Re: [Gnu-efi-discuss] ld: Don't warn about RWX segment maps
Brought to you by:
noxorc
Menu
▾
▴
Re: [Gnu-efi-discuss] ld: Don't warn about RWX segment maps
|
From: Heinrich S. <xyp...@gm...> - 2023-03-28 16:35:03
|
On 3/28/23 14:26, Richard Hughes wrote:
> Newer gnu ld complains about RWX segment maps, and since we build with
> "--fatal-warnings" we get the following:
>
> ld -nostdlib --warn-common --no-undefined --fatal-warnings \
> --build-id=sha1 -shared -Bsymbolic \
> -L/builddir/build/BUILD/gnu-efi-3.0.9//apps/../aa64/lib \
> -L/builddir/build/BUILD/gnu-efi-3.0.9//apps/../aa64/gnuefi \
> /builddir/build/BUILD/gnu-efi-3.0.9//apps/../aa64/gnuefi/crt0-efi-aarch64.o
> \
> --defsym=EFI_SUBSYSTEM=0xa t.o -o t.so -lefi -lgnuefi \
> /usr/lib/gcc/aarch64-redhat-linux/13/libgcc.a \
> -T /builddir/build/BUILD/gnu-efi-3.0.9//apps/../gnuefi/elf_aarch64_efi.lds
> ld: warning: t.so has a LOAD segment with RWX permissions
>
> Since the final linked binary will be PE, rather than ELF, and won't
> even *have* segment maps, this should be safe to just disable.
>
> This patch adds "--no-warn-rwx-segments" to the ld command lines.
Please, don't.
Having RWX segments is a security issue. Code segments must not be
writable. Some firmware rejects to load such code. E.g. I could not load
such a binary on the Lenovo X13s and had to fix building the binaries in
U-Boot.
Cf. U-Boot commit
d7ddeb66a6ce ("efi_loader: fix building aarch64 EFI binaries")
and following.
The correct approach is to adjust the loader script to put non-static
data into a different section than the code and to make the .text
section RX.
Best regards
Heinrich
>
> Signed-off-by: Peter Jones <pj...@re...>
>
> Richard.
|
