From: Jan Beulich <jbeulich@suse.com>
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: binutils@sourceware.org
Subject: Re: [PATCH v2] ld: Turn on --error-execstack/--error-rwx-segments
Date: Mon, 29 Jan 2024 15:03:43 +0100 [thread overview]
Message-ID: <ed0027e0-db88-418d-a0b5-9420c2330e49@suse.com> (raw)
In-Reply-To: <CAMe9rOpvL78TewSOuPbRNJJ7_pJdvOUnr08Gc6EZw2acp6Ts5g@mail.gmail.com>
On 29.01.2024 14:03, H.J. Lu wrote:
> On Sun, Jan 28, 2024 at 11:30 PM Jan Beulich <jbeulich@suse.com> wrote:
>>
>> On 26.01.2024 22:45, H.J. Lu wrote:
>>> --- a/ld/lexsup.c
>>> +++ b/ld/lexsup.c
>>> @@ -1947,6 +1947,17 @@ parse_args (unsigned argc, char **argv)
>>> && command_line.check_section_addresses < 0)
>>> command_line.check_section_addresses = 0;
>>>
>>> + /* Override --no-error-execstack and --no-warn-execstack and turn on
>>> + --error-execstack for --warn-execstack and --error-rwx-segments for
>>> + --warn-rwx-segments if --fatal-warnings is used. */
>>> + if (config.fatal_warnings)
>>> + {
>>> + if (link_info.warn_execstack)
>>> + link_info.error_execstack = 1;
>>> + if (!link_info.no_warn_rwx_segments)
>>> + link_info.warn_is_error_for_rwx_segments = 1;
>>> + }
>>> +
>>> if (export_list)
>>> {
>>> struct bfd_elf_version_expr *head = export_list->head.list;
>>
>> If I'm not mistaken and if the comment is properly describing things,
>> this placement of the addition means --no-* last on the command line
>> wouldn't be honored anymore, when later arguments ought to override
>> earlier ones.
>>
>
> Before my change, we got
>
> [hjl@gnu-cfl-3 ld]$ touch x.s
> [hjl@gnu-cfl-3 ld]$ gcc -c x.s
> [hjl@gnu-cfl-3 ld]$ ld -shared -z stack-size=0x123400 --fatal-warnings
> --warn-execstack --no-error-execstack x.o
> ld: warning: x.o: missing .note.GNU-stack section implies executable stack
> ld: NOTE: This behaviour is deprecated and will be removed in a future
> version of the linker
> [hjl@gnu-cfl-3 ld]$ echo $?
> 1
>
> The warning is misleading since --fatal-warnings IS position independent
> and is always fatal for ANY warning. My patch changes it to
>
> [hjl@gnu-cfl-3 ld]$ ./ld-new -shared -z stack-size=0x123400
> --fatal-warnings --warn-execstack --no-error-execstack x.o
> ./ld-new: error: x.o: is triggering the generation of an executable
> stack because it does not have a .note.GNU-stack section
> ./ld-new: failed to set dynamic section sizes: file format not recognized
> [hjl@gnu-cfl-3 ld]$
>
> Any other comments to my patch?
Well. To me, it is ambiguous what "--fatal-warnings --warn-execstack
--no-error-execstack" actually is intended to mean (and that's regardless
of --fatal-warnings position on the command line). One way of
interpreting is your way. The other is to say that --no-error-execstack
means "no error for anything related to executable stacks", i.e.
--fatal-warnings not affecting the overall result (when there are no
other warnings).
Jan
next prev parent reply other threads:[~2024-01-29 14:03 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-26 21:45 H.J. Lu
2024-01-28 15:04 ` H.J. Lu
2024-01-29 7:33 ` Jan Beulich
2024-01-29 12:59 ` H.J. Lu
2024-01-29 7:30 ` Jan Beulich
2024-01-29 13:03 ` H.J. Lu
2024-01-29 14:03 ` Jan Beulich [this message]
2024-01-29 14:10 ` H.J. Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ed0027e0-db88-418d-a0b5-9420c2330e49@suse.com \
--to=jbeulich@suse.com \
--cc=binutils@sourceware.org \
--cc=hjl.tools@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).