Re: Bug#1102495: dpkg-dev: -fstack-clash-protection breaks valgrind on armhf Raspberry Pi

[Guillem Jover <guillem@debian.org>]

Hi!

On Wed, 2025-04-09 at 18:05:21 +0100, Andrew Sayers wrote:
> Package: dpkg-dev
> Version: 1.22.18
> Severity: normal
> X-Debbugs-Cc: debian-arm@lists.debian.org
> User: debian-arm@lists.debian.org
> Usertags: armhf

> You're listed as the maintainers for this package on Raspberry Pi OS.
> gcc lets you set `-fstack-clash-protection` on Pi armhf bookworm,
> but doing so causes valgrind errors even in trivial programs:

> $ gcc -fstack-clash-protection -x c - <<EOF
> void empty_function() {}
> int main() {
>   empty_function();
>   return 0;
> }
> EOF
> $ valgrind ./a.out
> ==19138== Memcheck, a memory error detector
> ==19138== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
> ==19138== Using Valgrind-3.19.0 and LibVEX; rerun with -h for copyright info
> ==19138== Command: ./a.out
> ==19138==
> ==19138== Invalid write of size 4
> ==19138==    at 0x1041C: main (in /home/andrew/a.out)
> ==19138==  Address 0x7db5f2a0 is on thread 1's stack
> ==19138==  8 bytes below stack pointer
> ==19138==
> ==19138==
> ==19138== HEAP SUMMARY:
> ==19138==     in use at exit: 0 bytes in 0 blocks
> ==19138==   total heap usage: 0 allocs, 0 frees, 0 bytes allocated
> ==19138==
> ==19138== All heap blocks were freed -- no leaks are possible
> ==19138==
> ==19138== For lists of detected and suppressed errors, rerun with: -s
> ==19138== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
> 
> The above may not be reproducible on Debian armhf, because Debian's "armhf"
> builds use ARMv7, while Raspberry Pi OS builds use ARMv6.

I cannot reproduce this in a Debian armhf sid chroot, and I assume
this would have been reported earlier if it had affected Debian there,
even on bookworm.

> dpkg-dev passes `-fstack-clash-protection` by default on Raspberry Pi armhf,
> creating binaries that fail valgrind tests.
> 
> Please disable `-fstack-clash-protection` on Pi armhf (and Debian armhf if
> the issue can be replicated there).

dpkg upstream has no knowledge or support for Raspberry Pi OS, and
thus it cannot be disabled for it. So I think you'd need to contact
the Raspberry Pi OS project and ask them to either do any appropriate
changes there, or try to upstream any required changes.

I'm thus for now going to close this.

> Could you also let me know whether `HARDENING=+all` should enable unsupported
> features like this?  dpkg-dev(1) implies it would, and the option is therefore
> harmful.  But it's featured prominently on the "Hardening" wiki page, which
> implies that option should do something useful?

Any features it enables are vendor specific, and should thus be in
theory be working as expected on those vendors. If a vendor derives
from any other vendor but does not tune those defaults, then that
needs to be modified for their specific vendor, or their vendor support
needs to be upstreamed. I honestly have no idea what toolchain versions,
default flags, hardware baselines, etc Raspberry Pi OS assumes, so don't
think I can give you any answer here.

The Hardening wiki page in the Debian wiki also assumes a Debian
system (in the same way a similar Ubuntu page will document the
settings on an Ubuntu system), so you might want to look for matching
documentation for your OS vendor (which I'm not sure it exists).

Thanks,
Guillem