Makefile: suppress ld RWX LOAD segment warning for loader.elf#1406
Open
nyh wants to merge 1 commit into
Open
Conversation
When building loader.elf, ld.bfd now emits:
ld.bfd: warning: build/release.x64/loader.elf has a LOAD segment
with RWX permissions
This warning was introduced in binutils 2.39 (August 2022) as a
security-hardening measure to encourage W^X (Write XOR Execute)
policies in userspace binaries. Many distros have shipped binutils
2.39 or later since 2023, so the warning now appears for most users.
The warning is a false positive for OSv. Our linker script
(arch/x64/loader.ld) deliberately places all sections -- .text, .data,
.bss, and friends -- into a single PT_LOAD segment. This is an
intentional kernel design: the loader bootstraps the MMU and enforces
its own page-level permissions after it is running; the ELF segment
permissions are irrelevant at that point.
The "correct" fix would be to split loader.ld into two PT_LOAD
segments -- one RX for code and one RW for data -- as W^X would
require. However, that change is harder to reason about: OSv's loader
relies on the precise VA/PA layout expressed via AT(ADDR(s) -
OSV_KERNEL_VM_SHIFT) throughout the linker script, and splitting the
single contiguous segment could affect relocation handling, the ELF
header placement, and early-boot assumptions that have never been
tested with a multi-segment layout. Proper W^X support for the kernel
image is tracked in issue cloudius-systems#651; we defer it to that effort.
For now, detect whether ld.bfd supports --no-warn-rwx-segments (added
in the same binutils 2.39 release that introduced the warning) and, if
so, pass it when linking loader.elf and zfs_builder.elf. On older
toolchains the flag is absent and the build is unaffected.
There was a problem hiding this comment.
Pull request overview
This PR updates the build system to suppress the GNU ld.bfd “RWX LOAD segment” warning (introduced in binutils 2.39) when linking OSv’s loader.elf (and zfs_builder.elf), since OSv intentionally uses a single RWX PT_LOAD segment during early boot.
Changes:
- Adds ld.bfd capability detection for
--no-warn-rwx-segments. - Conditionally appends
--no-warn-rwx-segmentsto the linker options used forloader.elfandzfs_builder.elf.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+91
to
+94
| ld_no_warn_rwx := $(shell $(LD) --no-warn-rwx-segments 2>&1 | grep -c "unrecognized option") | ||
| ifeq ($(ld_no_warn_rwx),0) | ||
| conf_linker_extra_options += --no-warn-rwx-segments | ||
| endif |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When building loader.elf, ld.bfd now emits:
ld.bfd: warning: build/release.x64/loader.elf has a LOAD segment
with RWX permissions
This warning was introduced in binutils 2.39 (August 2022) as a security-hardening measure to encourage W^X (Write XOR Execute) policies in userspace binaries. Many distros have shipped binutils 2.39 or later since 2023, so the warning now appears for most users.
The warning is a false positive for OSv. Our linker script (arch/x64/loader.ld) deliberately places all sections -- .text, .data, .bss, and friends -- into a single PT_LOAD segment. This is an intentional kernel design: the loader bootstraps the MMU and enforces its own page-level permissions after it is running; the ELF segment permissions are irrelevant at that point.
The "correct" fix would be to split loader.ld into two PT_LOAD segments -- one RX for code and one RW for data -- as W^X would require. However, that change is harder to reason about: OSv's loader relies on the precise VA/PA layout expressed via AT(ADDR(s) - OSV_KERNEL_VM_SHIFT) throughout the linker script, and splitting the single contiguous segment could affect relocation handling, the ELF header placement, and early-boot assumptions that have never been tested with a multi-segment layout. Proper W^X support for the kernel image is tracked in issue #651; we defer it to that effort.
For now, detect whether ld.bfd supports --no-warn-rwx-segments (added in the same binutils 2.39 release that introduced the warning) and, if so, pass it when linking loader.elf and zfs_builder.elf. On older toolchains the flag is absent and the build is unaffected.