fix libfdt linking when compiled using -fstack-protector

.cargo/config

@@ -2,14 +2,5 @@
 target = "x86_64-unknown-linux-musl"
 target-dir = "build/cargo_target"
 
-[target.'cfg(any(target_arch="arm", target_arch="aarch64"))']
-# On aarch64 musl depends on some libgcc functions (i.e `__addtf3` and other `*tf3` functions) for logic that uses
-# long double. Such functions are not builtin in the rust compiler, so we need to get them from libgcc.
-# No need for the `crt_static` flag as rustc appends it by default.
-rustflags = [
-	"-C", "link-arg=-lgcc",
-	"-C", "link-arg=-lfdt",
-]
-
 [net]
 git-fetch-with-cli = true

src/arch/Cargo.toml

@@ -18,3 +18,6 @@ utils = { path = "../utils" }
 
 [dev-dependencies]
 device_tree = ">=1.1.0"
+
+[target.'cfg(target_arch="aarch64")'.dependencies]
+libfdt-bindings = { path = "../libfdt-bindings" }

src/arch/src/aarch64/fdt.rs

@@ -5,13 +5,15 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the THIRD-PARTY file.
 
-use libc::{c_char, c_int, c_void};
+use libc::{c_int, c_void};
 use std::collections::HashMap;
 use std::ffi::{CStr, CString, NulError};
 use std::fmt::Debug;
 use std::ptr::null;
 use std::{io, result};
 
+use libfdt_bindings::*;
+
 use super::super::DeviceType;
 use super::super::InitrdConfig;
 use super::cache_info::{read_cache_config, CacheEntry};
@@ -45,21 +47,6 @@ const GIC_FDT_IRQ_TYPE_PPI: u32 = 1;
 const IRQ_TYPE_EDGE_RISING: u32 = 1;
 const IRQ_TYPE_LEVEL_HI: u32 = 4;
 
-// This links to libfdt which handles the creation of the binary blob
-// flattened device tree (fdt) that is passed to the kernel and indicates
-// the hardware configuration of the machine.
-extern "C" {
-    fn fdt_create(buf: *mut c_void, bufsize: c_int) -> c_int;
-    fn fdt_finish_reservemap(fdt: *mut c_void) -> c_int;
-    fn fdt_begin_node(fdt: *mut c_void, name: *const c_char) -> c_int;
-    fn fdt_property(fdt: *mut c_void, name: *const c_char, val: *const c_void, len: c_int)
-        -> c_int;
-    fn fdt_end_node(fdt: *mut c_void) -> c_int;
-    fn fdt_open_into(fdt: *const c_void, buf: *mut c_void, bufsize: c_int) -> c_int;
-    fn fdt_finish(fdt: *const c_void) -> c_int;
-    fn fdt_pack(fdt: *mut c_void) -> c_int;
-}
-
 /// Trait for devices to be added to the Flattened Device Tree.
 pub trait DeviceInfoForFDT {
     /// Returns the address where this device will be loaded.

src/libfdt-bindings/Cargo.toml

@@ -0,0 +1,9 @@
+[package]
+name = "libfdt-bindings"
+version = "0.1.0"
+authors = ["Amazon Firecracker team <[email protected]>"]
+edition = "2018"
+build = "build.rs"
+
+[target.'cfg(target_arch="aarch64")'.dependencies]
+libc = ">=0.2.39"

src/libfdt-bindings/build.rs

@@ -0,0 +1,47 @@
+// Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+use std::process::Command;
+
+/// Get the ld linker search paths
+///
+/// Cargo overwrites LD_LIBRARY_PATH with rust specific paths. But we need the default system
+/// paths in order to find libfdt. So we query `ld` in order to get them.
+fn get_ld_search_dirs() -> Vec<String> {
+    // We need to extract from `ld --verbose` all the search paths.
+    // For example `ld --verbose | grep SEARCH_DIR | tr -s ' ;' '\n'` returns the following:
+    // ```
+    // SEARCH_DIR("=/usr/local/lib/aarch64-linux-gnu")
+    // SEARCH_DIR("=/lib/aarch64-linux-gnu")
+    // SEARCH_DIR("=/usr/lib/aarch64-linux-gnu")
+    // SEARCH_DIR("=/usr/local/lib")
+    // SEARCH_DIR("=/lib")
+    // SEARCH_DIR("=/usr/lib")
+    // SEARCH_DIR("=/usr/aarch64-linux-gnu/lib")
+    // ```
+    let cmd = r#"
+        ld --verbose | grep -oP '(?<=SEARCH_DIR\(\"=)[^"]+(?=\"\);)'
+    "#;
+
+    Command::new("sh")
+        .arg("-c")
+        .arg(cmd)
+        .output()
+        .ok()
+        .and_then(|output| {
+            if output.status.success() {
+                return Some(output.stdout);
+            }
+            None
+        })
+        .and_then(|stdout_bytes| String::from_utf8(stdout_bytes).ok())
+        .map_or(vec![], |stdout| {
+            stdout.lines().map(|item| item.to_string()).collect()
+        })
+}
+
+fn main() {
+    for ld_search_dir in get_ld_search_dirs() {
+        println!("cargo:rustc-link-search=native={}", ld_search_dir);
+    }
+}

src/libfdt-bindings/src/lib.rs

@@ -0,0 +1,26 @@
+// Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+#[cfg(target_arch = "aarch64")]
+use libc::{c_char, c_int, c_void};
+
+// This links to libfdt which handles the creation of the binary blob
+// flattened device tree (fdt) that is passed to the kernel and indicates
+// the hardware configuration of the machine.
+#[cfg(target_arch = "aarch64")]
+#[link(name = "fdt", kind = "static")]
+extern "C" {
+    pub fn fdt_create(buf: *mut c_void, bufsize: c_int) -> c_int;
+    pub fn fdt_finish_reservemap(fdt: *mut c_void) -> c_int;
+    pub fn fdt_begin_node(fdt: *mut c_void, name: *const c_char) -> c_int;
+    pub fn fdt_property(
+        fdt: *mut c_void,
+        name: *const c_char,
+        val: *const c_void,
+        len: c_int,
+    ) -> c_int;
+    pub fn fdt_end_node(fdt: *mut c_void) -> c_int;
+    pub fn fdt_open_into(fdt: *const c_void, buf: *mut c_void, bufsize: c_int) -> c_int;
+    pub fn fdt_finish(fdt: *const c_void) -> c_int;
+    pub fn fdt_pack(fdt: *mut c_void) -> c_int;
+}

tests/integration_tests/build/test_coverage.py

@@ -24,7 +24,7 @@
 # this contains the frequency while on AMD it does not.
 # Checkout the cpuid crate. In the future other
 # differences may appear.
-COVERAGE_DICT = {"Intel": 85.15, "AMD": 84.52, "ARM": 83.36}
+COVERAGE_DICT = {"Intel": 85.15, "AMD": 84.52, "ARM": 83.46}
 
 PROC_MODEL = proc.proc_type()
 

tests/integration_tests/performance/test_process_startup_time.py

@@ -10,7 +10,7 @@
 import host_tools.logging as log_tools
 from host_tools.cargo_build import run_seccompiler
 
-MAX_STARTUP_TIME_CPU_US = {'x86_64': 5500, 'aarch64': 3200}
+MAX_STARTUP_TIME_CPU_US = {'x86_64': 5500, 'aarch64': 2900}
 """ The maximum acceptable startup time in CPU us. """
 # TODO: Keep a `current` startup time in S3 and validate we don't regress
 

tools/devctr/Dockerfile.aarch64

@@ -38,6 +38,7 @@ RUN apt-get update \
         libbfd-dev \
         libcurl4-openssl-dev \
         libdw-dev \
+        libfdt-dev \
         libiberty-dev \
         libssl-dev \
         lsof \
@@ -60,20 +61,6 @@ RUN apt-get update \
     && python3 -m pip install --upgrade pip \ 
     && rm -rf /var/lib/apt/lists/*
 
-# We need to build libfdt-dev using -fno-stack-protector
-# See https://github.com/rust-lang/rust/issues/79791
-RUN mkdir "$TMP_BUILD_DIR" \
-    && sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list \
-    && apt update \
-    && apt -y install build-essential fakeroot dpkg-dev \
-    && apt source libfdt-dev \
-    && apt -y build-dep libfdt-dev \
-    && cd device-tree-compiler-1.4.5 \
-    && echo "CFLAGS += -fno-stack-protector" >> libfdt/Makefile.libfdt \
-    && dpkg-buildpackage -uc -us -b \
-    && dpkg -i ../libfdt1_1.4.5-3_arm64.deb ../libfdt-dev_1.4.5-3_arm64.deb \
-    && rm -rf "$TMP_BUILD_DIR"
-
 RUN python3 -m pip install poetry
 RUN mkdir "$TMP_POETRY_DIR"
 COPY tools/devctr/pyproject.toml $POETRY_LOCK_PATH "$TMP_POETRY_DIR/"

tools/devtool

@@ -72,7 +72,7 @@
 DEVCTR_IMAGE_NO_TAG="public.ecr.aws/firecracker/fcuvm"
 
 # Development container tag
-DEVCTR_IMAGE_TAG="v29"
+DEVCTR_IMAGE_TAG="v30"
 
 # Development container image (name:tag)
 # This should be updated whenever we upgrade the development container.