build: add -mbranch-protection=bti (aarch64) to hardening flags #28459

pull fanquake wants to merge 1 commits into bitcoin:master from fanquake:mbranch_protection_arm_darwin changing 1 files +5 −0
  1. fanquake commented at 1:32 pm on September 12, 2023: member

    This is a simpler (less hardening) version of #24123.

    You can inspect binaries using readelf -n, and look for BTI in a .note.gnu.property. i.e

    0readelf -n src/bitcoin-cli
1
2Displaying notes found in: .note.gnu.property
3  Owner                Data size 	Description
4  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
5      Properties: AArch64 feature: BTI

    Related to #19075.

  2. DrahtBot commented at 1:32 pm on September 12, 2023: contributor

    The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

    Code Coverage

    For detailed information about the code coverage, see the test coverage report.

    Reviews

    See the guideline for information on the review process.

    Type Reviewers
    ACK TheCharlatan
    Concept ACK theuni

    If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

    Conflicts

    Reviewers, this pull request conflicts with the following ones:

    • #24123 (build: Pointer Authentication and Branch Target Identification for aarch64 Linux (Guix) by fanquake)

    If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

  3. DrahtBot added the label Build system on Sep 12, 2023
  4. hebasto commented at 2:35 pm on September 12, 2023: member
    Is there a way to check the resulted binaries that the applied flag actually has effect?
  5. theuni commented at 10:39 am on September 20, 2023: member

    Concept ACK.

    Discussed briefly with @TheCharlatan this morning.

    Is there a way to check the resulted binaries that the applied flag actually has effect?

    From lwn “The idea is simple enough: if BTI is enabled, the first instruction encountered after an indirect jump must be a special BTI instruction.”

    Sounds like it should be testable with an asm dump.

  6. in configure.ac:969 in 3045d0a063 outdated 
    964@@ -965,6 +965,11 @@ if test "$use_hardening" != "no"; then
965       ;;
966   esac
967 
968+  case $host in
969+    *aarch64-apple*)
970+      AX_CHECK_COMPILE_FLAG([-mbranch-protection=bti], [HARDENED_CXXFLAGS="$HARDENED_CXXFLAGS -mbranch-protection=bti"])
    theuni commented at 10:41 am on September 20, 2023:

    Why constrain this to apple?

    Can we move it up above and just let it fail when unsupported? According to the link above “That instruction is a no-op on systems without BTI”.

    fanquake commented at 2:39 pm on October 2, 2023:
    Yea, I think we can just add this. Unlike #24123 (which also does pointer auth), we shouldn’t have to worry about additional build issues/warnings here, and can just let configure decide wether to try and use it or not. Although, I’m not sure we’ll be able to test for this (in release builds) yet, without additional changes. I’ll simplify the changes here now in any case.
    fanquake commented at 3:09 pm on October 2, 2023:

    Why constrain this to apple?

    Not to apple, but I guess one reason to scope this (to aarch64) would be to avoid Wunused-command-line-argument warnings on x86_64. Which now appear in the CI (https://github.com/bitcoin/bitcoin/actions/runs/6381638188/job/17318511090?pr=28459#step:7:1979):

    0   CXX      libbitcoin_node_a-deploymentstatus.o
1clang: error: argument unused during compilation: '-mbranch-protection=bti' [-Werror,-Wunused-command-line-argument]
    fanquake commented at 2:18 pm on October 3, 2023:
    Scoped this back to aarch64.
    theuni commented at 5:04 pm on October 10, 2023:
    Blah, agreed.
  7. DrahtBot added the label CI failed on Sep 24, 2023
  8. DrahtBot removed the label CI failed on Sep 27, 2023
  9. fanquake commented at 2:39 pm on October 2, 2023: member
    Not a requirement for us to add a test (we can just inspect any values directly), but I’ve opened an issue upstream with LIEF, for slightly improved support for these aarch64 note properties: https://github.com/lief-project/LIEF/issues/975.
  10. fanquake force-pushed on Oct 2, 2023
  11. fanquake renamed this:
    build: use `-mbranch-protection=bti` for aarch64 Darwin
    build: add `-mbranch-protection=bti` (aarch64) to hardening flags
    on Oct 2, 2023
  12. DrahtBot renamed this:
    build: add `-mbranch-protection=bti` (aarch64) to hardening flags
    build: add `-mbranch-protection=bti` (aarch64) to hardening flags
    on Oct 2, 2023
  13. DrahtBot added the label CI failed on Oct 2, 2023
  14. fanquake force-pushed on Oct 3, 2023
  15. DrahtBot removed the label CI failed on Oct 4, 2023
  16. build: add `-mbranch-protection=bti` to aarch64 hardening flags 
    This is a simpler (less hardening) version of #24123.
Scoped to aarch64 to avoid unused command line option warnings when
building on x86_64.

Related to #19075.
    61a6c3b0e9
  17. fanquake force-pushed on Oct 10, 2023
  18. TheCharlatan commented at 6:04 am on October 11, 2023: contributor
    utACK 61a6c3b0e9a8dab5c5f845af4becde817539133c
  19. DrahtBot requested review from theuni on Oct 11, 2023
  20. fanquake added the label DrahtBot Guix build requested on Oct 12, 2023
  21. DrahtBot commented at 8:47 pm on October 12, 2023: contributor

    Guix builds (on x86_64)

    File commit 5ea4fc05edde66c5c90383bc054590dfbdb2b645(master) commit 2f47e4bcf3b2b0a795c9605b3d6ece93083fde3c(master and this pull)
    SHA256SUMS.part 9e414fa3fcfbf69b... ce0493193c93ceb8...
    *-aarch64-linux-gnu-debug.tar.gz 678a4f51701b0dcb... 5e4edfcd56f0387a...
    *-aarch64-linux-gnu.tar.gz 8b8fb213d6295826... 7626b516d34872a0...
    *-arm-linux-gnueabihf-debug.tar.gz e2f17be180a849e0... 75803d2242f6d9f6...
    *-arm-linux-gnueabihf.tar.gz 8a8f89187a847fbc... 760f252fae200dfc...
    *-arm64-apple-darwin-unsigned.tar.gz 55c07744de289fb7... b929dc4af5dd7ba7...
    *-arm64-apple-darwin-unsigned.zip c2e8de9de5ca3cab... 05721c1ddb13af37...
    *-arm64-apple-darwin.tar.gz 96bfc0b539f822f0... aaa84cb191c609fd...
    *-powerpc64-linux-gnu-debug.tar.gz 27f9358d52b0791e... 02672876ed1c676c...
    *-powerpc64-linux-gnu.tar.gz 4e7fc80c1d8dcd0a... 8fcdab431b6c074c...
    *-powerpc64le-linux-gnu-debug.tar.gz 279fc366e2931f52... 059235db996d4462...
    *-powerpc64le-linux-gnu.tar.gz 423a842b5f85fd0a... 06cdb471651ebd9d...
    *-riscv64-linux-gnu-debug.tar.gz 24fdf0e6bba9507e... 3e7d82fc3b2d85a5...
    *-riscv64-linux-gnu.tar.gz 1ed9857146d3d647... 784855f78c2eec05...
    *-x86_64-apple-darwin-unsigned.tar.gz 81ed652689984537... 5e9d4bf9ad54399e...
    *-x86_64-apple-darwin-unsigned.zip 8d92309d4168be7c... 0e6e2afd5f25f50d...
    *-x86_64-apple-darwin.tar.gz 3e7fd2d25b9a304c... ded97fa2c75d7e3d...
    *-x86_64-linux-gnu-debug.tar.gz 1b44881dee619d6a... 076eda855f5057a7...
    *-x86_64-linux-gnu.tar.gz ffc9c467e80de39c... 6d0c89dacc1ec314...
    *.tar.gz 449eaff6b27defe2... e4d67365b4224b02...
    guix_build.log b7c82409d92aeef1... f1b7b82ee04f1168...
    guix_build.log.diff dcda9f385757557b...
  22. DrahtBot removed the label DrahtBot Guix build requested on Oct 12, 2023
  23. fanquake merged this on Oct 13, 2023
  24. fanquake closed this on Oct 13, 2023
  25. fanquake deleted the branch on Oct 13, 2023
  26. Frank-GER referenced this in commit ed1be98396 on Oct 13, 2023
  27. fanquake referenced this in commit f1fcc9638c on Jan 16, 2024
  28. bitcoin locked this on Oct 12, 2024


fanquake DrahtBot hebasto theuni TheCharlatan


theuni

Labels
Build system

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-12-22 03:12 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me