meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch - stefanberger/openbmc - Gitiles

 From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Tue, 23 Aug 2022 11:41:00 +0000
 Subject: [PATCH] core, ldelf: link: add -z execstack

 When building for arm32 with GNU binutils 2.39, the linker outputs
 warnings when generating some TEE core binaries (all_obj.o, init.o,
 unpaged.o and tee.elf) as well as ldelf.elf:

  arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
  arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker

 The permissions used when mapping the TEE core stacks do not depend on
 any metadata found in the ELF file. Similarly when the TEE core loads
 ldelf it already creates a non-executable stack regardless of ELF
 information. Therefore we can safely ignore the warnings. This is done
 by adding the '-z execstack' option.

 Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

 Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
 Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]

 ---
  core/arch/arm/kernel/link.mk | 13 +++++++++----
  ldelf/link.mk                |  4 ++++
  2 files changed, 13 insertions(+), 4 deletions(-)

 diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
 index 3dc459d6..85cde58e 100644
 --- a/core/arch/arm/kernel/link.mk
 +++ b/core/arch/arm/kernel/link.mk
 @@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d

  AWK	 = awk

 +link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
 +ifeq ($(CFG_ARM32_core),y)
 +link-ldflags-common += $(call ld-option,--no-warn-execstack)
 +endif
 +
  link-ldflags  = $(LDFLAGS)
  ifeq ($(CFG_CORE_ASLR),y)
  link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs)
 @@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
  link-ldflags += --sort-section=alignment
  link-ldflags += --fatal-warnings
  link-ldflags += --gc-sections
 -link-ldflags += $(call ld-option,--no-warn-rwx-segments)
 +link-ldflags += $(link-ldflags-common)

  link-ldadd  = $(LDADD)
  link-ldadd += $(ldflags-external)
 @@ -39,7 +44,7 @@ link-script-cppflags := \
  		$(cppflagscore))

  ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
 -		   $(call ld-option,--no-warn-rwx-segments) \
 +		   $(link-ldflags-common) \
  		   $(link-objs) $(link-ldadd) $(libgcccore)
  cleanfiles += $(link-out-dir)/all_objs.o
  $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
 @@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
  		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@

  unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
 -		 $(call ld-option,--no-warn-rwx-segments)
 +		 $(link-ldflags-common)
  unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
  cleanfiles += $(link-out-dir)/unpaged.o
  $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
 @@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
  		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@

  init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
 -	       $(call ld-option,--no-warn-rwx-segments)
 +	       $(link-ldflags-common)
  init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
  	      $(libgcccore)
  cleanfiles += $(link-out-dir)/init.o
 diff --git a/ldelf/link.mk b/ldelf/link.mk
 index 8fafc879..d8a05ea6 100644
 --- a/ldelf/link.mk
 +++ b/ldelf/link.mk
 @@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment
  link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
  link-ldflags += $(link-ldflags$(sm))

 +ifeq ($(CFG_ARM32_$(sm)), y)
 +link-ldflags += $(call ld-option,--no-warn-execstack)
 +endif
 +
  link-ldadd  = $(addprefix -L,$(libdirs))
  link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group
  ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
	From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001
	From: Jerome Forissier <jerome.forissier@linaro.org>
	Date: Tue, 23 Aug 2022 11:41:00 +0000
	Subject: [PATCH] core, ldelf: link: add -z execstack

	When building for arm32 with GNU binutils 2.39, the linker outputs
	warnings when generating some TEE core binaries (all_obj.o, init.o,
	unpaged.o and tee.elf) as well as ldelf.elf:

	arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
	arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker

	The permissions used when mapping the TEE core stacks do not depend on
	any metadata found in the ELF file. Similarly when the TEE core loads
	ldelf it already creates a non-executable stack regardless of ELF
	information. Therefore we can safely ignore the warnings. This is done
	by adding the '-z execstack' option.

	Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>

	Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
	Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]

	---
	core/arch/arm/kernel/link.mk \| 13 +++++++++----
	ldelf/link.mk \| 4 ++++
	2 files changed, 13 insertions(+), 4 deletions(-)

	diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
	index 3dc459d6..85cde58e 100644
	--- a/core/arch/arm/kernel/link.mk
	+++ b/core/arch/arm/kernel/link.mk
	@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d

	AWK = awk

	+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
	+ifeq ($(CFG_ARM32_core),y)
	+link-ldflags-common += $(call ld-option,--no-warn-execstack)
	+endif
	+
	link-ldflags = $(LDFLAGS)
	ifeq ($(CFG_CORE_ASLR),y)
	link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs)
	@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
	link-ldflags += --sort-section=alignment
	link-ldflags += --fatal-warnings
	link-ldflags += --gc-sections
	-link-ldflags += $(call ld-option,--no-warn-rwx-segments)
	+link-ldflags += $(link-ldflags-common)

	link-ldadd = $(LDADD)
	link-ldadd += $(ldflags-external)
	@@ -39,7 +44,7 @@ link-script-cppflags := \
	$(cppflagscore))

	ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
	- $(call ld-option,--no-warn-rwx-segments) \
	+ $(link-ldflags-common) \
	$(link-objs) $(link-ldadd) $(libgcccore)
	cleanfiles += $(link-out-dir)/all_objs.o
	$(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
	@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
	$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@

	unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
	- $(call ld-option,--no-warn-rwx-segments)
	+ $(link-ldflags-common)
	unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
	cleanfiles += $(link-out-dir)/unpaged.o
	$(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
	@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
	$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@

	init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
	- $(call ld-option,--no-warn-rwx-segments)
	+ $(link-ldflags-common)
	init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
	$(libgcccore)
	cleanfiles += $(link-out-dir)/init.o
	diff --git a/ldelf/link.mk b/ldelf/link.mk
	index 8fafc879..d8a05ea6 100644
	--- a/ldelf/link.mk
	+++ b/ldelf/link.mk
	@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment
	link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
	link-ldflags += $(link-ldflags$(sm))

	+ifeq ($(CFG_ARM32_$(sm)), y)
	+link-ldflags += $(call ld-option,--no-warn-execstack)
	+endif
	+
	link-ldadd = $(addprefix -L,$(libdirs))
	link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group
	ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))