Yureka <yuka@yuka.dev> writes:
On 9/23/25 17:31, Alyssa Ross wrote:
Yureka <yuka@yuka.dev> writes:
On 9/23/25 17:14, Alyssa Ross wrote:
Yureka Lilian <yureka@cyberchaos.dev> writes:
@@ -88,12 +94,15 @@ stdenv.mkDerivation (finalAttrs: { mesonFlags = [ (lib.mesonBool "app" appSupport) (lib.mesonBool "host" hostSupport) + (lib.mesonBool "driver" driverSupport) "-Dhostfsrootdir=/run/virtiofs/virtiofs0" "-Dtests=false" "-Dunwind=false" "-Dwerror=true" ];
+ hardeningDisable = lib.optionals driverSupport [ "zerocallusedregs" ]; + Could we instead do this in bpf_o_cmd, so it's not disabled for userspace programs? This environment variable works on the stdenv level, so it is difficult to mix it in from the meson recipe. Any way to do this would add NixOS specifics to the meson recipe and doesn't feel quite right. The environment variable in stdenv just adds -fzero-call-used-regs=used-gpr to the compiler flags, before the ones given on the command line, so I was thinking we could just add -fzero-call-used-regs=skip (the default) to bpf_o_cmd, to explicitly say we don't want it for these compiler invocations. It'll override the option given by the compiler wrapper, and won't do anything Nix-specific — it would be the right thing for other distros that change compiler defaults as well, which I think is not that uncommon.
Sadly this does not work, because passing -fzero-call-used-regs=skip results in
clang: error: unsupported option '-fzero-call-used-regs=skip' for target 'bpf'
Ah okay, disabling the hardening is fine then.