From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) by sourceware.org (Postfix) with ESMTPS id C63D6385842D for ; Mon, 29 Jan 2024 14:11:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C63D6385842D Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C63D6385842D Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::b29 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706537476; cv=none; b=MOkQNZ/Gv58r1V6FpJPmtQv05wZwoK+JTUZNSbJqDm4pNkESqF93bjMRyRIgQh86Bb9i6t+WXKr/nTICJaT3NKlKNOgxnUW8dry1/BdmO2FJVWClzr4WXhX0FV/eoY5z2GuAUL2GmPvR1zFDbVAEGO9v7dqddv2KS5l+kGK3NAw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1706537476; c=relaxed/simple; bh=296ywvScFA5sjJN8TUer+m6HrPdCsm+RvFUYH5ueaFw=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=O6BL9nNNRa+ZPDPz5rYnWMJPBDQpMwlWpBsu+2lnYAB4ggxkFwJgKnoo2g36JrAGiXAcbQWmiBvEfkZUYWDCgkOBNlxHYHghNxNlWjqiZZYhClNCSADPGSEyCTRiGHLUb2jVdaHuNvQ4IQGxRgJn43sljGXVUJR4p+em6PZMhUg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-yb1-xb29.google.com with SMTP id 3f1490d57ef6-db3a09e96daso2273669276.3 for ; Mon, 29 Jan 2024 06:11:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1706537474; x=1707142274; darn=sourceware.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=lf5YRfcJxemiUeQv6785qae8FHmpqMwqtwco6k6GtSc=; b=O0YOEAX+Q5cA65q3jFwhm7XUGGAwCccamHplPtDizgTkmIV7kZh1wLpQyhKdM07Vqv kiUX54s1mKnlOUl7pr18aCoojtp1qzrwOt0/DK35fhjKPDl+OJZSOzHK6rHBKmNAhBzd mJ9PqXepmG8Sm0PAJl4o6Rfbzg2gsHN0DiLp/HTBx3rZ5hjXV61bwrt9/aJJZ8KyoPCX o2Tc95FKVZC42ip+3bEOQB27DK5WgfCE9X7GT3r16ePZ4uWlfEdI7cG5drZCXoTiQcI7 epXNOKoWzAhEhXmG4A77HyB8py0J/TQuISiZKic89qxBwRwQUP+5HObMpsr0giRd0ewU wcxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706537474; x=1707142274; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=lf5YRfcJxemiUeQv6785qae8FHmpqMwqtwco6k6GtSc=; b=pOYS4u0FrngbD2jsi4/7ws7M8leT72pVyXxJ9/NXgNJG/CJbJZah+9G4SZHvBDKXFk 8QhTIHIGxSc2UIE3t+usOEIoAMQ0lnKL/RMYAbtjGRewljbsqHVCoQ0BVCAV8vgLVvVl XFk8Zh5nggJToz/p1iC27zC6iTHku2sALk1bUXlWtNFMTeR2HBSoFeRZh23QrFOwvMVQ n4KF+0TkSrQGUjjyGEZFLXKCJTYrnJEdZyPS7bzFNF13uHx4GloBC14lwgFu2oNTXdpK nA+HG2X3NOppiGMw7v8SKRtwCbCNVyUDxao9vtl7WFJahdElwjvCzoIgYNqpgECUCosR yXhA== X-Gm-Message-State: AOJu0YwMaPkXf4L6+Y1Kx7uV3EYpILAsimVxK5mefV457sJza04G/RrO UBYNTTx32XxHS8veqlePruoi4oTOOXPJdm5aBV7gVPBbk4cSKOafkvTn4H+PYtBWupG+elsaBu+ emmGyG66rXnf6Vh84kRMnfkg/M7Q= X-Google-Smtp-Source: AGHT+IFSwgmPhfwEvj+cBG2pg5GG0GF89eUEcCK5QIGbI5ZS4F+iLQ3Ys0k2BUQu8UspjijadJmZtEoXfQiX6yvJr98= X-Received: by 2002:a25:8449:0:b0:dc2:2035:839a with SMTP id r9-20020a258449000000b00dc22035839amr2300763ybm.118.1706537474045; Mon, 29 Jan 2024 06:11:14 -0800 (PST) MIME-Version: 1.0 References: <20240126214553.46536-1-hjl.tools@gmail.com> <29c60b5a-8594-4c4d-b97d-f1d96761a27e@suse.com> In-Reply-To: From: "H.J. Lu" Date: Mon, 29 Jan 2024 06:10:37 -0800 Message-ID: Subject: Re: [PATCH v2] ld: Turn on --error-execstack/--error-rwx-segments To: Jan Beulich Cc: binutils@sourceware.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-3014.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, Jan 29, 2024 at 6:03=E2=80=AFAM Jan Beulich wro= te: > > On 29.01.2024 14:03, H.J. Lu wrote: > > On Sun, Jan 28, 2024 at 11:30=E2=80=AFPM Jan Beulich wrote: > >> > >> On 26.01.2024 22:45, H.J. Lu wrote: > >>> --- a/ld/lexsup.c > >>> +++ b/ld/lexsup.c > >>> @@ -1947,6 +1947,17 @@ parse_args (unsigned argc, char **argv) > >>> && command_line.check_section_addresses < 0) > >>> command_line.check_section_addresses =3D 0; > >>> > >>> + /* Override --no-error-execstack and --no-warn-execstack and turn = on > >>> + --error-execstack for --warn-execstack and --error-rwx-segments= for > >>> + --warn-rwx-segments if --fatal-warnings is used. */ > >>> + if (config.fatal_warnings) > >>> + { > >>> + if (link_info.warn_execstack) > >>> + link_info.error_execstack =3D 1; > >>> + if (!link_info.no_warn_rwx_segments) > >>> + link_info.warn_is_error_for_rwx_segments =3D 1; > >>> + } > >>> + > >>> if (export_list) > >>> { > >>> struct bfd_elf_version_expr *head =3D export_list->head.list; > >> > >> If I'm not mistaken and if the comment is properly describing things, > >> this placement of the addition means --no-* last on the command line > >> wouldn't be honored anymore, when later arguments ought to override > >> earlier ones. > >> > > > > Before my change, we got > > > > [hjl@gnu-cfl-3 ld]$ touch x.s > > [hjl@gnu-cfl-3 ld]$ gcc -c x.s > > [hjl@gnu-cfl-3 ld]$ ld -shared -z stack-size=3D0x123400 --fatal-warning= s > > --warn-execstack --no-error-execstack x.o > > ld: warning: x.o: missing .note.GNU-stack section implies executable st= ack > > ld: NOTE: This behaviour is deprecated and will be removed in a future > > version of the linker > > [hjl@gnu-cfl-3 ld]$ echo $? > > 1 > > > > The warning is misleading since --fatal-warnings IS position independen= t > > and is always fatal for ANY warning. My patch changes it to > > > > [hjl@gnu-cfl-3 ld]$ ./ld-new -shared -z stack-size=3D0x123400 > > --fatal-warnings --warn-execstack --no-error-execstack x.o > > ./ld-new: error: x.o: is triggering the generation of an executable > > stack because it does not have a .note.GNU-stack section > > ./ld-new: failed to set dynamic section sizes: file format not recogniz= ed > > [hjl@gnu-cfl-3 ld]$ > > > > Any other comments to my patch? > > Well. To me, it is ambiguous what "--fatal-warnings --warn-execstack > --no-error-execstack" actually is intended to mean (and that's regardless > of --fatal-warnings position on the command line). One way of > interpreting is your way. The other is to say that --no-error-execstack > means "no error for anything related to executable stacks", i.e. > --fatal-warnings not affecting the overall result (when there are no > other warnings). My interpretation is what --fatal-warnings implements. -- H.J.