[ELF] Error for executable .note.GNU-stack unless -z execstack or -r #124068
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Created using spr 1.3.5-bogner
|
@llvm/pr-subscribers-lld-elf @llvm/pr-subscribers-lld Author: Fangrui Song (MaskRay) ChangesClose #121234 Full diff: https://github.com/llvm/llvm-project/pull/124068.diff 2 Files Affected:
diff --git a/lld/ELF/InputFiles.cpp b/lld/ELF/InputFiles.cpp
index c44773d0b7dabe..f34de787a16379 100644
--- a/lld/ELF/InputFiles.cpp
+++ b/lld/ELF/InputFiles.cpp
@@ -1026,8 +1026,15 @@ InputSectionBase *ObjFile<ELFT>::createInputSection(uint32_t idx,
// explicitly told to do otherwise (by -z execstack). Because the stack
// executable-ness is controlled solely by command line options,
// .note.GNU-stack sections are simply ignored.
- if (name == ".note.GNU-stack")
+ if (name == ".note.GNU-stack") {
+ if ((sec.sh_flags & SHF_EXECINSTR) && !ctx.arg.relocatable &&
+ ctx.arg.zGnustack != GnuStackKind::Exec) {
+ Err(ctx) << this
+ << ": requires an executable stack, but -z execstack is not "
+ "specified";
+ }
return &InputSection::discarded;
+ }
// Object files that use processor features such as Intel Control-Flow
// Enforcement (CET) or AArch64 Branch Target Identification BTI, use a
diff --git a/lld/test/ELF/gnustack.s b/lld/test/ELF/gnustack.s
index 828e09328c892c..29e81538b6cab8 100644
--- a/lld/test/ELF/gnustack.s
+++ b/lld/test/ELF/gnustack.s
@@ -1,17 +1,20 @@
# REQUIRES: x86
-# RUN: llvm-mc -filetype=obj -triple=x86_64-unknown-linux %s -o %t1
+# RUN: rm -rf %t && split-file %s %t && cd %t
+# RUN: llvm-mc -filetype=obj -triple=x86_64 a.s -o a.o
+# RUN: llvm-mc -filetype=obj -triple=x86_64 x.s -o x.o
+# RUN: llvm-mc -filetype=obj -triple=x86_64 nox.s -o nox.o
-# RUN: ld.lld %t1 -z execstack -o %t
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RWX %s
+# RUN: ld.lld a.o -z execstack -o out
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RWX %s
-# RUN: ld.lld %t1 -o %t
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RW %s
+# RUN: ld.lld a.o -o out
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RW %s
-# RUN: ld.lld %t1 -o %t -z noexecstack
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RW %s
+# RUN: ld.lld a.o -o out -z noexecstack
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RW %s
-# RUN: ld.lld %t1 -o %t -z nognustack
-# RUN: llvm-readobj --program-headers -s %t | FileCheck --check-prefix=NOGNUSTACK %s
+# RUN: ld.lld a.o -o out -z nognustack
+# RUN: llvm-readobj --program-headers -s out | FileCheck --check-prefix=NOGNUSTACK %s
# RW: Type: PT_GNU_STACK
# RW-NEXT: Offset: 0x0
@@ -40,5 +43,19 @@
# NOGNUSTACK-NOT: Type: PT_GNU_STACK
+# RUN: not ld.lld a.o x.o nox.o x.o 2>&1 | FileCheck %s --check-prefix=ERR --implicit-check-not=error:
+# RUN: not ld.lld a.o x.o nox.o x.o -z nognustack 2>&1 | FileCheck %s --check-prefix=ERR --implicit-check-not=error:
+# ERR-COUNT-2: error: x.o: requires an executable stack, but -z execstack is not specified
+
+# RUN: ld.lld a.o x.o nox.o x.o -z execstack --fatal-warnings
+# RUN: ld.lld -r x.o --fatal-warnings
+
+#--- a.s
.globl _start
_start:
+
+#--- x.s
+.section .note.GNU-stack,"x"
+
+#--- nox.s
+.section .note.GNU-stack,""
|
smithp35
approved these changes
Jan 23, 2025
lld/ELF/InputFiles.cpp
Outdated
| @@ -1026,8 +1026,15 @@ InputSectionBase *ObjFile<ELFT>::createInputSection(uint32_t idx, | |||
| // explicitly told to do otherwise (by -z execstack). Because the stack | |||
| // executable-ness is controlled solely by command line options, | |||
| // .note.GNU-stack sections are simply ignored. | |||
There was a problem hiding this comment.
I think we could update the comment. Something like
.note.GNU-stack sections are with one exception, ignored. We give an error message if we encounter an executable .note.GNU-stack to force the user to explicitly request an executable stack.
There was a problem hiding this comment.
Thanks for the suggestion. Adopted.
MaskRay
changed the title
MaskRay
deleted the
users/MaskRay/spr/elf-error-for-executable-notegnu-stack-unless-z-execstack
branch
github-actions bot
pushed a commit
to arm/arm-toolchain
that referenced
this pull request
Jan 23, 2025
…tack or -r .note.GNU-stack with the SHF_EXECINSTR flag requires an executable stack. This is exceedingly rare. We report an error to force the user to explicitly request an executable stack. Close #121234 Pull Request: llvm/llvm-project#124068
thurstond
added a commit
to llvm/llvm-zorg
that referenced
this pull request
Jan 24, 2025
Thanks @vitalybuka! I've updated the QEMU buildbot to add |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
.note.GNU-stack with the SHF_EXECINSTR flag requires an executable
stack. This is exceedingly rare. We report an error to force
the user to explicitly request an executable stack.
Close #121234