From: Ahmad Fatoum <ahmad@a3f.at>
To: barebox@lists.infradead.org
Cc: Ahmad Fatoum <ahmad@a3f.at>
Subject: [PATCH 2/2] treewide: use non-executable stack annotations for blobs
Date: Mon, 24 Apr 2023 13:55:48 +0200 [thread overview]
Message-ID: <20230424115548.114858-2-ahmad@a3f.at> (raw)
In-Reply-To: <20230424115548.114858-1-ahmad@a3f.at>
We are building the non-sandbox platforms with -z noexecstack, because
the ELF section attributes don't matter. This is different for sandbox,
where we compile assembly files directly only for embedding blobs.
This currently yields a build warning:
binutils-2.39/bin/ld: warning: defaultenv/defaultenv-2-reboot-mode.bbenv.gz.o:
missing .note.GNU-stack section implies executable stack
binutils-2.39/bin/ld: NOTE: This behaviour is deprecated and will be removed
in a future version of the linker
Let's add the non-executable stack annotations, so sandbox may run with
non-executable stack. This way we are left with a single linker
warning that needs to be resolved:
binutils-2.39/bin/ld: warning: barebox has a LOAD segment with RWX permissions
Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
lib/logo/Makefile | 1 +
scripts/Makefile.lib | 2 ++
scripts/gen-dtb-s | 1 +
scripts/gen-dtbo-s | 1 +
4 files changed, 5 insertions(+)
diff --git a/lib/logo/Makefile b/lib/logo/Makefile
index 382701fb365c..9c14105e88bf 100644
--- a/lib/logo/Makefile
+++ b/lib/logo/Makefile
@@ -26,6 +26,7 @@ quiet_cmd_logo_S = LOGO.S $@
cmd_logo_S = \
( \
echo '\#include <asm/barebox.lds.h>'; \
+ echo '.section .note.GNU-stack,"",%progbits'; \
echo '.section .bblogo.rodata.$(subst -,_,$(*F)),"a"'; \
echo '.balign STRUCT_ALIGNMENT'; \
echo '.global __bblogo_$(subst -,_,$(*F))_start'; \
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 51beff56aeb8..90cfa579e5d5 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -391,6 +391,7 @@ quiet_cmd_env_S = ENV.S $@
cmd_env_S = \
( \
echo '\#include <asm/barebox.lds.h>'; \
+ echo '.section .note.GNU-stack,"",%progbits'; \
echo '.section .bbenv.rodata.$(subst -,_,$(*F)),"a"'; \
echo '.balign STRUCT_ALIGNMENT'; \
echo '.global __bbenv_$(subst -,_,$(*F))_start'; \
@@ -540,6 +541,7 @@ quiet_cmd_imximage__S_dcd= DCD_S $@
cmd_imximage_S_dcd= \
( \
echo '\#include <asm/barebox.lds.h>'; \
+ echo '.section .note.GNU-stack,"",%progbits'; \
echo '.balign STRUCT_ALIGNMENT'; \
echo '.global $(subst -,_,$(*F))_start'; \
echo '$(subst -,_,$(*F))_start:'; \
diff --git a/scripts/gen-dtb-s b/scripts/gen-dtb-s
index f6fa1525933e..d6fbdd5aaf8a 100755
--- a/scripts/gen-dtb-s
+++ b/scripts/gen-dtb-s
@@ -6,6 +6,7 @@ imd=$3
echo "#include <asm/barebox.lds.h>"
echo "#include <asm-generic/pointer.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
le32() {
printf ".byte 0x%02x, 0x%02x, 0x%02x, 0x%02x\n" \
diff --git a/scripts/gen-dtbo-s b/scripts/gen-dtbo-s
index 06f78609ed28..a7e272a0890d 100755
--- a/scripts/gen-dtbo-s
+++ b/scripts/gen-dtbo-s
@@ -4,6 +4,7 @@ name=$1
dtbo=$2
echo "#include <asm/barebox.lds.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
echo ".section .dtb.rodata.${name}_dtbo,\"a\""
echo ".balign STRUCT_ALIGNMENT"
--
2.38.4
next prev parent reply other threads:[~2023-04-24 11:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-24 11:55 [PATCH 1/2] test: self: printf: compile test with -Wno-format-security Ahmad Fatoum
2023-04-24 11:55 ` Ahmad Fatoum [this message]
2023-05-02 9:17 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230424115548.114858-2-ahmad@a3f.at \
--to=ahmad@a3f.at \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox