Bug 29263

Summary: /usr/bin/ld: warning: /usr/lib/gcc/hppa-linux-gnu/11/../../../hppa-linux-gnu/crtn.o: missing .note.GNU-stack section implies executable stack
Product: binutils Reporter: John David Anglin <danglin>
Component: ldAssignee: Not yet assigned to anyone <unassigned>
Status: RESOLVED FIXED    
Severity: normal CC: nickc, nickc
Priority: P2    
Version: 2.39   
Target Milestone: ---   
Host: hppa*-*-linux* Target: hppa*-*-linux*
Build: hppa*-*-linux* Last reconfirmed:
Attachments: Proposed Patch

Description John David Anglin 2022-06-19 21:42:35 UTC
int main(void) { return 0; }

dave@mx3210:~/shmat$ gcc main.c
/usr/bin/ld: warning: /usr/lib/gcc/hppa-linux-gnu/11/../../../hppa-linux-gnu/crtn.o: missing .note.GNU-stack section implies executable stack
/usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
/usr/bin/ld: warning: a.out has a LOAD segment with RWX permissions

The first warning seems bogus as crtn.o is not an executable file.

On hppa-linux with kernel v5.18 and later, we don't need an executable
stack for signal support but we still need it for gcc nested functions.

As far as I can tell, an executable stack is still the default in glibc
for many targets.
Comment 1 John David Anglin 2022-06-19 22:12:59 UTC
dave@mx3210:~/gnu/binutils/src$ ld --version
GNU ld (GNU Binutils for Debian) 2.38.50.20220615
Comment 2 Nick Clifton 2022-06-20 11:13:02 UTC
(In reply to John David Anglin from comment #0)
Hi David,
 
> /usr/lib/gcc/hppa-linux-gnu/11/../../../hppa-linux-gnu/crtn.o: missing
> .note.GNU-stack section implies executable stack

> The first warning seems bogus as crtn.o is not an executable file.

But it is an object file which is being linked with others to create an executable file.  

The logic of the .note.GNU-stack section is that its permissions (read/write/execute) define the permissions needed of the stack segment in the final executable.  Permissions from different .note-GNU-stack sections in different input object files are ORed together.

In addition, if the section is missing from any of the input object files then the target specific default permissions are assumed.  For the HPPA architecture the default permissions are read, write and execute.  Hence if the .note.GNU-stack section is missing from *any* input object file the resulting HPPA executable will end up with an executable stack segment.  This is of course a potential security issue.


> /usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a 
> future version of the linker

The point of this message is that we are considering changing the behaviour of the linker so that all targets default to just read/write for their stacks, and that executable stacks have to be explicitly requested via the .note.GNU-stack mechanism.  (This would match the behaviour of the lld linker).



> On hppa-linux with kernel v5.18 and later, we don't need an executable
> stack for signal support but we still need it for gcc nested functions.

This is already handled by gcc.  If an executable stack is needed in order to support nested functions (or more probably, taking the address of a nested function), then gcc will generate a .note.GNU-stack section with the read, write and execute permissions set.  The linker will then obligingly create an executable stack segment.  You will still get a warning message however, since the issue of executable stacks is still present, albeit for a different reason.


The linker's warnings can be suppressed however, either via a run-time command line option:  --no-warn-execstack  or a build-time configure option:  --enable-warn-execstack=no.


Is this sufficient ?  We could change the configuration option so that it defaults to disabling the warnings if the target is the HPPA, but I would prefer not to do that, as it means that a potential security vulnerability will be ignored by default.

Cheers
  Nick
Comment 3 dave.anglin 2022-06-20 15:10:05 UTC
On 2022-06-20 7:13 a.m., nickc at redhat dot com wrote:
>> On hppa-linux with kernel v5.18 and later, we don't need an executable
>> stack for signal support but we still need it for gcc nested functions.
> This is already handled by gcc.  If an executable stack is needed in order to
> support nested functions (or more probably, taking the address of a nested
> function), then gcc will generate a .note.GNU-stack section with the read,
> write and execute permissions set.  The linker will then obligingly create an
> executable stack segment.  You will still get a warning message however, since
> the issue of executable stacks is still present, albeit for a different reason.
Unfortunately, this doesn't happen on hppa-linux because we have:

/* It's not possible to enable GNU_stack notes since the kernel needs
    an executable stack for signal returns and syscall restarts.  */

#undef NEED_INDICATE_EXEC_STACK
#define NEED_INDICATE_EXEC_STACK 0

I can't just enable the generation of GNU_stack notes since old kernels are still prevalent.

>
>
> The linker's warnings can be suppressed however, either via a run-time command
> line option:  --no-warn-execstack  or a build-time configure option:
> --enable-warn-execstack=no.
--no-warn-execstack doesn't suppress all the warnings:

dave@mx3210:~/shmat$ gcc main.c -Wl,--no-warn-execstack
/usr/bin/ld: warning: a.out has a LOAD segment with RWX permissions

>
>
> Is this sufficient ?  We could change the configuration option so that it
> defaults to disabling the warnings if the target is the HPPA, but I would
> prefer not to do that, as it means that a potential security vulnerability will
> be ignored by default.
There is no way to fix the issue on hpux.  On linux, I believe the warning causes issues
with some debian package builds.  For example, it looks like a recent build of akonadi
failed due to the warning:

[  0%] Linking CXX shared library ../../bin/sqldrivers/libqsqlite3.so
cd /<<PKGBUILDDIR>>/obj-hppa-linux-gnu/src/qsqlite && /usr/bin/cmake -E cmake_link_script CMakeFiles/qsqlite3.dir/link.txt --verbose=1
/usr/bin/c++ -fPIC -g -O2 -ffile-prefix-map=/<<PKGBUILDDIR>>=. -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 
-fno-operator-names -fno-exceptions -Wall -Wextra -Wcast-align -Wchar-subscripts -Wformat-security -Wno-long-long -Wpointer-arith -Wundef 
-Wnon-virtual-dtor -Woverloaded-virtual -Werror=return-type -Werror=init-self -Wvla -Wdate-time -Wsuggest-override -Wlogical-op -pedantic 
-Wzero-as-null-pointer-constant -Wmissing-include-dirs -Wnon-virtual-dtor -Wundef -Wcast-align -Wchar-subscripts -Wall -Wextra -Wpointer-arith 
-Wformat-security -fno-common -pedantic -Wno-deprecated-copy -fexceptions -Wl,--no-undefined -Wl,--fatal-warnings -Wl,--enable-new-dtags  
-shared -Wl,-soname,libqsqlite3.so -o ../../bin/sqldrivers/libqsqlite3.so CMakeFiles/qsqlite3.dir/qsqlite3_autogen/mocs_compilation.cpp.o 
CMakeFiles/qsqlite3.dir/src/sqlite_blocking.cpp.o CMakeFiles/qsqlite3.dir/src/qsql_sqlite.cpp.o CMakeFiles/qsqlite3.dir/src/smain.cpp.o 
/usr/lib/hppa-linux-gnu/libQt5Sql.so.5.15.4 /usr/lib/hppa-linux-gnu/libsqlite3.so /usr/lib/hppa-linux-gnu/libQt5Core.so.5.15.4
/usr/bin/ld: warning: /usr/lib/gcc/hppa-linux-gnu/11/../../../hppa-linux-gnu/crtn.o: missing .note.GNU-stack section implies executable stack
/usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
/usr/bin/ld: warning: ../../bin/sqldrivers/libqsqlite3.so has a LOAD segment with RWX permissions
collect2: error: ld returned 1 exit status
make[3]: *** [src/qsqlite/CMakeFiles/qsqlite3.dir/build.make:149: bin/sqldrivers/libqsqlite3.so] Error 1

What is best way to transition without causing a lot of disruption?

Regards,
Dave
Comment 4 Hans-Peter Nilsson 2022-06-20 15:39:25 UTC
(In reply to dave.anglin from comment #3)
 
> dave@mx3210:~/shmat$ gcc main.c -Wl,--no-warn-execstack
> /usr/bin/ld: warning: a.out has a LOAD segment with RWX permissions

That's a different warning altogether, unfortunately easy to conflate with the executable-stack thing.  See commit 45beb34c7dcf
for the simplest way to disable it for your target.
Comment 5 Hans-Peter Nilsson 2022-06-20 15:42:51 UTC
But I should add: I'd suggest to inspect whatever goes on with the linker script; a "hosted" target reasonably shouldn't get data and code segments mixed.  Maybe there's something to adjust there to make the warning go away for the "right" reason.
Comment 6 Nick Clifton 2022-06-20 16:37:42 UTC
(In reply to dave.anglin from comment #3)
Hi Dave,
 
> Unfortunately, this doesn't happen on hppa-linux because we have:
> 
> /* It's not possible to enable GNU_stack notes since the kernel needs
>     an executable stack for signal returns and syscall restarts.  */
> 
> #undef NEED_INDICATE_EXEC_STACK
> #define NEED_INDICATE_EXEC_STACK 0

> I can't just enable the generation of GNU_stack notes since old kernels are
> still prevalent.

OK, so if you need to support older kernels, then is it possible for you to use the configure option  --enable-warn-execstack=no instead ?

 
> --no-warn-execstack doesn't suppress all the warnings:
> 
> dave@mx3210:~/shmat$ gcc main.c -Wl,--no-warn-execstack
> /usr/bin/ld: warning: a.out has a LOAD segment with RWX permissions

That warning can be disabled with --no-warn-rwx-segments and disabled by configuring with --enable-warn-rwx-segments=no


> What is best way to transition without causing a lot of disruption?

How about a patch like the one I am about to upload ?  It sets the defaults for these two warnings to 'ignore' for HPPA targets.  (I do not know if it is possible to determine the kernel version from the configuration string, so the patch changes the default for all HPPA variants).
Comment 7 Nick Clifton 2022-06-20 16:38:20 UTC
Created attachment 14152 [details]
Proposed Patch
Comment 8 dave.anglin 2022-06-20 16:53:30 UTC
On 2022-06-20 11:42 a.m., hp at sourceware dot org wrote:
> But I should add: I'd suggest to inspect whatever goes on with the linker
> script; a "hosted" target reasonably shouldn't get data and code segments
> mixed.  Maybe there's something to adjust there to make the warning go away for
> the "right" reason.
Thanks H.P. for the hint.

The problem is the .plt and the implementation of dynamic binding. For that, the PLT
needs to be executable.

Dave
Comment 9 dave.anglin 2022-06-20 17:04:46 UTC
On 2022-06-20 12:37 p.m., nickc at redhat dot com wrote:
>> What is best way to transition without causing a lot of disruption?
> How about a patch like the one I am about to upload ?  It sets the defaults for
> these two warnings to 'ignore' for HPPA targets.  (I do not know if it is
> possible to determine the kernel version from the configuration string, so the
> patch changes the default for all HPPA variants).
Sounds like the best option for now.

Thanks,
Dave
Comment 10 dave.anglin 2022-06-20 17:13:18 UTC
On 2022-06-20 12:38 p.m., nickc at redhat dot com wrote:
> https://sourceware.org/bugzilla/show_bug.cgi?id=29263
>
> --- Comment #7 from Nick Clifton <nickc at redhat dot com> ---
> Created attachment 14152 [details]
>    --> https://sourceware.org/bugzilla/attachment.cgi?id=14152&action=edit
> Proposed Patch
>
I believe the RWX warning comes from the second LOAD segment.  It needs to be executable
because of trampoline at the end of the PLT.  Maybe second comment in patch could be adjusted.

dave@mx3210:~/shmat$ readelf -a a.out
   Version:                           0x1
   Entry point address:               0x10334
   Start of program headers:          52 (bytes into file)
   Start of section headers:          6804 (bytes into file)
   Flags:                             0x210, PA-RISC 1.1
   Size of this header:               52 (bytes)
   Size of program headers:           32 (bytes)
   Number of program headers:         7
   Size of section headers:           40 (bytes)
   Number of section headers:         30
   Section header string table index: 29

Section Headers:
   [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
   [ 0]                   NULL            00000000 000000 000000 00      0   0  0
   [ 1] .interp           PROGBITS        00010114 000114 00000d 00   A  0   0  1
   [ 2] .note.gnu.bu[...] NOTE            00010124 000124 000024 00   A  0   0  4
   [ 3] .note.ABI-tag     NOTE            00010148 000148 000020 00   A  0   0  4
   [ 4] .hash             HASH            00010168 000168 00002c 04   A  6   0  4
   [ 5] .gnu.hash         GNU_HASH        00010194 000194 000020 04   A  6   0  4
   [ 6] .dynsym           DYNSYM          000101b4 0001b4 000060 10   A  7   1  4
   [ 7] .dynstr           STRTAB          00010214 000214 000082 00   A  0   0  1
   [ 8] .gnu.version      VERSYM          00010296 000296 00000c 02   A  6   0  2
   [ 9] .gnu.version_r    VERNEED         000102a4 0002a4 000020 00   A  7   1  4
   [10] .rela.plt         RELA            000102c4 0002c4 000030 0c  AI  6  23  4
   [11] .init             PROGBITS        000102f4 0002f4 00002c 00  AX  0   0  4
   [12] .text             PROGBITS        00010320 000320 0004e0 00  AX  0   0  4
   [13] .fini             PROGBITS        00010800 000800 000028 00  AX  0   0  4
   [14] .rodata           PROGBITS        00010828 000828 00001c 00   A  0   0  4
   [15] .PARISC.unwind    PROGBITS        00010844 000844 000100 04  AI  0  12  4
   [16] .eh_frame         PROGBITS        00010944 000944 000004 00   A  0   0  4
   [17] .init_array       INIT_ARRAY      00011000 001000 000004 04  WA  0   0  1
   [18] .ctors            PROGBITS        00011004 001004 000008 00  WA  0   0  4
   [19] .dtors            PROGBITS        0001100c 00100c 000008 00  WA  0   0  4
   [20] .data.rel.ro      PROGBITS        00011014 001014 000004 00  WA  0   0  4
   [21] .dynamic          DYNAMIC         00011018 001018 0000c8 08  WA  7   0  4
   [22] .data             PROGBITS        000110e0 0010e0 000008 00  WA  0   0  4
   [23] .plt              PROGBITS        000110e8 0010e8 00005c 00 WAX  0   0  8
   [24] .got              PROGBITS        00011144 001144 00001c 04  WA  0   0  4
   [25] .bss              NOBITS          00011160 001160 000010 00  WA  0   0  4
   [26] .comment          PROGBITS        00000000 001160 00001e 01  MS  0   0  1
   [27] .symtab           SYMTAB          00000000 001180 000570 10     28  65  4
   [28] .strtab           STRTAB          00000000 0016f0 0002a1 00      0   0  1
   [29] .shstrtab         STRTAB          00000000 001991 000100 00      0   0  1
Key to Flags:
   W (write), A (alloc), X (execute), M (merge), S (strings), I (info),
   L (link order), O (extra OS processing required), G (group), T (TLS),
   C (compressed), x (unknown), o (OS specific), E (exclude),
   R (retain), D (mbind), p (processor specific)

There are no section groups in this file.

Program Headers:
   Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz Flg Align
   PHDR           0x000034 0x00010034 0x00010034 0x000e0 0x000e0 R   0x4
   INTERP         0x000114 0x00010114 0x00010114 0x0000d 0x0000d R   0x1
       [Requesting program interpreter: /lib/ld.so.1]
   LOAD           0x000000 0x00010000 0x00010000 0x00948 0x00948 R E 0x1000
   LOAD           0x001000 0x00011000 0x00011000 0x00160 0x00170 RWE 0x1000
   DYNAMIC        0x001018 0x00011018 0x00011018 0x000c8 0x000c8 RW  0x4
   NOTE           0x000124 0x00010124 0x00010124 0x00044 0x00044 R   0x4
   GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x10

Dave
Comment 11 cvs-commit@gcc.gnu.org 2022-06-21 10:24:06 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=acd65fa610df09a0954b8fecdadf546215263c5d

commit acd65fa610df09a0954b8fecdadf546215263c5d
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Jun 21 11:22:38 2022 +0100

    Default to disabling the linker warnings about execstack and RWX segments if the target is the HPPA architecture.
    
            PR 29263
            * configure.ac (ac_default_ld_warn_execstack): Default to 'no' for
            HPPA targets.
            (ac_default_ld_warn_rwx_segments): Likewise.
            * configure: Regenerate.
            * testsuite/ld-elf/elf.exp: Add the --warn-execstack command line
            option to the command line when running execstack tests for the
            HPPA target.
Comment 12 Nick Clifton 2022-06-21 10:25:33 UTC
Patch applied.  (Plus a tweak for the linker test that checks the execstack warning).
Comment 13 cvs-commit@gcc.gnu.org 2022-06-27 10:39:59 UTC
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ed1c7ad8e31a2cfca1d8c8c898ee7cde6ae340ca

commit ed1c7ad8e31a2cfca1d8c8c898ee7cde6ae340ca
Author: Nick Clifton <nickc@redhat.com>
Date:   Mon Jun 27 11:39:27 2022 +0100

    Disable execstack and rwx segments warnings for MIPS targets.
    
            PR 29263
            * configure.ac: Move HPPA specific code from here...
            * configure.tgt: ... to here.  Add similar code for MIPS.
            Move code for CRIS, MIPS and HPPA to block at start of file.
            * configure: Regenerate.
Comment 14 cvs-commit@gcc.gnu.org 2022-06-28 01:04:09 UTC
The master branch has been updated by Alan Modra <amodra@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bddb52eb97bbfd70f95447810f69c803b01e7b7

commit 8bddb52eb97bbfd70f95447810f69c803b01e7b7
Author: Alan Modra <amodra@gmail.com>
Date:   Mon Jun 27 20:39:09 2022 +0930

    Re: Disable execstack and rwx segments warnings for MIPS targets.
    
            PR 29263
            * configure.ac: Fix typo.
            * testsuite/ld-elf/elf.exp: Add mips to targets that need
            --warn-execstack to pass first pr29072 test.