From: Ahmad Fatoum <a.fatoum@pengutronix.de>
To: Sascha Hauer <s.hauer@pengutronix.de>,
BAREBOX <barebox@lists.infradead.org>
Cc: "Claude Sonnet 4.5" <noreply@anthropic.com>
Subject: Re: [PATCH v3 15/23] ARM: linker script: create separate PT_LOAD segments for text, rodata, and data
Date: Mon, 12 Jan 2026 14:20:03 +0100 [thread overview]
Message-ID: <4c0431fd-a6eb-446a-9ade-2402bc54307c@pengutronix.de> (raw)
In-Reply-To: <20260108-pbl-load-elf-v3-15-e28c931fc179@pengutronix.de>
On 1/8/26 4:50 PM, Sascha Hauer wrote:
> Fix the linker scripts to generate three distinct PT_LOAD segments with
> correct permissions instead of combining .rodata with .data.
>
> Before this fix, the linker auto-generated only two PT_LOAD segments:
> 1. Text segment (PF_R|PF_X)
> 2. Data segment (PF_R|PF_W) - containing .rodata, .data, .bss, etc.
>
> This caused .rodata to be mapped with write permissions when
> pbl_mmu_setup_from_elf() set up MMU permissions based on ELF segments,
> defeating the W^X protection that commit d9ccb0cf14 intended to provide.
Remove references to commits within this series.
>
> With explicit PHDRS directives, we now generate three segments:
> 1. text segment (PF_R|PF_X): .text and related code sections
> 2. rodata segment (PF_R): .rodata and unwind tables
> 3. data segment (PF_R|PF_W): .data, .bss, and related sections
>
> This ensures pbl_mmu_setup_from_elf() correctly maps .rodata as
> read-only (MAP_CACHED_RO) instead of read-write (MAP_CACHED).
>
> 🤖 Generated with [Claude Code](https://claude.com/claude-code)
>
> Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
> Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
> ---
> arch/arm/lib32/barebox.lds.S | 34 ++++++++++++++++++++++------------
> arch/arm/lib64/barebox.lds.S | 29 +++++++++++++++++++----------
> 2 files changed, 41 insertions(+), 22 deletions(-)
>
> diff --git a/arch/arm/lib32/barebox.lds.S b/arch/arm/lib32/barebox.lds.S
> index c704dd6d70f3ab157ceb67dfb14760e03f2a5d62..2fb43b4619ff29d8d21dd579d3a3002b7134ff71 100644
> --- a/arch/arm/lib32/barebox.lds.S
> +++ b/arch/arm/lib32/barebox.lds.S
> @@ -7,14 +7,23 @@
> OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
> OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
> ENTRY(start)
> +
> +PHDRS
> +{
> + text PT_LOAD FLAGS(5); /* PF_R | PF_X */
> + rodata PT_LOAD FLAGS(4); /* PF_R */
> + data PT_LOAD FLAGS(6); /* PF_R | PF_W */
> + dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
Move one up for readability (segments with same permissions listed next
to each other).
> +}
> +
> SECTIONS
> {
> . = 0x0;
> - .image_start : { *(.__image_start) }
> + .image_start : { *(.__image_start) } :text
>
> . = ALIGN(4);
>
> - ._text : { *(._text) }
> + ._text : { *(._text) } :text
> .text :
> {
> _stext = .;
> @@ -27,7 +36,7 @@ SECTIONS
> KEEP(*(.text_exceptions*))
> __exceptions_stop = .;
> *(.text*)
> - }
> + } :text
> BAREBOX_BARE_INIT_SIZE
>
> . = ALIGN(4096);
> @@ -35,7 +44,7 @@ SECTIONS
> .rodata : {
> *(.rodata*)
> RO_DATA_SECTION
> - }
> + } :rodata
>
> #ifdef CONFIG_ARM_UNWIND
> /*
> @@ -46,20 +55,21 @@ SECTIONS
> __start_unwind_idx = .;
> *(.ARM.exidx*)
> __stop_unwind_idx = .;
> - }
> + } :rodata
> .ARM.unwind_tab : {
> __start_unwind_tab = .;
> *(.ARM.extab*)
> __stop_unwind_tab = .;
> - }
> + } :rodata
> #endif
> . = ALIGN(4096);
> __end_rodata = .;
> _etext = .;
> _sdata = .;
>
> - . = ALIGN(4);
> - .data : { *(.data*) }
> + .data : { *(.data*) } :data
> +
> + .dynamic : { *(.dynamic) } :data :dynamic
Replace :data with :rodata and move it up just before
__end_rodata, so it's actually read-only.
> --- a/arch/arm/lib64/barebox.lds.S
> +++ b/arch/arm/lib64/barebox.lds.S
> @@ -6,14 +6,23 @@
> OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
> OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
> ENTRY(start)
> +
> +PHDRS
> +{
> + text PT_LOAD FLAGS(5); /* PF_R | PF_X */
> + rodata PT_LOAD FLAGS(4); /* PF_R */
> + data PT_LOAD FLAGS(6); /* PF_R | PF_W */
> + dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
Same feedback as for arm32.
> - BAREBOX_RELOCATION_TABLE
> + .dynamic : { *(.dynamic) } :data :dynamic
Ditto.
Cheers,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
next prev parent reply other threads:[~2026-01-12 13:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-08 15:49 [PATCH v3 00/23] PBL: Add PBL ELF loading support with dynamic relocations Sascha Hauer
2026-01-08 15:49 ` [PATCH v3 01/23] Makefile.compiler: add objcopy-option Sascha Hauer
2026-01-08 16:25 ` Ahmad Fatoum
2026-01-08 15:49 ` [PATCH v3 02/23] elf: only accept images matching the native ELF_CLASS Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 03/23] elf: build for PBL as well Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 04/23] elf: add dynamic relocation support Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 05/23] ARM: implement elf_apply_relocations() for ELF " Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 06/23] riscv: define generic relocate_image Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 07/23] riscv: implement elf_apply_relocations() for ELF relocation support Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 08/23] elf: implement elf_load_inplace() Sascha Hauer
2026-01-12 13:04 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 09/23] elf: create elf_open_binary_into() Sascha Hauer
2026-01-12 13:06 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 10/23] Makefile: add vmbarebox build target Sascha Hauer
2026-01-12 13:08 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 11/23] PBL: allow to link ELF image into PBL Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 12/23] mmu: add MAP_CACHED_RO mapping type Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 13/23] mmu: introduce pbl_remap_range() Sascha Hauer
2026-01-12 13:10 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 14/23] ARM: drop arm_fixup_vectors() Sascha Hauer
2026-01-12 13:16 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 15/23] ARM: linker script: create separate PT_LOAD segments for text, rodata, and data Sascha Hauer
2026-01-12 13:20 ` Ahmad Fatoum [this message]
2026-01-08 15:50 ` [PATCH v3 16/23] ARM: link ELF image into PBL Sascha Hauer
2026-01-12 13:25 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 17/23] ARM: PBL: setup MMU with proper permissions from ELF segments Sascha Hauer
2026-01-12 13:38 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 18/23] riscv: linker script: create separate PT_LOAD segments for text, rodata, and data Sascha Hauer
2026-01-12 13:40 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 19/23] riscv: link ELF image into PBL Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 20/23] riscv: Allwinner D1: Drop M-Mode Sascha Hauer
2026-01-08 15:50 ` [PATCH v3 21/23] riscv: add ELF segment-based memory protection with MMU Sascha Hauer
2026-01-12 13:43 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 22/23] ARM: cleanup barebox proper entry Sascha Hauer
2026-01-12 13:21 ` Ahmad Fatoum
2026-01-08 15:50 ` [PATCH v3 23/23] riscv: " Sascha Hauer
2026-01-12 13:44 ` Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4c0431fd-a6eb-446a-9ade-2402bc54307c@pengutronix.de \
--to=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
--cc=noreply@anthropic.com \
--cc=s.hauer@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox