With recent binutils, the following warning appears:
VDSO32L arch/powerpc/kernel/vdso/vdso32.so.dbg
/opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: warning: arch/powerpc/kernel/vdso/getcpu-32.o: missing .note.GNU-stack section implies executable stack
/opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
To avoid that, explicitely tell the linker we don't
want executable stack.
For more explanations, see commit ffcf9c5700e4 ("x86: link vdso
and boot with -z noexecstack --no-warn-rwx-segments")
Signed-off-by: Christophe Leroy <[email protected]>
---
v2: Removed unrelated change in arch/powerpc/kernel/Makefile
---
arch/powerpc/kernel/vdso/Makefile | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile
index 096b0bf1335f..a2e7b0ce5b19 100644
--- a/arch/powerpc/kernel/vdso/Makefile
+++ b/arch/powerpc/kernel/vdso/Makefile
@@ -92,13 +92,13 @@ include/generated/vdso64-offsets.h: $(obj)/vdso64.so.dbg FORCE
# actual build commands
quiet_cmd_vdso32ld_and_check = VDSO32L $@
- cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
+ cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
quiet_cmd_vdso32as = VDSO32A $@
cmd_vdso32as = $(VDSOCC) $(a_flags) $(CC32FLAGS) $(AS32FLAGS) -c -o $@ $<
quiet_cmd_vdso32cc = VDSO32C $@
cmd_vdso32cc = $(VDSOCC) $(c_flags) $(CC32FLAGS) -c -o $@ $<
quiet_cmd_vdso64ld_and_check = VDSO64L $@
- cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
+ cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
quiet_cmd_vdso64as = VDSO64A $@
cmd_vdso64as = $(VDSOCC) $(a_flags) $(CC64FLAGS) $(AS64FLAGS) -c -o $@ $<
--
2.37.1
On Sat Sep 3, 2022 at 1:25 AM AEST, Christophe Leroy wrote:
> With recent binutils, the following warning appears:
>
> VDSO32L arch/powerpc/kernel/vdso/vdso32.so.dbg
> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: warning: arch/powerpc/kernel/vdso/getcpu-32.o: missing .note.GNU-stack section implies executable stack
> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
>
> To avoid that, explicitely tell the linker we don't
> want executable stack.
>
> For more explanations, see commit ffcf9c5700e4 ("x86: link vdso
> and boot with -z noexecstack --no-warn-rwx-segments")
>
> Signed-off-by: Christophe Leroy <[email protected]>
> ---
> v2: Removed unrelated change in arch/powerpc/kernel/Makefile
Seems okay. Here too, commit 0d362be5b1420 ("Makefile: link with -z
noexecstack --no-warn-rwx-segments"). Core and x86 are using
no-warn-rwx-segments as well, should we have that just to match
too?
Reviewed-by: Nicholas Piggin <[email protected]>
> ---
> arch/powerpc/kernel/vdso/Makefile | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile
> index 096b0bf1335f..a2e7b0ce5b19 100644
> --- a/arch/powerpc/kernel/vdso/Makefile
> +++ b/arch/powerpc/kernel/vdso/Makefile
> @@ -92,13 +92,13 @@ include/generated/vdso64-offsets.h: $(obj)/vdso64.so.dbg FORCE
>
> # actual build commands
> quiet_cmd_vdso32ld_and_check = VDSO32L $@
> - cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
> + cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
> quiet_cmd_vdso32as = VDSO32A $@
> cmd_vdso32as = $(VDSOCC) $(a_flags) $(CC32FLAGS) $(AS32FLAGS) -c -o $@ $<
> quiet_cmd_vdso32cc = VDSO32C $@
> cmd_vdso32cc = $(VDSOCC) $(c_flags) $(CC32FLAGS) -c -o $@ $<
>
> quiet_cmd_vdso64ld_and_check = VDSO64L $@
> - cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
> + cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
> quiet_cmd_vdso64as = VDSO64A $@
> cmd_vdso64as = $(VDSOCC) $(a_flags) $(CC64FLAGS) $(AS64FLAGS) -c -o $@ $<
> --
> 2.37.1
Le 07/09/2022 à 06:36, Nicholas Piggin a écrit :
> On Sat Sep 3, 2022 at 1:25 AM AEST, Christophe Leroy wrote:
>> With recent binutils, the following warning appears:
>>
>> VDSO32L arch/powerpc/kernel/vdso/vdso32.so.dbg
>> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: warning: arch/powerpc/kernel/vdso/getcpu-32.o: missing .note.GNU-stack section implies executable stack
>> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
>>
>> To avoid that, explicitely tell the linker we don't
>> want executable stack.
>>
>> For more explanations, see commit ffcf9c5700e4 ("x86: link vdso
>> and boot with -z noexecstack --no-warn-rwx-segments")
>>
>> Signed-off-by: Christophe Leroy <[email protected]>
>> ---
>> v2: Removed unrelated change in arch/powerpc/kernel/Makefile
>
> Seems okay. Here too, commit 0d362be5b1420 ("Makefile: link with -z
> noexecstack --no-warn-rwx-segments"). Core and x86 are using
> no-warn-rwx-segments as well, should we have that just to match
> too?
I think the RWX segment stuff in unrelated to VDSO. For VDSO x86 only
does noexecstack, refer commit ffcf9c5700e4 ("x86: link vdso and boot
with -z noexecstack --no-warn-rwx-segments")
And as no-warn-rwx-segments is in the top level Makefile, I don't think
architectures need it, do they ?
x86 have it only in arch/x86/boot/compressed/Makefile, maybe powerpc
needs it in arch/powerpc/boot/ ? Anyway that would be another patch.
Christophe
>
> Reviewed-by: Nicholas Piggin <[email protected]>
>
>> ---
>> arch/powerpc/kernel/vdso/Makefile | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/powerpc/kernel/vdso/Makefile b/arch/powerpc/kernel/vdso/Makefile
>> index 096b0bf1335f..a2e7b0ce5b19 100644
>> --- a/arch/powerpc/kernel/vdso/Makefile
>> +++ b/arch/powerpc/kernel/vdso/Makefile
>> @@ -92,13 +92,13 @@ include/generated/vdso64-offsets.h: $(obj)/vdso64.so.dbg FORCE
>>
>> # actual build commands
>> quiet_cmd_vdso32ld_and_check = VDSO32L $@
>> - cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
>> + cmd_vdso32ld_and_check = $(VDSOCC) $(c_flags) $(CC32FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
>> quiet_cmd_vdso32as = VDSO32A $@
>> cmd_vdso32as = $(VDSOCC) $(a_flags) $(CC32FLAGS) $(AS32FLAGS) -c -o $@ $<
>> quiet_cmd_vdso32cc = VDSO32C $@
>> cmd_vdso32cc = $(VDSOCC) $(c_flags) $(CC32FLAGS) -c -o $@ $<
>>
>> quiet_cmd_vdso64ld_and_check = VDSO64L $@
>> - cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) ; $(cmd_vdso_check)
>> + cmd_vdso64ld_and_check = $(VDSOCC) $(c_flags) $(CC64FLAGS) -o $@ -Wl,-T$(filter %.lds,$^) $(filter %.o,$^) -z noexecstack ; $(cmd_vdso_check)
>> quiet_cmd_vdso64as = VDSO64A $@
>> cmd_vdso64as = $(VDSOCC) $(a_flags) $(CC64FLAGS) $(AS64FLAGS) -c -o $@ $<
>> --
>> 2.37.1
>
On Fri, 2 Sep 2022 17:25:24 +0200, Christophe Leroy wrote:
> With recent binutils, the following warning appears:
>
> VDSO32L arch/powerpc/kernel/vdso/vdso32.so.dbg
> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: warning: arch/powerpc/kernel/vdso/getcpu-32.o: missing .note.GNU-stack section implies executable stack
> /opt/gcc-12.2.0-nolibc/powerpc64-linux/bin/../lib/gcc/powerpc64-linux/12.2.0/../../../../powerpc64-linux/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
>
> To avoid that, explicitely tell the linker we don't
> want executable stack.
>
> [...]
Applied to powerpc/next.
[1/1] powerpc/vdso: link with -z noexecstack
https://git.kernel.org/powerpc/c/1d53c0192b15f42129a3dbbbfa05637bcf781a3e
cheers