Bug 29411 - ld warning on SPARC: LOAD segment with RWX permissions
Summary: ld warning on SPARC: LOAD segment with RWX permissions
Status: RESOLVED FIXED
Alias: None
Product: binutils
Classification: Unclassified
Component: ld (show other bugs)
Version: 2.39
: P2 normal
Target Milestone: 2.39
Assignee: Rainer Orth
URL: https://sourceware.org/pipermail/binu...
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-26 12:04 UTC by Rainer Orth
Modified: 2023-07-30 16:43 UTC (History)
3 users (show)

See Also:
Host: sparcv9-sun-solaris2.11, sparc64-sun-linux-gnu
Target: sparcv9-sun-solaris2.11, sparc64-sun-linux-gnu
Build: sparcv9-sun-solaris2.11, sparc64-sun-linux-gnu
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Rainer Orth 2022-07-26 12:04:33 UTC 
When trying to build LLVM main on Debian/sparc64, I saw lots of warnings:

/usr/bin/ld: warning: bin/llvm-readobj has a LOAD segment with RWX permissions

/usr/bin/ld is

GNU ld (GNU Binutils for Debian) 2.38.50.20220707

However, the same issue exists on Solaris 11/SPARC.

AFAICS, this happens as follows (taking the Solaris example):

$ readelf -l /lib/libc.so.1
[...]
Program Headers:
  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align
  PT_SUNWCAP     0x0000f4 0x000000f4 0x00000000 0x001a0 0x001a0 R   0x4
  LOAD           0x000000 0x00000000 0x00000000 0x213913 0x213913 R E 0x10000
  LOAD           0x214000 0x00224000 0x00000000 0x0b9b8 0x11124 RWE 0x10000
[...]
 Section to Segment mapping:
  Segment Sections...
   00     .SUNW_cap 
   01     .SUNW_cap .SUNW_capinfo .SUNW_capchain .dynamic .SUNW_syminfo .hash .SUNW_ldynsym .dynsym .dynstr .SUNW_version .SUNW_versym .SUNW_dynsymsort .SUNW_dyntlssort .SUNW_dynsymnsort .SUNW_phname .SUNW_reloc .rela.plt .rodata .rodata1 .text .init .fini .SUNW_dof 
   02     .got .plt .data .picdata .bss 

Looking at the sections in segment 02, I find only one that is RWE:

$ readelf -S /lib/libc.so.1
[...]Section Headers:
  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al
[...]
  [25] .plt              PROGBITS        00224ca0 214ca0 0002a4 0c WAX  0   0  4

However, this is exactly as prescribed by the respective psABIs:

* 32-bit SPARC:

  SYSTEM V APPLICATION BINARY INTERFACE SPARC Processor Supplement, Third Edition
  p. 5-5 - 5-8, Procedure Linkage Table

* 64-bit SPARC V9:

  SPARC COMPLIANCE DEFINITION 2.4.1
  p. 5P-4 - 5P-8, Procedure Linkage Table

I have no idea what to do here, but warning about ABI-compliant binaries seems
strange.
Comment 1 Sourceware Commits 2022-07-26 13:26:07 UTC 
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=91896b4d6a7d312e850094eaaa5b965a9e3dc39b

commit 91896b4d6a7d312e850094eaaa5b965a9e3dc39b
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Jul 26 14:25:33 2022 +0100

    Stop the linker from complaining about RWX segments in sparc-solaris targets.
    
            PR 29411
            * configure.tgt (ac_default_ld_warn_rwx_segments): Disable for
            sparc-solaris configurations.
Comment 2 Nick Clifton 2022-07-26 13:30:26 UTC 
Hi Rainer,

  The warning is intended to alter users to the fact that a segment has been created with all three permission flags set - something that is very tempting to attackers looking to inject code into a binary.

  Disabling the warning for specific target configurations is possible however.  There is a section of code at the start of ld/configure.tgt to do this.  

  I have gone ahead and added the sparc-solaris targets to the list of targets for which the warning should be supressed by default.  (It can still be enabled via a command line option, if the user so desires).

Cheers
  Nick
Comment 3 Sourceware Commits 2022-07-26 13:31:58 UTC 
The binutils-2_39-branch branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=41b6fc466ce51f094c53b60f767cd000c41d4c2d

commit 41b6fc466ce51f094c53b60f767cd000c41d4c2d
Author: Nick Clifton <nickc@redhat.com>
Date:   Tue Jul 26 14:31:13 2022 +0100

    Stop the linker from complaining about RWX segments on sparc-solaris targets.
    
            PR 29411
            * configure.tgt (ac_default_ld_warn_rwx_segments): Disable for
            sparc-solaris configurations.
Comment 4 Rainer Orth 2022-07-26 13:38:22 UTC 
> --- Comment #2 from Nick Clifton <nickc at redhat dot com> ---
> Hi Rainer,
>
>   The warning is intended to alter users to the fact that a segment has been
> created with all three permission flags set - something that is very tempting
> to attackers looking to inject code into a binary.
>
>   Disabling the warning for specific target configurations is possible however.
>  There is a section of code at the start of ld/configure.tgt to do this.  
>
>   I have gone ahead and added the sparc-solaris targets to the list of targets
> for which the warning should be supressed by default.  (It can still be enabled
> via a command line option, if the user so desires).

I missed this, although I saw the initial discussion about this warning
fly by.  However, this is not a Solaris/SPARC-only issue: I first saw it
on Linux/sparc64.  Given the SPARC and SPARC V9 psABIs, I guess it
affects at least all SPARC/ELF targets (if not SPARC in general).

Thanks.
        Rainer
Comment 5 Nick Clifton 2022-07-26 13:52:45 UTC 
(In reply to Rainer Orth from comment #4)
 
> I missed this, although I saw the initial discussion about this warning
> fly by.  However, this is not a Solaris/SPARC-only issue: I first saw it
> on Linux/sparc64.  Given the SPARC and SPARC V9 psABIs, I guess it
> affects at least all SPARC/ELF targets (if not SPARC in general).

Ah - I missed this.  Would you mind applying a small patch on top of mine then, that tweaks the regexp for sparc targets ?  (I am just a little bit swamped at the moment.  I have come back from PTO to find 19,756 emails waiting for me...)
Comment 6 Rainer Orth 2022-07-26 13:56:48 UTC 
> --- Comment #5 from Nick Clifton <nickc at redhat dot com> ---
> (In reply to Rainer Orth from comment #4)
>
>> I missed this, although I saw the initial discussion about this warning
>> fly by.  However, this is not a Solaris/SPARC-only issue: I first saw it
>> on Linux/sparc64.  Given the SPARC and SPARC V9 psABIs, I guess it
>> affects at least all SPARC/ELF targets (if not SPARC in general).
>
> Ah - I missed this.  Would you mind applying a small patch on top of mine then,
> that tweaks the regexp for sparc targets ?  (I am just a little bit swamped at
> the moment.  I have come back from PTO to find 19,756 emails waiting for me...)

Sure.  I'll check if we want this for all SPARC targets or restrict to
some subset (ELF) somehow.
Comment 7 Rainer Orth 2022-07-28 14:12:59 UTC 
> --- Comment #6 from Rainer Orth <ro at CeBiTec dot Uni-Bielefeld.DE> ---
>> --- Comment #5 from Nick Clifton <nickc at redhat dot com> ---
>> (In reply to Rainer Orth from comment #4)
>>
>>> I missed this, although I saw the initial discussion about this warning
>>> fly by.  However, this is not a Solaris/SPARC-only issue: I first saw it
>>> on Linux/sparc64.  Given the SPARC and SPARC V9 psABIs, I guess it
>>> affects at least all SPARC/ELF targets (if not SPARC in general).
>>
>> Ah - I missed this.  Would you mind applying a small patch on top of mine then,
>> that tweaks the regexp for sparc targets ?  (I am just a little bit swamped at
>> the moment.  I have come back from PTO to find 19,756 emails waiting for me...)
>
> Sure.  I'll check if we want this for all SPARC targets or restrict to
> some subset (ELF) somehow.

Patch posted: https://sourceware.org/pipermail/binutils/2022-July/122057.html
Comment 8 Sourceware Commits 2022-07-29 07:05:42 UTC 
The binutils-2_39-branch branch has been updated by Rainer Orth <ro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4b596a7719bfa1bcb8781f59faba66a20c4ab2da

commit 4b596a7719bfa1bcb8781f59faba66a20c4ab2da
Author: Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
Date:   Fri Jul 29 09:04:59 2022 +0200

    ld: Extend ac_default_ld_warn_rwx_segments to all SPARC targets [PR29411]
    
    As discussed in PR ld/29411, the ld warning
    
            [...] has a LOAD segment with RWX permissions
    
    needs to be disabled on all SPARC targets, not just Solaris/SPARC: the
    .plt section is required to be RWX by the 32-bit SPARC ELF psABI and the
    64-bit SPARC Compliance Definition 2.4.1.  Given that ld only supports
    SPARC ELF targets, this patch implements this.
    
    Tested on sparc64-unknown-linux-gnu and sparc-sun-solaris2.11.
    
    2022-07-28  Rainer Orth  <ro@CeBiTec.Uni-Bielefeld.DE>
    
            ld:
            PR ld/29411
            * configure.tgt (ac_default_ld_warn_rwx_segments): Extend to all
            sparc targets.  Expand comment.
Comment 9 Sourceware Commits 2022-07-29 07:07:03 UTC 
The master branch has been updated by Rainer Orth <ro@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b80b72c06c29d257b60b4002bd9d6c40dec94ec9

commit b80b72c06c29d257b60b4002bd9d6c40dec94ec9
Author: Rainer Orth <ro@CeBiTec.Uni-Bielefeld.DE>
Date:   Fri Jul 29 09:06:40 2022 +0200

    ld: Extend ac_default_ld_warn_rwx_segments to all SPARC targets [PR29411]
    
    As discussed in PR ld/29411, the ld warning
    
            [...] has a LOAD segment with RWX permissions
    
    needs to be disabled on all SPARC targets, not just Solaris/SPARC: the
    .plt section is required to be RWX by the 32-bit SPARC ELF psABI and the
    64-bit SPARC Compliance Definition 2.4.1.  Given that ld only supports
    SPARC ELF targets, this patch implements this.
    
    Tested on sparc64-unknown-linux-gnu and sparc-sun-solaris2.11.
    
    2022-07-28  Rainer Orth  <ro@CeBiTec.Uni-Bielefeld.DE>
    
            ld:
            PR ld/29411
            * configure.tgt (ac_default_ld_warn_rwx_segments): Extend to all
            sparc targets.  Expand comment.
Comment 10 Rainer Orth 2022-07-29 07:14:30 UTC 
Fully fixed for binutils 2.39.