Skip to content

Makefile: suppress ld RWX LOAD segment warning for loader.elf#1406

Open
nyh wants to merge 1 commit into
cloudius-systems:masterfrom
nyh:patch1
Open

Makefile: suppress ld RWX LOAD segment warning for loader.elf#1406
nyh wants to merge 1 commit into
cloudius-systems:masterfrom
nyh:patch1

Conversation

@nyh

@nyh nyh commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

When building loader.elf, ld.bfd now emits:

ld.bfd: warning: build/release.x64/loader.elf has a LOAD segment
with RWX permissions

This warning was introduced in binutils 2.39 (August 2022) as a security-hardening measure to encourage W^X (Write XOR Execute) policies in userspace binaries. Many distros have shipped binutils 2.39 or later since 2023, so the warning now appears for most users.

The warning is a false positive for OSv. Our linker script (arch/x64/loader.ld) deliberately places all sections -- .text, .data, .bss, and friends -- into a single PT_LOAD segment. This is an intentional kernel design: the loader bootstraps the MMU and enforces its own page-level permissions after it is running; the ELF segment permissions are irrelevant at that point.

The "correct" fix would be to split loader.ld into two PT_LOAD segments -- one RX for code and one RW for data -- as W^X would require. However, that change is harder to reason about: OSv's loader relies on the precise VA/PA layout expressed via AT(ADDR(s) - OSV_KERNEL_VM_SHIFT) throughout the linker script, and splitting the single contiguous segment could affect relocation handling, the ELF header placement, and early-boot assumptions that have never been tested with a multi-segment layout. Proper W^X support for the kernel image is tracked in issue #651; we defer it to that effort.

For now, detect whether ld.bfd supports --no-warn-rwx-segments (added in the same binutils 2.39 release that introduced the warning) and, if so, pass it when linking loader.elf and zfs_builder.elf. On older toolchains the flag is absent and the build is unaffected.

When building loader.elf, ld.bfd now emits:

  ld.bfd: warning: build/release.x64/loader.elf has a LOAD segment
          with RWX permissions

This warning was introduced in binutils 2.39 (August 2022) as a
security-hardening measure to encourage W^X (Write XOR Execute)
policies in userspace binaries.  Many distros have shipped binutils
2.39 or later since 2023, so the warning now appears for most users.

The warning is a false positive for OSv.  Our linker script
(arch/x64/loader.ld) deliberately places all sections -- .text, .data,
.bss, and friends -- into a single PT_LOAD segment.  This is an
intentional kernel design: the loader bootstraps the MMU and enforces
its own page-level permissions after it is running; the ELF segment
permissions are irrelevant at that point.

The "correct" fix would be to split loader.ld into two PT_LOAD
segments -- one RX for code and one RW for data -- as W^X would
require.  However, that change is harder to reason about: OSv's loader
relies on the precise VA/PA layout expressed via AT(ADDR(s) -
OSV_KERNEL_VM_SHIFT) throughout the linker script, and splitting the
single contiguous segment could affect relocation handling, the ELF
header placement, and early-boot assumptions that have never been
tested with a multi-segment layout.  Proper W^X support for the kernel
image is tracked in issue cloudius-systems#651; we defer it to that effort.

For now, detect whether ld.bfd supports --no-warn-rwx-segments (added
in the same binutils 2.39 release that introduced the warning) and, if
so, pass it when linking loader.elf and zfs_builder.elf.  On older
toolchains the flag is absent and the build is unaffected.

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the build system to suppress the GNU ld.bfd “RWX LOAD segment” warning (introduced in binutils 2.39) when linking OSv’s loader.elf (and zfs_builder.elf), since OSv intentionally uses a single RWX PT_LOAD segment during early boot.

Changes:

  • Adds ld.bfd capability detection for --no-warn-rwx-segments.
  • Conditionally appends --no-warn-rwx-segments to the linker options used for loader.elf and zfs_builder.elf.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread Makefile
Comment on lines +91 to +94
ld_no_warn_rwx := $(shell $(LD) --no-warn-rwx-segments 2>&1 | grep -c "unrecognized option")
ifeq ($(ld_no_warn_rwx),0)
conf_linker_extra_options += --no-warn-rwx-segments
endif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants