Differential D14013

build: add -fstack-clash-protection to hardening flags
ClosedPublic
Actions

Authored by PiRK on Jun 8 2023, 06:34.

Details

Reviewers

Fabien

Group Reviewers

Restricted Project

Commits

rABCcde09d204c3f: build: add -fstack-clash-protection to hardening flags

Summary

This option causes the compiler to insert probes whenever stack space
is allocated statically or dynamically to reliably detect stack overflows
and thus mitigate the attack vector that relies on jumping over a stack
guard page as provided by the operating system.

This option is now enabled by default in Ubuntu GCC as of 19.10.

Available in GCC 8 and Clang 11.

This concludes backport of core#18921
https://github.com/bitcoin/bitcoin/pull/18921/commits/b536813cefc13f5c54a28a7c2fce8c69e89d6624

Depends on D14008

Test Plan

gitian builds and guix build

Diff Detail

Repository

rABC Bitcoin ABC

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

PiRK created this revision.Jun 8 2023, 06:34

Herald added a reviewer: Restricted Project. · View Herald TranscriptJun 8 2023, 06:34

PiRK requested review of this revision.Jun 8 2023, 06:34

teamcity edited the summary of this revision. (Show Details)Jun 8 2023, 06:34

@bot gitian-osx gitian-linux gitian-win

teamcity awarded a token.Jun 8 2023, 06:35

Harbormaster completed remote builds in B23945: Diff 40656.Jun 8 2023, 06:51

Build Bitcoin ABC Diffs / Diff Testing (gitian-win) failed.

Tail of the build log:

 * [new tag]             phabricator/diff/40554 -> phabricator/diff/40554
 * [new tag]             phabricator/diff/40558 -> phabricator/diff/40558
 * [new tag]             phabricator/diff/40559 -> phabricator/diff/40559
 * [new tag]             phabricator/diff/40560 -> phabricator/diff/40560
 * [new tag]             phabricator/diff/40561 -> phabricator/diff/40561
 * [new tag]             phabricator/diff/40562 -> phabricator/diff/40562
 * [new tag]             phabricator/diff/40563 -> phabricator/diff/40563
 * [new tag]             phabricator/diff/40564 -> phabricator/diff/40564
 * [new tag]             phabricator/diff/40578 -> phabricator/diff/40578
 * [new tag]             phabricator/diff/40579 -> phabricator/diff/40579
 * [new tag]             phabricator/diff/40580 -> phabricator/diff/40580
 * [new tag]             phabricator/diff/40581 -> phabricator/diff/40581
 * [new tag]             phabricator/diff/40582 -> phabricator/diff/40582
 * [new tag]             phabricator/diff/40583 -> phabricator/diff/40583
 * [new tag]             phabricator/diff/40584 -> phabricator/diff/40584
 * [new tag]             phabricator/diff/40590 -> phabricator/diff/40590
 * [new tag]             phabricator/diff/40591 -> phabricator/diff/40591
 * [new tag]             phabricator/diff/40594 -> phabricator/diff/40594
 * [new tag]             phabricator/diff/40597 -> phabricator/diff/40597
 * [new tag]             phabricator/diff/40599 -> phabricator/diff/40599
 * [new tag]             phabricator/diff/40600 -> phabricator/diff/40600
 * [new tag]             phabricator/diff/40603 -> phabricator/diff/40603
 * [new tag]             phabricator/diff/40604 -> phabricator/diff/40604
 * [new tag]             phabricator/diff/40605 -> phabricator/diff/40605
 * [new tag]             phabricator/diff/40612 -> phabricator/diff/40612
 * [new tag]             phabricator/diff/40635 -> phabricator/diff/40635
 * [new tag]             phabricator/diff/40637 -> phabricator/diff/40637
 * [new tag]             phabricator/diff/40639 -> phabricator/diff/40639
 * [new tag]             phabricator/diff/40641 -> phabricator/diff/40641
 * [new tag]             phabricator/diff/40642 -> phabricator/diff/40642
 * [new tag]             phabricator/diff/40644 -> phabricator/diff/40644
 * [new tag]             phabricator/diff/40645 -> phabricator/diff/40645
 * [new tag]             phabricator/diff/40655 -> phabricator/diff/40655
 * [new tag]             phabricator/diff/40656 -> phabricator/diff/40656
 * [new tag]             phabricator/diff/40657 -> phabricator/diff/40657
 * [new tag]             phabricator/diff/8992  -> phabricator/diff/8992
 * [new tag]             phabricator/diff/8993  -> phabricator/diff/8993
 * [new branch]          master                 -> master
--- Building for bullseye amd64 ---
Stopping target if it is up
Error response from daemon: No such container: gitian-target
Error: No such container: gitian-target
Making a new image copy
Starting target
Checking if target is up.
Preparing build environment
Updating apt-get repository (log in var/install.log)
Installing additional packages (log in var/install.log)
Upgrading system, may take a while (log in var/install.log)
Creating package manifest
Creating build script (var/build-script)
Running build script (log in var/build.log)
./bin/gbuild:23:in `system!': failed to run on-target setarch x86_64 bash -x < var/build-script > var/build.log 2>&1 (RuntimeError)
	from ./bin/gbuild:185:in `build_one_configuration'
	from ./bin/gbuild:339:in `block (2 levels) in <main>'
	from ./bin/gbuild:334:in `each'
	from ./bin/gbuild:334:in `block in <main>'
	from ./bin/gbuild:332:in `each'
	from ./bin/gbuild:332:in `<main>'
Build gitian-win failed with exit code 1

Build Bitcoin ABC Diffs / Diff Testing (gitian-linux) failed.

Tail of the build log:

 * [new tag]             phabricator/diff/40551 -> phabricator/diff/40551
 * [new tag]             phabricator/diff/40552 -> phabricator/diff/40552
 * [new tag]             phabricator/diff/40559 -> phabricator/diff/40559
 * [new tag]             phabricator/diff/40560 -> phabricator/diff/40560
 * [new tag]             phabricator/diff/40561 -> phabricator/diff/40561
 * [new tag]             phabricator/diff/40562 -> phabricator/diff/40562
 * [new tag]             phabricator/diff/40563 -> phabricator/diff/40563
 * [new tag]             phabricator/diff/40564 -> phabricator/diff/40564
 * [new tag]             phabricator/diff/40578 -> phabricator/diff/40578
 * [new tag]             phabricator/diff/40579 -> phabricator/diff/40579
 * [new tag]             phabricator/diff/40580 -> phabricator/diff/40580
 * [new tag]             phabricator/diff/40581 -> phabricator/diff/40581
 * [new tag]             phabricator/diff/40583 -> phabricator/diff/40583
 * [new tag]             phabricator/diff/40585 -> phabricator/diff/40585
 * [new tag]             phabricator/diff/40589 -> phabricator/diff/40589
 * [new tag]             phabricator/diff/40590 -> phabricator/diff/40590
 * [new tag]             phabricator/diff/40591 -> phabricator/diff/40591
 * [new tag]             phabricator/diff/40594 -> phabricator/diff/40594
 * [new tag]             phabricator/diff/40595 -> phabricator/diff/40595
 * [new tag]             phabricator/diff/40597 -> phabricator/diff/40597
 * [new tag]             phabricator/diff/40598 -> phabricator/diff/40598
 * [new tag]             phabricator/diff/40599 -> phabricator/diff/40599
 * [new tag]             phabricator/diff/40603 -> phabricator/diff/40603
 * [new tag]             phabricator/diff/40604 -> phabricator/diff/40604
 * [new tag]             phabricator/diff/40606 -> phabricator/diff/40606
 * [new tag]             phabricator/diff/40618 -> phabricator/diff/40618
 * [new tag]             phabricator/diff/40635 -> phabricator/diff/40635
 * [new tag]             phabricator/diff/40636 -> phabricator/diff/40636
 * [new tag]             phabricator/diff/40637 -> phabricator/diff/40637
 * [new tag]             phabricator/diff/40640 -> phabricator/diff/40640
 * [new tag]             phabricator/diff/40641 -> phabricator/diff/40641
 * [new tag]             phabricator/diff/40642 -> phabricator/diff/40642
 * [new tag]             phabricator/diff/40655 -> phabricator/diff/40655
 * [new tag]             phabricator/diff/40656 -> phabricator/diff/40656
 * [new tag]             phabricator/diff/40657 -> phabricator/diff/40657
 * [new tag]             phabricator/diff/8992  -> phabricator/diff/8992
 * [new tag]             phabricator/diff/8993  -> phabricator/diff/8993
 * [new branch]          master                 -> master
--- Building for bullseye amd64 ---
Stopping target if it is up
Error response from daemon: No such container: gitian-target
Error: No such container: gitian-target
Making a new image copy
Starting target
Checking if target is up.
Preparing build environment
Updating apt-get repository (log in var/install.log)
Installing additional packages (log in var/install.log)
Upgrading system, may take a while (log in var/install.log)
Creating package manifest
Creating build script (var/build-script)
Running build script (log in var/build.log)
./bin/gbuild:23:in `system!': failed to run on-target setarch x86_64 bash -x < var/build-script > var/build.log 2>&1 (RuntimeError)
	from ./bin/gbuild:185:in `build_one_configuration'
	from ./bin/gbuild:339:in `block (2 levels) in <main>'
	from ./bin/gbuild:334:in `each'
	from ./bin/gbuild:334:in `block in <main>'
	from ./bin/gbuild:332:in `each'
	from ./bin/gbuild:332:in `<main>'
Build gitian-linux failed with exit code 1