[lld] e00f1f8 - [ELF] Error for executable .note.GNU-stack unless -z execstack or -r

via llvm-commits llvm-commits at lists.llvm.org
Thu Jan 23 09:32:57 PST 2025 

Author: Fangrui Song
Date: 2025-01-23T12:32:54-05:00
New Revision: e00f1f843610416f18a2fe4779c19310e808a1a4

URL: https://github.com/llvm/llvm-project/commit/e00f1f843610416f18a2fe4779c19310e808a1a4
DIFF: https://github.com/llvm/llvm-project/commit/e00f1f843610416f18a2fe4779c19310e808a1a4.diff

LOG: [ELF] Error for executable .note.GNU-stack unless -z execstack or -r

.note.GNU-stack with the SHF_EXECINSTR flag requires an executable
stack. This is exceedingly rare. We report an error to force
the user to explicitly request an executable stack.

Close #121234

Pull Request: https://github.com/llvm/llvm-project/pull/124068

Added: 
    

Modified: 
    lld/ELF/InputFiles.cpp
    lld/test/ELF/gnustack.s

Removed: 
    


################################################################################
diff  --git a/lld/ELF/InputFiles.cpp b/lld/ELF/InputFiles.cpp
index c44773d0b7dabe..c3c6812c262028 100644
--- a/lld/ELF/InputFiles.cpp
+++ b/lld/ELF/InputFiles.cpp
@@ -1025,9 +1025,18 @@ InputSectionBase *ObjFile<ELFT>::createInputSection(uint32_t idx,
     // Therefore, we make LLD always add PT_GNU_STACK unless it is
     // explicitly told to do otherwise (by -z execstack). Because the stack
     // executable-ness is controlled solely by command line options,
-    // .note.GNU-stack sections are simply ignored.
-    if (name == ".note.GNU-stack")
+    // .note.GNU-stack sections are, with one exception, ignored. Report
+    // an error if we encounter an executable .note.GNU-stack to force the
+    // user to explicitly request an executable stack.
+    if (name == ".note.GNU-stack") {
+      if ((sec.sh_flags & SHF_EXECINSTR) && !ctx.arg.relocatable &&
+          ctx.arg.zGnustack != GnuStackKind::Exec) {
+        Err(ctx) << this
+                 << ": requires an executable stack, but -z execstack is not "
+                    "specified";
+      }
       return &InputSection::discarded;
+    }
 
     // Object files that use processor features such as Intel Control-Flow
     // Enforcement (CET) or AArch64 Branch Target Identification BTI, use a

diff  --git a/lld/test/ELF/gnustack.s b/lld/test/ELF/gnustack.s
index 828e09328c892c..29e81538b6cab8 100644
--- a/lld/test/ELF/gnustack.s
+++ b/lld/test/ELF/gnustack.s
@@ -1,17 +1,20 @@
 # REQUIRES: x86
-# RUN: llvm-mc -filetype=obj -triple=x86_64-unknown-linux %s -o %t1
+# RUN: rm -rf %t && split-file %s %t && cd %t
+# RUN: llvm-mc -filetype=obj -triple=x86_64 a.s -o a.o
+# RUN: llvm-mc -filetype=obj -triple=x86_64 x.s -o x.o
+# RUN: llvm-mc -filetype=obj -triple=x86_64 nox.s -o nox.o
 
-# RUN: ld.lld %t1 -z execstack -o %t
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RWX %s
+# RUN: ld.lld a.o -z execstack -o out
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RWX %s
 
-# RUN: ld.lld %t1 -o %t
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RW %s
+# RUN: ld.lld a.o -o out
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RW %s
 
-# RUN: ld.lld %t1 -o %t -z noexecstack
-# RUN: llvm-readobj --program-headers -S %t | FileCheck --check-prefix=RW %s
+# RUN: ld.lld a.o -o out -z noexecstack
+# RUN: llvm-readobj --program-headers -S out | FileCheck --check-prefix=RW %s
 
-# RUN: ld.lld %t1 -o %t -z nognustack
-# RUN: llvm-readobj --program-headers -s %t | FileCheck --check-prefix=NOGNUSTACK %s
+# RUN: ld.lld a.o -o out -z nognustack
+# RUN: llvm-readobj --program-headers -s out | FileCheck --check-prefix=NOGNUSTACK %s
 
 # RW:      Type: PT_GNU_STACK
 # RW-NEXT: Offset: 0x0
@@ -40,5 +43,19 @@
 
 # NOGNUSTACK-NOT: Type: PT_GNU_STACK
 
+# RUN: not ld.lld a.o x.o nox.o x.o 2>&1 | FileCheck %s --check-prefix=ERR --implicit-check-not=error:
+# RUN: not ld.lld a.o x.o nox.o x.o -z nognustack 2>&1 | FileCheck %s --check-prefix=ERR --implicit-check-not=error:
+# ERR-COUNT-2: error: x.o: requires an executable stack, but -z execstack is not specified
+
+# RUN: ld.lld a.o x.o nox.o x.o -z execstack --fatal-warnings
+# RUN: ld.lld -r x.o --fatal-warnings
+
+#--- a.s
 .globl _start
 _start:
+
+#--- x.s
+.section .note.GNU-stack,"x"
+
+#--- nox.s
+.section .note.GNU-stack,""

More information about the llvm-commits mailing list