[PATCH v2] ld: Turn on --error-execstack/--error-rwx-segments

Jan Beulich jbeulich@suse.com
Mon Jan 29 14:03:43 GMT 2024 

On 29.01.2024 14:03, H.J. Lu wrote:
> On Sun, Jan 28, 2024 at 11:30 PM Jan Beulich <jbeulich@suse.com> wrote:
>>
>> On 26.01.2024 22:45, H.J. Lu wrote:
>>> --- a/ld/lexsup.c
>>> +++ b/ld/lexsup.c
>>> @@ -1947,6 +1947,17 @@ parse_args (unsigned argc, char **argv)
>>>        && command_line.check_section_addresses < 0)
>>>      command_line.check_section_addresses = 0;
>>>
>>> +  /* Override --no-error-execstack and --no-warn-execstack and turn on
>>> +     --error-execstack for --warn-execstack and --error-rwx-segments for
>>> +     --warn-rwx-segments if --fatal-warnings is used.  */
>>> +  if (config.fatal_warnings)
>>> +    {
>>> +      if (link_info.warn_execstack)
>>> +     link_info.error_execstack = 1;
>>> +      if (!link_info.no_warn_rwx_segments)
>>> +     link_info.warn_is_error_for_rwx_segments = 1;
>>> +    }
>>> +
>>>    if (export_list)
>>>      {
>>>        struct bfd_elf_version_expr *head = export_list->head.list;
>>
>> If I'm not mistaken and if the comment is properly describing things,
>> this placement of the addition means --no-* last on the command line
>> wouldn't be honored anymore, when later arguments ought to override
>> earlier ones.
>>
> 
> Before my change, we got
> 
> [hjl@gnu-cfl-3 ld]$ touch x.s
> [hjl@gnu-cfl-3 ld]$ gcc -c x.s
> [hjl@gnu-cfl-3 ld]$ ld -shared -z stack-size=0x123400 --fatal-warnings
> --warn-execstack --no-error-execstack  x.o
> ld: warning: x.o: missing .note.GNU-stack section implies executable stack
> ld: NOTE: This behaviour is deprecated and will be removed in a future
> version of the linker
> [hjl@gnu-cfl-3 ld]$ echo $?
> 1
> 
> The warning is misleading since --fatal-warnings IS position independent
> and is always fatal for ANY warning.  My patch changes it to
> 
> [hjl@gnu-cfl-3 ld]$ ./ld-new -shared -z stack-size=0x123400
> --fatal-warnings --warn-execstack --no-error-execstack  x.o
> ./ld-new: error: x.o: is triggering the generation of an executable
> stack because it does not have a .note.GNU-stack section
> ./ld-new: failed to set dynamic section sizes: file format not recognized
> [hjl@gnu-cfl-3 ld]$
> 
> Any other comments to my patch?

Well. To me, it is ambiguous what "--fatal-warnings --warn-execstack
--no-error-execstack" actually is intended to mean (and that's regardless
of --fatal-warnings position on the command line). One way of
interpreting is your way. The other is to say that --no-error-execstack
means "no error for anything related to executable stacks", i.e.
--fatal-warnings not affecting the overall result (when there are no
other warnings).

Jan

More information about the Binutils mailing list