[PATCH 2/2] treewide: use non-executable stack annotations for blobs

Ahmad Fatoum ahmad at a3f.at
Mon Apr 24 04:55:48 PDT 2023 

We are building the non-sandbox platforms with -z noexecstack, because
the ELF section attributes don't matter. This is different for sandbox,
where we compile assembly files directly only for embedding blobs.
This currently yields a build warning:

  binutils-2.39/bin/ld: warning: defaultenv/defaultenv-2-reboot-mode.bbenv.gz.o:
          missing .note.GNU-stack section implies executable stack
  binutils-2.39/bin/ld: NOTE: This behaviour is deprecated and will be removed
          in a future version of the linker

Let's add the non-executable stack annotations, so sandbox may run with
non-executable stack. This way we are left with a single linker
warning that needs to be resolved:

   binutils-2.39/bin/ld: warning: barebox has a LOAD segment with RWX permissions

Signed-off-by: Ahmad Fatoum <ahmad at a3f.at>
---
 lib/logo/Makefile    | 1 +
 scripts/Makefile.lib | 2 ++
 scripts/gen-dtb-s    | 1 +
 scripts/gen-dtbo-s   | 1 +
 4 files changed, 5 insertions(+)

diff --git a/lib/logo/Makefile b/lib/logo/Makefile
index 382701fb365c..9c14105e88bf 100644
--- a/lib/logo/Makefile
+++ b/lib/logo/Makefile
@@ -26,6 +26,7 @@ quiet_cmd_logo_S = LOGO.S  $@
 cmd_logo_S =							\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.section .bblogo.rodata.$(subst -,_,$(*F)),"a"';	\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global __bblogo_$(subst -,_,$(*F))_start';	\
diff --git a/scripts/Makefile.lib b/scripts/Makefile.lib
index 51beff56aeb8..90cfa579e5d5 100644
--- a/scripts/Makefile.lib
+++ b/scripts/Makefile.lib
@@ -391,6 +391,7 @@ quiet_cmd_env_S = ENV.S   $@
 cmd_env_S =							\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.section .bbenv.rodata.$(subst -,_,$(*F)),"a"';	\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global __bbenv_$(subst -,_,$(*F))_start';	\
@@ -540,6 +541,7 @@ quiet_cmd_imximage__S_dcd= DCD_S   $@
 cmd_imximage_S_dcd=						\
 (								\
 	echo '\#include <asm/barebox.lds.h>';			\
+	echo '.section .note.GNU-stack,"",%progbits';		\
 	echo '.balign STRUCT_ALIGNMENT';			\
 	echo '.global $(subst -,_,$(*F))_start';		\
 	echo '$(subst -,_,$(*F))_start:';			\
diff --git a/scripts/gen-dtb-s b/scripts/gen-dtb-s
index f6fa1525933e..d6fbdd5aaf8a 100755
--- a/scripts/gen-dtb-s
+++ b/scripts/gen-dtb-s
@@ -6,6 +6,7 @@ imd=$3
 
 echo "#include <asm/barebox.lds.h>"
 echo "#include <asm-generic/pointer.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
 
 le32() {
 	printf ".byte 0x%02x, 0x%02x, 0x%02x, 0x%02x\n" \
diff --git a/scripts/gen-dtbo-s b/scripts/gen-dtbo-s
index 06f78609ed28..a7e272a0890d 100755
--- a/scripts/gen-dtbo-s
+++ b/scripts/gen-dtbo-s
@@ -4,6 +4,7 @@ name=$1
 dtbo=$2
 
 echo "#include <asm/barebox.lds.h>"
+echo ".section .note.GNU-stack,\"\",%progbits"
 
 echo ".section .dtb.rodata.${name}_dtbo,\"a\""
 echo ".balign STRUCT_ALIGNMENT"
-- 
2.38.4

More information about the barebox mailing list