diff --git a/images/Dockerfile.bottlecap.alpine.compile b/images/Dockerfile.bottlecap.alpine.compile index 9858c5662..fc8a4f742 100644 --- a/images/Dockerfile.bottlecap.alpine.compile +++ b/images/Dockerfile.bottlecap.alpine.compile @@ -38,10 +38,15 @@ RUN --mount=type=cache,target=/root/.cargo/git \ else \ export FEATURES=default; \ fi; \ + # Tune codegen for the known Lambda CPUs: arm64 is Graviton2 (neoverse-n1), + # x86_64 uses the universally-safe x86-64-v2 baseline (NOT v3, which risks SIGILL). + if [ "${PLATFORM}" = "aarch64" ]; then TARGET_CPU="neoverse-n1"; else TARGET_CPU="x86-64-v2"; fi; \ if [ "${PLATFORM}" = "x86_64" ]; then \ # The `libddwaf` crate links against static objects that require `libclang_rt.builtins`, but # this is not presented to the linker by default on this platform, so we force it in. - export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m)"; \ + export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m) -Ctarget-cpu=${TARGET_CPU}"; \ + else \ + export RUSTFLAGS="${RUSTFLAGS:-} -Ctarget-cpu=${TARGET_CPU}"; \ fi; \ # We use a wrapper to allow `libddwaf-sys`' build.rs to be compiled with # -Ctarget-feature=-crt-static so that it is capable of dynamically loading diff --git a/images/Dockerfile.bottlecap.compile b/images/Dockerfile.bottlecap.compile index 12a23f64b..d297c9eee 100644 --- a/images/Dockerfile.bottlecap.compile +++ b/images/Dockerfile.bottlecap.compile @@ -43,9 +43,12 @@ RUN --mount=type=cache,target=/usr/local/cargo/git \ export BUILD_MODE=debug; \ export BUILD_FLAG=""; \ fi; \ + # Tune codegen for the known Lambda CPUs: arm64 is Graviton2 (neoverse-n1), + # x86_64 uses the universally-safe x86-64-v2 baseline (NOT v3, which risks SIGILL). + if [ "${PLATFORM}" = "aarch64" ]; then TARGET_CPU="neoverse-n1"; else TARGET_CPU="x86-64-v2"; fi; \ # The `libddwaf` crate links against static objects that require `libclang_rt.builtins`, but # this is not presented to the linker by default on this platform, so we force it in. - export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m)"; \ + export RUSTFLAGS="${RUSTFLAGS:-} -Clinker=clang -L$(dirname $(clang --print-file-name="libclang_rt.builtins-$(uname -m).a")) -lclang_rt.builtins-$(uname -m) -Ctarget-cpu=${TARGET_CPU}"; \ cargo +stable build --verbose --locked --no-default-features --features="${FEATURES}" ${BUILD_FLAG} && \ mkdir -p /tmp/out && cp "/tmp/dd/bottlecap/target/${BUILD_MODE}/bottlecap" /tmp/out/bottlecap