Skip to content

build: add -mbranch-protection=bti (aarch64) to hardening flags #28459

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 13, 2023
Merged

build: add -mbranch-protection=bti (aarch64) to hardening flags #28459

merged 1 commit into from
Oct 13, 2023

Conversation

fanquake
Copy link
Member

@fanquake fanquake commented Sep 12, 2023
edited
Loading

This is a simpler (less hardening) version of #24123.

You can inspect binaries using readelf -n, and look for BTI in a .note.gnu.property. i.e

readelf -n src/bitcoin-cli

Displaying notes found in: .note.gnu.property
  Owner                Data size 	Description
  GNU                  0x00000010	NT_GNU_PROPERTY_TYPE_0
      Properties: AArch64 feature: BTI

Related to #19075.

@DrahtBot
Copy link
Contributor

DrahtBot commented Sep 12, 2023
edited
Loading

The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.

Code Coverage

For detailed information about the code coverage, see the test coverage report.

Reviews

See the guideline for information on the review process.

Type Reviewers
ACK TheCharlatan
Concept ACK theuni

If your review is incorrectly listed, please react with 👎 to this comment and the bot will ignore it on the next update.

Conflicts

Reviewers, this pull request conflicts with the following ones:

  • #24123 (build: Pointer Authentication and Branch Target Identification for aarch64 Linux (Guix) by fanquake)

If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.

@hebasto
Copy link
Member

hebasto commented Sep 12, 2023

Is there a way to check the resulted binaries that the applied flag actually has effect?

@theuni
Copy link
Member

theuni commented Sep 20, 2023

Concept ACK.

Discussed briefly with @TheCharlatan this morning.

Is there a way to check the resulted binaries that the applied flag actually has effect?

From lwn "The idea is simple enough: if BTI is enabled, the first instruction encountered after an indirect jump must be a special BTI instruction."

Sounds like it should be testable with an asm dump.

theuni
theuni reviewed Sep 20, 2023
View reviewed changes
@fanquake
Copy link
Member Author

fanquake commented Oct 2, 2023

Not a requirement for us to add a test (we can just inspect any values directly), but I've opened an issue upstream with LIEF, for slightly improved support for these aarch64 note properties: lief-project/LIEF#975.

@fanquake fanquake force-pushed the mbranch_protection_arm_darwin branch from 3045d0a to 8f48576 Compare October 2, 2023 14:41
@fanquake fanquake mentioned this pull request Oct 2, 2023
Draft
@fanquake fanquake changed the title build: use -mbranch-protection=bti for aarch64 Darwin build: add -mbranch-protection=bti (aarch64) to hardening flags Oct 2, 2023
@DrahtBot DrahtBot changed the title build: add -mbranch-protection=bti (aarch64) to hardening flags build: add -mbranch-protection=bti (aarch64) to hardening flags Oct 2, 2023
@fanquake fanquake force-pushed the mbranch_protection_arm_darwin branch from 8f48576 to fd5f9cb Compare October 3, 2023 14:18
@DrahtBot DrahtBot removed the CI failed label Oct 4, 2023
@fanquake
build: add -mbranch-protection=bti to aarch64 hardening flags
61a6c3b 
This is a simpler (less hardening) version of bitcoin#24123.
Scoped to aarch64 to avoid unused command line option warnings when
building on x86_64.

Related to bitcoin#19075.
@fanquake fanquake force-pushed the mbranch_protection_arm_darwin branch from fd5f9cb to 61a6c3b Compare October 10, 2023 13:26
@TheCharlatan
Copy link
Contributor

utACK 61a6c3b

@DrahtBot DrahtBot requested a review from theuni October 11, 2023 06:04
@DrahtBot
Copy link
Contributor

Guix builds (on x86_64)

File commit 5ea4fc0
(master)		 commit 2f47e4b
(master and this pull)
SHA256SUMS.part 9e414fa3fcfbf69b... ce0493193c93ceb8...
*-aarch64-linux-gnu-debug.tar.gz 678a4f51701b0dcb... 5e4edfcd56f0387a...
*-aarch64-linux-gnu.tar.gz 8b8fb213d6295826... 7626b516d34872a0...
*-arm-linux-gnueabihf-debug.tar.gz e2f17be180a849e0... 75803d2242f6d9f6...
*-arm-linux-gnueabihf.tar.gz 8a8f89187a847fbc... 760f252fae200dfc...
*-arm64-apple-darwin-unsigned.tar.gz 55c07744de289fb7... b929dc4af5dd7ba7...
*-arm64-apple-darwin-unsigned.zip c2e8de9de5ca3cab... 05721c1ddb13af37...
*-arm64-apple-darwin.tar.gz 96bfc0b539f822f0... aaa84cb191c609fd...
*-powerpc64-linux-gnu-debug.tar.gz 27f9358d52b0791e... 02672876ed1c676c...
*-powerpc64-linux-gnu.tar.gz 4e7fc80c1d8dcd0a... 8fcdab431b6c074c...
*-powerpc64le-linux-gnu-debug.tar.gz 279fc366e2931f52... 059235db996d4462...
*-powerpc64le-linux-gnu.tar.gz 423a842b5f85fd0a... 06cdb471651ebd9d...
*-riscv64-linux-gnu-debug.tar.gz 24fdf0e6bba9507e... 3e7d82fc3b2d85a5...
*-riscv64-linux-gnu.tar.gz 1ed9857146d3d647... 784855f78c2eec05...
*-x86_64-apple-darwin-unsigned.tar.gz 81ed652689984537... 5e9d4bf9ad54399e...
*-x86_64-apple-darwin-unsigned.zip 8d92309d4168be7c... 0e6e2afd5f25f50d...
*-x86_64-apple-darwin.tar.gz 3e7fd2d25b9a304c... ded97fa2c75d7e3d...
*-x86_64-linux-gnu-debug.tar.gz 1b44881dee619d6a... 076eda855f5057a7...
*-x86_64-linux-gnu.tar.gz ffc9c467e80de39c... 6d0c89dacc1ec314...
*.tar.gz 449eaff6b27defe2... e4d67365b4224b02...
guix_build.log b7c82409d92aeef1... f1b7b82ee04f1168...
guix_build.log.diff dcda9f385757557b...

@fanquake fanquake merged commit 9e068f9 into bitcoin:master Oct 13, 2023
@fanquake fanquake deleted the mbranch_protection_arm_darwin branch October 13, 2023 09:09
Frank-GER pushed a commit to syscoin/syscoin that referenced this pull request Oct 13, 2023
@fanquake
Merge bitcoin#28459: build: add -mbranch-protection=bti (aarch64) t…
ed1be98 
…o hardening flags

61a6c3b build: add `-mbranch-protection=bti` to aarch64 hardening flags (fanquake)

Pull request description:

  This is a simpler (less hardening) version of bitcoin#24123.

  You can inspect binaries using `readelf -n`, and look for BTI in a `.note.gnu.property`. i.e
  ```bash
  readelf -n src/bitcoin-cli

  Displaying notes found in: .note.gnu.property
    Owner                Data size Description
    GNU                  0x00000010NT_GNU_PROPERTY_TYPE_0
        Properties: AArch64 feature: BTI
  ```

  Related to bitcoin#19075.

ACKs for top commit:
  TheCharlatan:
    utACK 61a6c3b

Tree-SHA512: 64504de44e91d853165daf4111dca905d8eb9ef3f4bfb0d447c677b02c9100dbd56f13e6fe6539fb06c2343a094229591ac5d1bd9e184b32b512c0ac3f9bac36
@fanquake fanquake mentioned this pull request Jan 3, 2024
Merged
fanquake added a commit that referenced this pull request Jan 16, 2024
@fanquake
Merge #29170: contrib: add macho branch protection check
f1fcc96 
5335e45 contrib: add macho branch protection check (fanquake)

Pull request description:

  Followup to #28459. Add a sanity check that `bti` instructions are present in the arm macho binary, similar to our x86_64 check for control flow.

  Could do something similar for aarch64 linux in future, and maybe could use lief-project/LIEF#975.

ACKs for top commit:
  TheCharlatan:
    ACK 5335e45

Tree-SHA512: 6cc8721209fe07fe07f0524ef6f114004e2b98844f73d31ff16547f7055c7cb4a5609480058c45ede21b457b2dea5357f1475eaa5063ea1f9772aa260f49039b
@bitcoin bitcoin locked and limited conversation to collaborators Oct 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@theuni theuni Awaiting requested review from theuni

Assignees
No one assigned
Labels
Build system
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@fanquake @DrahtBot @hebasto @theuni @TheCharlatan