[PATCH 1/2] test: self: printf: compile test with -Wno-format-security

[PATCH 1/2] test: self: printf: compile test with -Wno-format-security

[Ahmad Fatoum]

For testing purposes, the test code uses a variable for the format
string at places, which -Wformat-security doesn't like.

The printf test was copied over from the kernel, which sets
-Wno-format-security globally. This may not be needed for barebox yet,
but let's set at least for this one file.

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 test/self/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/self/Makefile b/test/self/Makefile
index d55d9133be23..98ebd1fd66c1 100644
--- a/test/self/Makefile
+++ b/test/self/Makefile
@@ -3,6 +3,7 @@
 obj-$(CONFIG_SELFTEST) += core.o
 obj-$(CONFIG_SELFTEST_MALLOC) += malloc.o
 obj-$(CONFIG_SELFTEST_PRINTF) += printf.o
+CFLAGS_printf.o += -Wno-format-security
 obj-$(CONFIG_SELFTEST_PROGRESS_NOTIFIER) += progress-notifier.o
 obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.o
 obj-$(CONFIG_SELFTEST_ENVIRONMENT_VARIABLES) += envvar.o
-- 
2.38.4

[PATCH 2/2] treewide: use non-executable stack annotations for blobs

[Ahmad Fatoum]

We are building the non-sandbox platforms with -z noexecstack, because
the ELF section attributes don't matter. This is different for sandbox,
where we compile assembly files directly only for embedding blobs.
This currently yields a build warning:

  binutils-2.39/bin/ld: warning: defaultenv/defaultenv-2-reboot-mode.bbenv.gz.o:
          missing .note.GNU-stack section implies executable stack
  binutils-2.39/bin/ld: NOTE: This behaviour is deprecated and will be removed
          in a future version of the linker

Let's add the non-executable stack annotations, so sandbox may run with
non-executable stack. This way we are left with a single linker
warning that needs to be resolved:

   binutils-2.39/bin/ld: warning: barebox has a LOAD segment with RWX permissions

Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
---
 lib/logo/Makefile    | 1 +
 scripts/Makefile.lib | 2 ++
 scripts/gen-dtb-s    | 1 +
 scripts/gen-dtbo-s   | 1 +
 4 files changed, 5 insertions(+)

diff --git a/lib/logo/Makefile b/lib/logo/Makefile
index 382701fb365c..9c14105e88bf 100644
--- a/lib/logo/Makefile
+++ b/lib/logo/Makefile
@@ -26,6 +26,7 @@ quiet_cmd_logo_S = LOGO.S  $@
 cmd_logo_S =							\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.section .bblogo.rodata.$(subst -,_,$(*F)),"a"';	\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global __bblogo_$(subst -,_,$(*F))_start';	\
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 51beff56aeb8..90cfa579e5d5 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -391,6 +391,7 @@ quiet_cmd_env_S = ENV.S   $@
 cmd_env_S =							\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.section .bbenv.rodata.$(subst -,_,$(*F)),"a"';	\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global __bbenv_$(subst -,_,$(*F))_start';	\
@@ -540,6 +541,7 @@ quiet_cmd_imximage__S_dcd= DCD_S   $@
 cmd_imximage_S_dcd=						\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global $(subst -,_,$(*F))_start';		\
 	echo '$(subst -,_,$(*F))_start:';			\
diff --git a/scripts/gen-dtb-s b/scripts/gen-dtb-s
index f6fa1525933e..d6fbdd5aaf8a 100755
--- a/scripts/gen-dtb-s
+++ b/scripts/gen-dtb-s
@@ -6,6 +6,7 @@ imd=$3
 
 echo "#include <asm/barebox.lds.h>"
 echo "#include <asm-generic/pointer.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
 
 le32() {
 	printf ".byte 0x%02x, 0x%02x, 0x%02x, 0x%02x\n" \
diff --git a/scripts/gen-dtbo-s b/scripts/gen-dtbo-s
index 06f78609ed28..a7e272a0890d 100755
--- a/scripts/gen-dtbo-s
+++ b/scripts/gen-dtbo-s
@@ -4,6 +4,7 @@ name=$1
 dtbo=$2
 
 echo "#include <asm/barebox.lds.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
 
 echo ".section .dtb.rodata.${name}_dtbo,\"a\""
 echo ".balign STRUCT_ALIGNMENT"
-- 
2.38.4

Re: [PATCH 1/2] test: self: printf: compile test with -Wno-format-security

[Sascha Hauer]

On Mon, Apr 24, 2023 at 01:55:47PM +0200, Ahmad Fatoum wrote:
> For testing purposes, the test code uses a variable for the format
> string at places, which -Wformat-security doesn't like.
> 
> The printf test was copied over from the kernel, which sets
> -Wno-format-security globally. This may not be needed for barebox yet,
> but let's set at least for this one file.
> 
> Signed-off-by: Ahmad Fatoum <ahmad@a3f.at>
> ---
>  test/self/Makefile | 1 +
>  1 file changed, 1 insertion(+)

Applied, thanks

Sascha

> 
> diff --git a/test/self/Makefile b/test/self/Makefile
> index d55d9133be23..98ebd1fd66c1 100644
> --- a/test/self/Makefile
> +++ b/test/self/Makefile
> @@ -3,6 +3,7 @@
>  obj-$(CONFIG_SELFTEST) += core.o
>  obj-$(CONFIG_SELFTEST_MALLOC) += malloc.o
>  obj-$(CONFIG_SELFTEST_PRINTF) += printf.o
> +CFLAGS_printf.o += -Wno-format-security
>  obj-$(CONFIG_SELFTEST_PROGRESS_NOTIFIER) += progress-notifier.o
>  obj-$(CONFIG_SELFTEST_OF_MANIPULATION) += of_manipulation.o of_manipulation.dtb.o
>  obj-$(CONFIG_SELFTEST_ENVIRONMENT_VARIABLES) += envvar.o
> -- 
> 2.38.4
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |