diff options
| author | Nick Clifton <nickc@redhat.com> | 2023-11-10 11:37:27 +0000 |
|---|---|---|
| committer | Nick Clifton <nickc@redhat.com> | 2023-11-10 11:37:27 +0000 |
| commit | e922d1eaa3774a68c96eae01e0fd08f8a30cda8c (patch) | |
| tree | 6d9c2ebe96dd8c440f848518bd2d087045de52ed /bfd | |
| parent | a73c0d9b228cb11d4dd9c045c692229ff6b7b06a (diff) | |
| download | gdb-e922d1eaa3774a68c96eae01e0fd08f8a30cda8c.zip gdb-e922d1eaa3774a68c96eae01e0fd08f8a30cda8c.tar.gz gdb-e922d1eaa3774a68c96eae01e0fd08f8a30cda8c.tar.bz2 | |
Add ability to change linker warning messages into errors when reporting executable stacks and/or executable segments.
include
* bfdlink.h (struct bfd_link_info): Update descriptions of the 'execstack', 'noexecstack' and 'warn_execstack' fields. Add 'error_exectack' and 'warn_is_error_for_rwx_segments' fields.
bfd
* elf.c (assign_file_positions_except_relocs): Turn warnings about executable segments into errors if so requested.
* elflink.c (bfd_elf_size_dynamic_sections): Turn warnings about executable stacks into errors if so requested.
ld
* ldlex.h (enum option_values): Add OPTION_ERROR_EXECSTACK, OPTION_NO_ERROR_EXECSTACK, OPTION_WARN_EXECSTACK_OBJECTS, OPTION_ERROR_RWX_SEGMENTS and OPTION_NO_ERROR_RWX_SEGMENTS. (struct ld_option): Add new long options. (parse_args): Parse new long options. (elf_static_list_options): Display the new options.
* ld.texi: Document the new command line options.
* configure.ac (error-execstack): New configuration option. (error-rwx-segments): New configuration option.
* emultempl/elf.em (_before_parse): Initialse the new linkinfo fields.
* NEWS: Mention the new features.
* config.in: Regenerate.
* configure: Regenerate.
* testsuite/ld-elf/commonpage2.d: Disable errors for RWX segments and/or executable stacks.
* testsuite/ld-elf/elf.exp: Likewise.
* testsuite/ld-elf/header.d: Likewise.
* testsuite/ld-elf/loadaddr1.d: Likewise.
* testsuite/ld-elf/loadaddr2.d: Likewise.
* testsuite/ld-elf/maxpage4.d: Likewise.
* testsuite/ld-elf/nobits-1.d: Likewise.
* testsuite/ld-elf/note-1.d: Likewise.
* testsuite/ld-elf/orphan-10.d: Likewise.
* testsuite/ld-elf/orphan-11.d: Likewise.
* testsuite/ld-elf/orphan-12.d: Likewise.
* testsuite/ld-elf/orphan-5.d: Likewise.
* testsuite/ld-elf/orphan-7.d: Likewise.
* testsuite/ld-elf/orphan-8.d: Likewise.
* testsuite/ld-elf/orphan-9.d: Likewise.
* testsuite/ld-elf/orphan-region.d: Likewise.
* testsuite/ld-elf/orphan.d: Likewise.
* testsuite/ld-elf/pr19539.d: Likewise.
* testsuite/ld-elf/pr26256-1a.d: Likewise.
* testsuite/ld-elf/pr26907.d: Likewise.
* testsuite/ld-elf/pr28597.d: Likewise.
* testsuite/ld-elf/retain2.d: Likewise.
* testsuite/ld-elf/shared.exp: Likewise.
* testsuite/ld-elf/size-1.d: Likewise.
* testsuite/ld-elf/textaddr7.d: Likewise.
* testsuite/ld-elf/warn1.d: Likewise.
* testsuite/ld-elf/warn2.d: Likewise.
* testsuite/ld-i386/discarded1.d: Likewise.
* testsuite/ld-i386/pr19175.d: Likewise.
* testsuite/ld-i386/pr19539.d: Likewise.
* testsuite/ld-i386/pr23189.d: Likewise.
* testsuite/ld-plugin/lto-3r.d: Likewise.
* testsuite/ld-plugin/lto-5r.d: Likewise.
* testsuite/ld-plugin/lto.exp: Likewise.
* testsuite/ld-powerpc/ppc476-shared.d: Likewise.
* testsuite/ld-powerpc/ppc476-shared2.d: Likewise.
* testsuite/ld-powerpc/pr28827-2.d: Likewise.
* testsuite/ld-s390/s390.exp: Likewise.
* testsuite/ld-scripts/align2a.d: Likewise.
* testsuite/ld-scripts/align2b.d: Likewise.
* testsuite/ld-scripts/align5.d: Likewise.
* testsuite/ld-scripts/alignof.exp: Likewise.
* testsuite/ld-scripts/crossref.exp: Likewise.
* testsuite/ld-scripts/defined2.d: Likewise.
* testsuite/ld-scripts/defined3.d: Likewise.
* testsuite/ld-scripts/defined5.d: Likewise.
* testsuite/ld-scripts/pr14962.d: Likewise.
* testsuite/ld-scripts/pr18963.d: Likewise.
* testsuite/ld-scripts/pr20302.d: Likewise.
* testsuite/ld-scripts/print-memory-usage.exp: Likewise.
* testsuite/ld-scripts/rgn-at1.d: Likewise.
* testsuite/ld-scripts/rgn-at10.d: Likewise.
* testsuite/ld-scripts/rgn-at4.d: Likewise.
* testsuite/ld-scripts/rgn-at6.d: Likewise.
* testsuite/ld-scripts/rgn-at8.d: Likewise.
* testsuite/ld-scripts/rgn-at9.d: Likewise.
* testsuite/ld-scripts/rgn-over1.d: Likewise.
* testsuite/ld-scripts/rgn-over2.d: Likewise.
* testsuite/ld-scripts/rgn-over4.d: Likewise.
* testsuite/ld-scripts/rgn-over5.d: Likewise.
* testsuite/ld-scripts/rgn-over6.d: Likewise.
* testsuite/ld-scripts/script.exp: Likewise.
* testsuite/ld-scripts/sizeof.exp: Likewise.
* testsuite/ld-scripts/sort-file.d: Likewise.
* testsuite/ld-x86-64/discarded1.d: Likewise.
* testsuite/ld-x86-64/pr19175.d: Likewise.
* testsuite/ld-x86-64/pr19539a.d: Likewise.
* testsuite/ld-x86-64/pr19539b.d: Likewise.
* testsuite/ld-x86-64/pr23189.d: Likewise.
Diffstat (limited to 'bfd')
| -rw-r--r-- | bfd/ChangeLog | 7 | ||||
| -rw-r--r-- | bfd/elf.c | 50 | ||||
| -rw-r--r-- | bfd/elflink.c | 35 |
3 files changed, 81 insertions, 11 deletions
diff --git a/bfd/ChangeLog b/bfd/ChangeLog index 2b12eb3..f8086fb 100644 --- a/bfd/ChangeLog +++ b/bfd/ChangeLog @@ -1,3 +1,10 @@ +2023-11-10 Nick Clifton <nickc@redhat.com> + + * elf.c (assign_file_positions_except_relocs): Turn warnings about + executable segments into errors if so requested. + * elflink.c (bfd_elf_size_dynamic_sections): Turn warnings about + executable stacks into errors if so requested. + 2023-10-30 Nick Clifton <nickc@redhat.com> * bpf-reloc.def (R_BPF_64_NODLD32): Add entry. @@ -7010,6 +7010,9 @@ assign_file_positions_except_relocs (bfd *abfd, { if (link_info != NULL && ! link_info->no_warn_rwx_segments) { + bool warned_tls = false; + bool warned_rwx = false; + /* Memory resident segments with non-zero size and RWX permissions are a security risk, so we generate a warning here if we are creating any. */ @@ -7022,16 +7025,47 @@ assign_file_positions_except_relocs (bfd *abfd, if (phdr->p_memsz == 0) continue; - if (phdr->p_type == PT_TLS && (phdr->p_flags & PF_X)) - _bfd_error_handler (_("warning: %pB has a TLS segment" - " with execute permission"), - abfd); - else if (phdr->p_type == PT_LOAD + if (! warned_tls + && phdr->p_type == PT_TLS + && (phdr->p_flags & PF_X)) + { + if (link_info->warn_is_error_for_rwx_segments) + { + _bfd_error_handler (_("\ +error: %pB has a TLS segment with execute permission"), + abfd); + return false; + } + + _bfd_error_handler (_("\ +warning: %pB has a TLS segment with execute permission"), + abfd); + if (warned_rwx) + break; + + warned_tls = true; + } + else if (! warned_rwx + && phdr->p_type == PT_LOAD && ((phdr->p_flags & (PF_R | PF_W | PF_X)) == (PF_R | PF_W | PF_X))) - _bfd_error_handler (_("warning: %pB has a LOAD segment" - " with RWX permissions"), - abfd); + { + if (link_info->warn_is_error_for_rwx_segments) + { + _bfd_error_handler (_("\ +error: %pB has a LOAD segment with RWX permissions"), + abfd); + return false; + } + + _bfd_error_handler (_("\ +warning: %pB has a LOAD segment with RWX permissions"), + abfd); + if (warned_tls) + break; + + warned_rwx = true; + } } } diff --git a/bfd/elflink.c b/bfd/elflink.c index 99f4cdd..49ea222 100644 --- a/bfd/elflink.c +++ b/bfd/elflink.c @@ -7152,9 +7152,20 @@ bfd_elf_size_dynamic_sections (bfd *output_bfd, /* If the user has explicitly requested warnings, then generate one even though the choice is the result of another command line option. */ if (info->warn_execstack == 1) - _bfd_error_handler - (_("\ + { + if (info->error_execstack) + { + _bfd_error_handler + (_("\ +error: creating an executable stack because of -z execstack command line option")); + return false; + } + + _bfd_error_handler + (_("\ warning: enabling an executable stack because of -z execstack command line option")); + } + elf_stack_flags (output_bfd) = PF_R | PF_W | PF_X; } else if (info->noexecstack) @@ -7210,11 +7221,29 @@ warning: enabling an executable stack because of -z execstack command line optio being enabled despite the fact that it was not requested on the command line. */ if (noteobj) - _bfd_error_handler (_("\ + { + if (info->error_execstack) + { + _bfd_error_handler (_("\ +error: %s: is triggering the generation of an executable stack (because it has an executable .note.GNU-stack section)"), + bfd_get_filename (noteobj)); + return false; + } + + _bfd_error_handler (_("\ warning: %s: requires executable stack (because the .note.GNU-stack section is executable)"), bfd_get_filename (noteobj)); + } else if (emptyobj) { + if (info->error_execstack) + { + _bfd_error_handler (_("\ +error: %s: is triggering the generation of an executable stack because it does not have a .note.GNU-stack section"), + bfd_get_filename (emptyobj)); + return false; + } + _bfd_error_handler (_("\ warning: %s: missing .note.GNU-stack section implies executable stack"), bfd_get_filename (emptyobj)); |