[PATCH] Makefile: link with --no-warn-rwx-segments

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

* [PATCH] Makefile: link with --no-warn-rwx-segments
@ 2022-12-07 20:49 Tom Rini
  2022-12-09 19:25 ` Nick Desaulniers
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Tom Rini @ 2022-12-07 20:49 UTC (permalink / raw)
  To: u-boot; +Cc: Heinrich Schuchardt, Ilias Apalodimas

We borrow from the Linux Kernel 0d362be5b142 ("Makefile: link with -z
noexecstack --no-warn-rwx-segments") here to disable the RWX segment
linking warnings. We do not also bring in -z noexecstack as that
requires auditing and using ".note.GNU-stack" on assembly functions
which do need this feature. Further, we now introduce KBUILD_EFILDFLAGS
so that we can also pass --no-warn-rwx-segments when linking EFI
applications, and those do explicitly pass -z execstack.

Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
---
 Makefile             | 2 ++
 scripts/Makefile.lib | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 11efc4180414..839733836d9b 100644
--- a/Makefile
+++ b/Makefile
@@ -806,6 +806,8 @@ KBUILD_CPPFLAGS += $(KCPPFLAGS)
 KBUILD_AFLAGS += $(KAFLAGS)
 KBUILD_CFLAGS += $(KCFLAGS)
 
+KBUILD_LDFLAGS  += $(call ld-option,--no-warn-rwx-segments)
+
 KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
 
 # Use UBOOTINCLUDE when you must reference the include/ directory.
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 8e13bf2b986d..ac45a8847859 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -425,9 +425,11 @@ cmd_efi_objcopy = $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j \
 $(obj)/%.efi: $(obj)/%_efi.so
 	$(call cmd,efi_objcopy)
 
+KBUILD_EFILDFLAGS = -nostdlib -zexecstack -znocombreloc -znorelro
+KBUILD_EFILDFLAGS += $(call ld-option,--no-warn-rwx-segments)
 quiet_cmd_efi_ld = LD      $@
-cmd_efi_ld = $(LD) -nostdlib -zexecstack -znocombreloc -T $(EFI_LDS_PATH) \
-		-shared -Bsymbolic -znorelro -s $^ -o $@
+cmd_efi_ld = $(LD) $(KBUILD_EFILDFLAGS) -T $(EFI_LDS_PATH) \
+		-shared -Bsymbolic -s $^ -o $@
 
 EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
 
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH] Makefile: link with --no-warn-rwx-segments
  2022-12-07 20:49 [PATCH] Makefile: link with --no-warn-rwx-segments Tom Rini
@ 2022-12-09 19:25 ` Nick Desaulniers
  2022-12-09 19:29 ` Ilias Apalodimas
  2022-12-13 16:36 ` Tom Rini
  2 siblings, 0 replies; 4+ messages in thread
From: Nick Desaulniers @ 2022-12-09 19:25 UTC (permalink / raw)
  To: Tom Rini; +Cc: u-boot, Heinrich Schuchardt, Ilias Apalodimas, Fangrui Song

On Wed, Dec 07, 2022 at 03:49:43PM -0500, Tom Rini wrote:
> We borrow from the Linux Kernel 0d362be5b142 ("Makefile: link with -z
> noexecstack --no-warn-rwx-segments") here to disable the RWX segment

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

> linking warnings. We do not also bring in -z noexecstack as that
> requires auditing and using ".note.GNU-stack" on assembly functions
> which do need this feature. Further, we now introduce KBUILD_EFILDFLAGS

It took me a second to realize this is kbuild flags for the linker for
EFI. Looked like a type of KBUILD_FIELD_FLAGS initially to me.

> so that we can also pass --no-warn-rwx-segments when linking EFI
> applications, and those do explicitly pass -z execstack.
> 
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Signed-off-by: Tom Rini <trini@konsulko.com>
> ---
>  Makefile             | 2 ++
>  scripts/Makefile.lib | 6 ++++--
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 11efc4180414..839733836d9b 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -806,6 +806,8 @@ KBUILD_CPPFLAGS += $(KCPPFLAGS)
>  KBUILD_AFLAGS += $(KAFLAGS)
>  KBUILD_CFLAGS += $(KCFLAGS)
>  
> +KBUILD_LDFLAGS  += $(call ld-option,--no-warn-rwx-segments)
> +
>  KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
>  
>  # Use UBOOTINCLUDE when you must reference the include/ directory.
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index 8e13bf2b986d..ac45a8847859 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -425,9 +425,11 @@ cmd_efi_objcopy = $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j \
>  $(obj)/%.efi: $(obj)/%_efi.so
>  	$(call cmd,efi_objcopy)
>  
> +KBUILD_EFILDFLAGS = -nostdlib -zexecstack -znocombreloc -znorelro
> +KBUILD_EFILDFLAGS += $(call ld-option,--no-warn-rwx-segments)
>  quiet_cmd_efi_ld = LD      $@
> -cmd_efi_ld = $(LD) -nostdlib -zexecstack -znocombreloc -T $(EFI_LDS_PATH) \
> -		-shared -Bsymbolic -znorelro -s $^ -o $@
> +cmd_efi_ld = $(LD) $(KBUILD_EFILDFLAGS) -T $(EFI_LDS_PATH) \
> +		-shared -Bsymbolic -s $^ -o $@
>  
>  EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
>  
> -- 
> 2.25.1
> 
> 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Makefile: link with --no-warn-rwx-segments
  2022-12-07 20:49 [PATCH] Makefile: link with --no-warn-rwx-segments Tom Rini
  2022-12-09 19:25 ` Nick Desaulniers
@ 2022-12-09 19:29 ` Ilias Apalodimas
  2022-12-13 16:36 ` Tom Rini
  2 siblings, 0 replies; 4+ messages in thread
From: Ilias Apalodimas @ 2022-12-09 19:29 UTC (permalink / raw)
  To: Tom Rini; +Cc: u-boot, Heinrich Schuchardt

On Wed, Dec 07, 2022 at 03:49:43PM -0500, Tom Rini wrote:
> We borrow from the Linux Kernel 0d362be5b142 ("Makefile: link with -z
> noexecstack --no-warn-rwx-segments") here to disable the RWX segment
> linking warnings. We do not also bring in -z noexecstack as that
> requires auditing and using ".note.GNU-stack" on assembly functions
> which do need this feature. Further, we now introduce KBUILD_EFILDFLAGS
> so that we can also pass --no-warn-rwx-segments when linking EFI
> applications, and those do explicitly pass -z execstack.
> 
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Signed-off-by: Tom Rini <trini@konsulko.com>
> ---
>  Makefile             | 2 ++
>  scripts/Makefile.lib | 6 ++++--
>  2 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/Makefile b/Makefile
> index 11efc4180414..839733836d9b 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -806,6 +806,8 @@ KBUILD_CPPFLAGS += $(KCPPFLAGS)
>  KBUILD_AFLAGS += $(KAFLAGS)
>  KBUILD_CFLAGS += $(KCFLAGS)
>  
> +KBUILD_LDFLAGS  += $(call ld-option,--no-warn-rwx-segments)
> +
>  KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
>  
>  # Use UBOOTINCLUDE when you must reference the include/ directory.
> diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
> index 8e13bf2b986d..ac45a8847859 100644
> --- a/scripts/Makefile.lib
> +++ b/scripts/Makefile.lib
> @@ -425,9 +425,11 @@ cmd_efi_objcopy = $(OBJCOPY) -j .header -j .text -j .sdata -j .data -j \
>  $(obj)/%.efi: $(obj)/%_efi.so
>  	$(call cmd,efi_objcopy)
>  
> +KBUILD_EFILDFLAGS = -nostdlib -zexecstack -znocombreloc -znorelro
> +KBUILD_EFILDFLAGS += $(call ld-option,--no-warn-rwx-segments)
>  quiet_cmd_efi_ld = LD      $@
> -cmd_efi_ld = $(LD) -nostdlib -zexecstack -znocombreloc -T $(EFI_LDS_PATH) \
> -		-shared -Bsymbolic -znorelro -s $^ -o $@
> +cmd_efi_ld = $(LD) $(KBUILD_EFILDFLAGS) -T $(EFI_LDS_PATH) \
> +		-shared -Bsymbolic -s $^ -o $@
>  
>  EFI_LDS_PATH = $(srctree)/arch/$(ARCH)/lib/$(EFI_LDS)
>  
> -- 
> 2.25.1
> 

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] Makefile: link with --no-warn-rwx-segments
  2022-12-07 20:49 [PATCH] Makefile: link with --no-warn-rwx-segments Tom Rini
  2022-12-09 19:25 ` Nick Desaulniers
  2022-12-09 19:29 ` Ilias Apalodimas
@ 2022-12-13 16:36 ` Tom Rini
  2 siblings, 0 replies; 4+ messages in thread
From: Tom Rini @ 2022-12-13 16:36 UTC (permalink / raw)
  To: u-boot; +Cc: Heinrich Schuchardt, Ilias Apalodimas

[-- Attachment #1: Type: text/plain, Size: 871 bytes --]

On Wed, Dec 07, 2022 at 03:49:43PM -0500, Tom Rini wrote:

> We borrow from the Linux Kernel 0d362be5b142 ("Makefile: link with -z
> noexecstack --no-warn-rwx-segments") here to disable the RWX segment
> linking warnings. We do not also bring in -z noexecstack as that
> requires auditing and using ".note.GNU-stack" on assembly functions
> which do need this feature. Further, we now introduce KBUILD_EFILDFLAGS
> so that we can also pass --no-warn-rwx-segments when linking EFI
> applications, and those do explicitly pass -z execstack.
> 
> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
> Cc: Ilias Apalodimas <ilias.apalodimas@linaro.org>
> Signed-off-by: Tom Rini <trini@konsulko.com>
> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
> Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>

Applied to u-boot/next, thanks!

-- 
Tom

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-12-13 16:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-12-07 20:49 [PATCH] Makefile: link with --no-warn-rwx-segments Tom Rini
2022-12-09 19:25 ` Nick Desaulniers
2022-12-09 19:29 ` Ilias Apalodimas
2022-12-13 16:36 ` Tom Rini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox