[PATCH v2 09/15] makefile: Add `norelro` linker option

U-Boot Archive on lore.kernel.org
 help / color / mirror / Atom feed

From: Sam Edwards <cfsworks@gmail.com>
To: Tom Rini <trini@konsulko.com>,
	Heinrich Schuchardt <xypron.glpk@gmx.de>,
	Ilias Apalodimas <ilias.apalodimas@linaro.org>,
	Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
	Rick Chen <rick@andestech.com>, Leo <ycliang@andestech.com>
Cc: Marek Vasut <marek.vasut+renesas@mailbox.org>,
	Sumit Garg <sumit.garg@linaro.org>,
	Peter Robinson <pbrobinson@gmail.com>,
	Richard Henderson <richard.henderson@linaro.org>,
	u-boot@lists.denx.de, Sam Edwards <CFSworks@gmail.com>
Subject: [PATCH v2 09/15] makefile: Add `norelro` linker option
Date: Sat, 15 Mar 2025 15:18:07 -0700	[thread overview]
Message-ID: <20250315221813.1265193-10-CFSworks@gmail.com> (raw)
In-Reply-To: <20250315221813.1265193-1-CFSworks@gmail.com>

RELRO is an instruction to a dynamic loader to make a memory range
read-only after relocations are applied, for added security. Some
linkers (e.g. LLD) require that all sections covered by the RELRO are
contiguous, so that only a single RELRO is needed. U-Boot at present
neither satisfies this requirement (e.g. x86_64 linker script currently
puts .dynamic too far from .got) nor preserves the RELRO when converting
away from ELF, therefore add `-z norelro` to global linker options.

This can be brought back in the future when the linker scripts are
cleaned up and U-Boot understands RELROs.

Signed-off-by: Sam Edwards <CFSworks@gmail.com>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
 Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Makefile b/Makefile
index 9c353af17cd..05a93813afa 100644
--- a/Makefile
+++ b/Makefile
@@ -820,6 +820,7 @@ KBUILD_AFLAGS += $(KAFLAGS)
 KBUILD_CFLAGS += $(KCFLAGS)

 KBUILD_LDFLAGS  += -z noexecstack
+KBUILD_LDFLAGS  += -z norelro
 KBUILD_LDFLAGS  += $(call ld-option,--no-warn-rwx-segments)

 KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
-- 
2.48.1

next prev parent reply	other threads:[~2025-03-15 22:19 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-03-15 22:17 [PATCH v2 00/15] Various toolchain compatibility fixes/improvements Sam Edwards
2025-03-15 22:17 ` [PATCH v2 01/15] arm: Remove stray .mmutable reference in linker script Sam Edwards
2025-03-15 22:18 ` [PATCH v2 02/15] arm: Exclude eabi_compat from LTO Sam Edwards
2025-03-15 22:18 ` [PATCH v2 03/15] arm: Add __aeabi_memclr in eabi_compat Sam Edwards
2025-03-15 22:18 ` [PATCH v2 04/15] arm: Add aligned-memory aliases to eabi_compat Sam Edwards
2025-03-15 22:18 ` [PATCH v2 05/15] arm: Discard unwanted sections in linker script Sam Edwards
2025-03-30  6:47   ` Ilias Apalodimas
2025-03-15 22:18 ` [PATCH v2 06/15] arm: Replace 'adrl' in EFI crt0 Sam Edwards
2025-03-30  6:46   ` Ilias Apalodimas
2025-03-15 22:18 ` [PATCH v2 07/15] x86: Fix call64's section flags Sam Edwards
2025-03-15 22:18 ` [PATCH v2 08/15] makefile: Avoid objcopy --gap-fill for .hex/.srec Sam Edwards
2025-03-30  6:47   ` Ilias Apalodimas
2025-03-15 22:18 ` Sam Edwards [this message]
2025-03-15 22:18 ` [PATCH v2 10/15] makefile: Add READELF command variable Sam Edwards
2025-03-15 22:18 ` [PATCH v2 11/15] arm: riscv: efi: Export _start symbol from crt0_*_efi stubs Sam Edwards
2025-03-17  8:43   ` Heinrich Schuchardt
2025-03-15 22:18 ` [PATCH v2 12/15] efi_loader: Move .dynamic out of .text in EFI Sam Edwards
2025-03-17  8:34   ` Heinrich Schuchardt
2025-03-15 22:18 ` [PATCH v2 13/15] scripts/Makefile.lib: efi: Preserve the .dynstr section as well Sam Edwards
2025-03-15 22:18 ` [PATCH v2 14/15] spl: riscv: opensbi: Error on misaligned FDT Sam Edwards
2025-03-15 22:18 ` [PATCH v2 15/15] spl: Align FDT load address Sam Edwards
2025-03-16  5:27 ` [PATCH v2 00/15] Various toolchain compatibility fixes/improvements Heinrich Schuchardt
2025-03-16 19:31   ` Sam Edwards
2025-04-03  1:59 ` Tom Rini

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:9c353af17c dfblob:05a93813af )
 OR (
bs:"[PATCH v2 09/15] makefile: Add `norelro` linker option" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20250315221813.1265193-10-CFSworks@gmail.com \
    --to=cfsworks@gmail.com \
    --cc=bmeng.cn@gmail.com \
    --cc=ilias.apalodimas@linaro.org \
    --cc=marek.vasut+renesas@mailbox.org \
    --cc=pbrobinson@gmail.com \
    --cc=richard.henderson@linaro.org \
    --cc=rick@andestech.com \
    --cc=sjg@chromium.org \
    --cc=sumit.garg@linaro.org \
    --cc=trini@konsulko.com \
    --cc=u-boot@lists.denx.de \
    --cc=xypron.glpk@gmx.de \
    --cc=ycliang@andestech.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox