loader: replace version check with SHA-256 hash verification#534
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: a9b670ac18
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
c5c351a to
b5f0e07
Compare
r1viollet
left a comment
There was a problem hiding this comment.
LGTM
The sha256 is a better strategy, thanks
b078ada to
b799fc9
Compare
Verify the installed libdd_profiling-embedded.so by computing its SHA-256 on disk and comparing against the build-time hash, before calling dlopen. This avoids loading a library that cannot be safely unloaded on mismatch. The build system now hashes the .so directly (instead of the .o wrapper), so the same hash serves as both the temp-file cache key and the installed-lib verification digest. The ddprof_profiling_version symbol and the version-check infrastructure are removed — the hash check is strictly stronger and does not require dlopen. SHA-256 implementation lives in src/lib/sha256.c. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
The loader tries dlopen("libdd_profiling-embedded.so") before falling
back to extracting the embedded copy to /tmp. But the embedded library
was never included in the install targets, so the dlopen always fails.
The /tmp copy of ddprof lacks file capabilities (CAP_PERFMON), which
causes perf_event_open to fail with EPERM.
Add dd_profiling-embedded to the install targets when USE_LOADER is ON
so the loader finds it via standard dlopen and never falls back to /tmp.
Upstream: #535
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>
b799fc9 to
50a8886
Compare
Edit: The issue was on our side (you can not strip the libs), sorry for the false positive! |
|
@r1viollet @nsavoire The latest RC appears to work well, we're looking forward for the release!
|

What does this PR do?
Verify the installed libdd_profiling-embedded.so by computing its SHA-256 on disk and comparing against the build-time hash, before calling dlopen. This avoids loading a library that cannot be safely unloaded on mismatch.
The build system now hashes the .so directly (instead of the .o wrapper), so the same hash serves as both the temp-file cache key and the installed-lib verification digest.
The ddprof_profiling_version symbol and the version-check infrastructure are removed — the hash check is strictly stronger and does not require dlopen.
SHA-256 implementation lives in src/lib/sha256.c.