cmake: Add CONFIG_LINKER_ERROR_RWX_SEGMENTS #89574
Conversation
github-actions
bot
added
platform: Synopsys
github-actions
bot
requested review from
57300,
abrodkin,
evgeniy-paltsev,
jeremybettis,
nashif,
nordicjm,
ruuddw,
stephanosio and
tejlmand
keith-packard
force-pushed
the
allow-rwx-segments
branch
2 times, most recently
from
1b07301 to
6d01be7
Compare
|
I agree with @nashif that this is not ARCv3 specific. Furthermore, this raises some questions on if the warning makes sense for Zephyr at all. The (rwx) memory flags in the linker script seem to defined for the linker as a hint on where to put segments that don't have explicit placing rules. The linker warning, however, assumes these to be attributes for the loader or so to set up run-time protections to avoid e.g. executable stacks. I don't think there is a firm or enforced relation in Zephyr between the linker script attributes and the actual runtime attributes (e.g. programming MPU regions based on these). |
nashif
changed the title
I'd argue that it's more important on Zephyr than most environments. Placing data in ROM without having it marked const means that the compiler can't warn the developer about mistakes where the code is storing to those variables. Many embedded systems don't trap writes to ROM, they just ignore them. And emulators often fail to prevent these writes, leading to applications which work differently under emulation than on real hardware. For instance, if you enable Once #89577 is working, we will be able to enable this warning on many platforms.
Those are ignored when the script has explicit instructions about section placement, leading to read-write variables being placed in read-only memory, even when that memory is correctly labeled.
I think Zephyr should use the compiler to help developers find places where they may attempt to store to data stored in ROM and prevent that at build time. You'd think the linker would complain when you place writable sections in memory regions that are marked read-only, but it doesn't. So, this flag is all we've got to help with this problem. |
keith-packard
force-pushed
the
allow-rwx-segments
branch
from
6d01be7 to
1a5cbca
Compare
|
I've changed the name of the Kconfig option to |
keith-packard
force-pushed
the
allow-rwx-segments
branch
from
1a5cbca to
2458325
Compare
|
And now changed to actually make RWX segments an error instead of just a warning -- if the goal is to use this to check build correctness, then the build needs to fail if it doesn't work. Note that this option does not work with the 12.2 toolchain as the linker doesn't support any of this stuff. |
keith-packard
changed the title
When this Kconfig parameter is selected, configure the linker so that errors will be produced when the generated ELF file contains segments which are both executable and writable. This is set to 'n' by default as nearly all Zephyr targets do not yet mark all data destined to land in ROM as constant. Signed-off-by: Keith Packard <[email protected]>
keith-packard
force-pushed
the
allow-rwx-segments
branch
from
2458325 to
ab6486b
Compare
|
|
This pull request has been marked as stale because it has been open (more than) 60 days with no activity. Remove the stale label or add a comment saying that you would like to have the label removed otherwise this pull request will automatically be closed in 14 days. Note, that you can always re-open a closed pull request at any time. |
When this Kconfig parameter is selected, configure the linker so that errors will be produced when the generated ELF file contains segments which are both executable and writable.
This is set to 'n' by default as nearly all Zephyr targets do not mark all data destined to land in ROM as constant.