From f5d6ae54b31b5832c67bf38d5457021856c207c2 Mon Sep 17 00:00:00 2001 From: Ahmad Fatoum Date: Mon, 24 Apr 2023 13:55:48 +0200 Subject: treewide: use non-executable stack annotations for blobs We are building the non-sandbox platforms with -z noexecstack, because the ELF section attributes don't matter. This is different for sandbox, where we compile assembly files directly only for embedding blobs. This currently yields a build warning: binutils-2.39/bin/ld: warning: defaultenv/defaultenv-2-reboot-mode.bbenv.gz.o: missing .note.GNU-stack section implies executable stack binutils-2.39/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker Let's add the non-executable stack annotations, so sandbox may run with non-executable stack. This way we are left with a single linker warning that needs to be resolved: binutils-2.39/bin/ld: warning: barebox has a LOAD segment with RWX permissions Signed-off-by: Ahmad Fatoum Link: https://lore.barebox.org/20230424115548.114858-2-ahmad@a3f.at Signed-off-by: Sascha Hauer --- lib/logo/Makefile | 1 + scripts/Makefile.lib | 2 ++ scripts/gen-dtb-s | 1 + scripts/gen-dtbo-s | 1 + 4 files changed, 5 insertions(+) diff --git a/lib/logo/Makefile b/lib/logo/Makefile index 382701fb36..9c14105e88 100644 --- a/lib/logo/Makefile +++ b/lib/logo/Makefile @@ -26,6 +26,7 @@ quiet_cmd_logo_S = LOGO.S $@ cmd_logo_S = \ ( \ echo '\#include '; \ + echo '.section .note.GNU-stack,"",%progbits'; \ echo '.section .bblogo.rodata.$(subst -,_,$(*F)),"a"'; \ echo '.balign STRUCT_ALIGNMENT'; \ echo '.global __bblogo_$(subst -,_,$(*F))_start'; \ diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib index 51beff56ae..90cfa579e5 100644 --- a/scripts/Makefile.lib +++ b/scripts/Makefile.lib @@ -391,6 +391,7 @@ quiet_cmd_env_S = ENV.S $@ cmd_env_S = \ ( \ echo '\#include '; \ + echo '.section .note.GNU-stack,"",%progbits'; \ echo '.section .bbenv.rodata.$(subst -,_,$(*F)),"a"'; \ echo '.balign STRUCT_ALIGNMENT'; \ echo '.global __bbenv_$(subst -,_,$(*F))_start'; \ @@ -540,6 +541,7 @@ quiet_cmd_imximage__S_dcd= DCD_S $@ cmd_imximage_S_dcd= \ ( \ echo '\#include '; \ + echo '.section .note.GNU-stack,"",%progbits'; \ echo '.balign STRUCT_ALIGNMENT'; \ echo '.global $(subst -,_,$(*F))_start'; \ echo '$(subst -,_,$(*F))_start:'; \ diff --git a/scripts/gen-dtb-s b/scripts/gen-dtb-s index f6fa152593..d6fbdd5aaf 100755 --- a/scripts/gen-dtb-s +++ b/scripts/gen-dtb-s @@ -6,6 +6,7 @@ imd=$3 echo "#include " echo "#include " +echo ".section .note.GNU-stack,\"\",%progbits" le32() { printf ".byte 0x%02x, 0x%02x, 0x%02x, 0x%02x\n" \ diff --git a/scripts/gen-dtbo-s b/scripts/gen-dtbo-s index 06f78609ed..a7e272a089 100755 --- a/scripts/gen-dtbo-s +++ b/scripts/gen-dtbo-s @@ -4,6 +4,7 @@ name=$1 dtbo=$2 echo "#include " +echo ".section .note.GNU-stack,\"\",%progbits" echo ".section .dtb.rodata.${name}_dtbo,\"a\"" echo ".balign STRUCT_ALIGNMENT" -- cgit v1.2.1