fix(build): force true static linking for guest binary#414
Open
DorianZheng wants to merge 1 commit intomainfrom
Open
fix(build): force true static linking for guest binary#414DorianZheng wants to merge 1 commit intomainfrom
DorianZheng wants to merge 1 commit intomainfrom
Conversation
…-PIE The v0.7.5 guest binary was built as static-PIE (ET_DYN) instead of true static (ET_EXEC). Static-PIE binaries fail silently inside the VM because libkrunfw's kernel has CONFIG_RANDOMIZE_BASE disabled — the ELF loader can't handle ET_DYN without ASLR, causing the guest to exit immediately with vCPU exit code 0 and empty console output. Root cause: .cargo/config.toml was missing `-C link-arg=-static` and `linker` specification. Without `-static`, musl-gcc produces static-PIE which passed the old build check (grepped for "dynamically linked") but crashed in the VM. Changes: - .cargo/config.toml: add linker + `-C link-arg=-static` (syncs with guest/.cargo/config.toml) - build-guest.sh: check for "statically linked" instead of rejecting "dynamically linked" — catches static-PIE - build-shim.sh: add static linking verification on Linux - build-runtime.sh: add final gate check before packaging - setup-manylinux.sh: add sudo support, handle package conflicts (curl-minimal), optional GPU packages, add patchelf - setup-musllinux.sh: add patchelf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
setup-manylinux.shfor Amazon Linux 2023 compatibilityRoot Cause
libkrunfw's kernel has
CONFIG_RANDOMIZE_BASEdisabled. Without ASLR, the kernel's ELF loader can't properly handle static-PIE (ET_DYN) executables — the guest exits immediately with vCPU exit code 0 and empty console output.The root
.cargo/config.tomlwas missing-C link-arg=-staticandlinkerspecification. Without-static, musl-gcc produces static-PIE which passed the old build check (grepped for"dynamically linked") but crashed in the VM.Changes
.cargo/config.tomllinker+-C link-arg=-static(root cause fix)build-guest.sh"statically linked"instead of rejecting"dynamically linked"build-shim.shbuild-runtime.shsetup-manylinux.shsetup-musllinux.shTest plan
make guestwith fixed config →statically linked(ET_EXEC)make guestwith original config → caught by strengthened checkELF shared object, static-pie linked)maturin developrebuild (requires EC2 with all deps)