 qemu_common_flags += cc.get_supported_arguments(hardening_flags)
 
 add_global_arguments(qemu_common_flags, native: false, language: all_languages)
-- 
2.43.0

[PATCH 2/2] gitlab: update FreeBSD Cirrus CI image to 13.3

[Daniel P. Berrangé]

The 13.2 images have been deleted from gcloud

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitlab-ci.d/cirrus.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
index 64f2e25afa..b45f9de62f 100644
--- a/.gitlab-ci.d/cirrus.yml
+++ b/.gitlab-ci.d/cirrus.yml
@@ -52,7 +52,7 @@ x64-freebsd-13-build:
     NAME: freebsd-13
     CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
     CIRRUS_VM_IMAGE_SELECTOR: image_family
-    CIRRUS_VM_IMAGE_NAME: freebsd-13-2
+    CIRRUS_VM_IMAGE_NAME: freebsd-13-3
     CIRRUS_VM_CPUS: 8
     CIRRUS_VM_RAM: 8G
     UPDATE_COMMAND: pkg update; pkg upgrade -y
-- 
2.43.0

Re: [PATCH 1/2] meson: detect broken clang 17 with -fzero-call-used-regs

[Peter Maydell]

On Mon, 4 Mar 2024 at 14:46, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> Clang 17 will segv if given  -fzero-call-used-regs and optimization
> is enabled. Since upstream hasn't triaged the bug, distros are
> increasingly shipping with broken Clang.
>
> https://github.com/llvm/llvm-project/issues/75168
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277474
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  meson.build | 17 ++++++++++++-----
>  1 file changed, 12 insertions(+), 5 deletions(-)
>
> diff --git a/meson.build b/meson.build
> index 0ef1654e86..762798f2ee 100644
> --- a/meson.build
> +++ b/meson.build
> @@ -555,17 +555,24 @@ endif
>  # Check further flags that make QEMU more robust against malicious parties
>
>  hardening_flags = [
> -    # Zero out registers used during a function call
> -    # upon its return. This makes it harder to assemble
> -    # ROP gadgets into something usable
> -    '-fzero-call-used-regs=used-gpr',
> -
>      # Initialize all stack variables to zero. This makes
>      # it harder to take advantage of uninitialized stack
>      # data to drive exploits
>      '-ftrivial-auto-var-init=zero',
>  ]
>
> +# Zero out registers used during a function call
> +# upon its return. This makes it harder to assemble
> +# ROP gadgets into something usable
> +#
> +# NB: CLang 17 is broken and SEGVs

"Clang"

> +# https://github.com/llvm/llvm-project/issues/75168
> +if cc.compiles('extern struct { void (*cb)(void); } s; void f(void) { s.cb(); }',
> +               name: '-fzero-call-used-regs=used-gpr',
> +               args: ['-O2', '-fzero-call-used-regs=used-gpr'])
> +    hardening_flags += '-fzero-call-used-regs=used-gpr'
> +endif
> +
>  qemu_common_flags += cc.get_supported_arguments(hardening_flags)
>
>  add_global_arguments(qemu_common_flags, native: false, language: all_languages)

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

The stable releases don't have the use of -fzero-call-used-regs,
so we don't need to backport this.

thanks
-- PMM

Re: [PATCH 2/2] gitlab: update FreeBSD Cirrus CI image to 13.3

[Peter Maydell]

On Mon, 4 Mar 2024 at 14:46, Daniel P. Berrangé <berrange@redhat.com> wrote:
>
> The 13.2 images have been deleted from gcloud
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  .gitlab-ci.d/cirrus.yml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
> index 64f2e25afa..b45f9de62f 100644
> --- a/.gitlab-ci.d/cirrus.yml
> +++ b/.gitlab-ci.d/cirrus.yml
> @@ -52,7 +52,7 @@ x64-freebsd-13-build:
>      NAME: freebsd-13
>      CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
>      CIRRUS_VM_IMAGE_SELECTOR: image_family
> -    CIRRUS_VM_IMAGE_NAME: freebsd-13-2
> +    CIRRUS_VM_IMAGE_NAME: freebsd-13-3
>      CIRRUS_VM_CPUS: 8
>      CIRRUS_VM_RAM: 8G
>      UPDATE_COMMAND: pkg update; pkg upgrade -y
> --

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>

This one should be tagged
Cc: qemu-stable@nongnu.org
I guess?

thanks
-- PMM

Re: [PATCH 2/2] gitlab: update FreeBSD Cirrus CI image to 13.3

[Daniel P. Berrangé]

On Mon, Mar 04, 2024 at 02:49:28PM +0000, Peter Maydell wrote:
> On Mon, 4 Mar 2024 at 14:46, Daniel P. Berrangé <berrange@redhat.com> wrote:
> >
> > The 13.2 images have been deleted from gcloud
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> >  .gitlab-ci.d/cirrus.yml | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
> > index 64f2e25afa..b45f9de62f 100644
> > --- a/.gitlab-ci.d/cirrus.yml
> > +++ b/.gitlab-ci.d/cirrus.yml
> > @@ -52,7 +52,7 @@ x64-freebsd-13-build:
> >      NAME: freebsd-13
> >      CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
> >      CIRRUS_VM_IMAGE_SELECTOR: image_family
> > -    CIRRUS_VM_IMAGE_NAME: freebsd-13-2
> > +    CIRRUS_VM_IMAGE_NAME: freebsd-13-3
> >      CIRRUS_VM_CPUS: 8
> >      CIRRUS_VM_RAM: 8G
> >      UPDATE_COMMAND: pkg update; pkg upgrade -y
> > --
> 
> Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
> 
> This one should be tagged
> Cc: qemu-stable@nongnu.org
> I guess?

Yes, this will be applicable to stable.


With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Re: [PATCH 0/2] Fix CI build on Free BSD 13

[Richard Henderson]

On 3/4/24 04:44, Daniel P. Berrangé wrote:
> Daniel P. Berrangé (2):
>    meson: detect broken clang 17 with -fzero-call-used-regs
>    gitlab: update FreeBSD Cirrus CI image to 13.3

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>

r~

Re: [PATCH 0/2] Fix CI build on Free BSD 13

[Alex Bennée]

Daniel P. Berrangé <berrange@redhat.com> writes:

> FreeBSD seems to have prematurely purged the 13.2 images from gcloud,
> despite 13.3 not being announced until tomorrow. Historically the old
> images were left available for quite some time, until we noticed ports
> failing due to missing symbols. Either way we need to update to 13.3
>
> This exposed a clang bug so needs a workaround adding too.

Queued to testing/next, thanks.

-- 
Alex Bennée
Virtualisation Tech Lead @ Linaro

Re: [PATCH 0/2] Fix CI build on Free BSD 13

[Peter Maydell]

On Mon, 4 Mar 2024 at 21:17, Alex Bennée <alex.bennee@linaro.org> wrote:
>
> Daniel P. Berrangé <berrange@redhat.com> writes:
>
> > FreeBSD seems to have prematurely purged the 13.2 images from gcloud,
> > despite 13.3 not being announced until tomorrow. Historically the old
> > images were left available for quite some time, until we noticed ports
> > failing due to missing symbols. Either way we need to update to 13.3
> >
> > This exposed a clang bug so needs a workaround adding too.
>
> Queued to testing/next, thanks.

I've applied this directly to git to fix the CI.

thanks
-- PMM