Check if there are simultaneously writable and executable program segments in vmlinux ELF image and fail build if there are any. This would prevent accidental introduction of RWX segments. Tested-by: Mario Limonciello <mario.limonciello@xxxxxxx> Signed-off-by: Evgeniy Baskov <baskov@xxxxxxxxx> --- arch/x86/boot/compressed/Makefile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 3a261abb6d15..64de6c2b1740 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -112,11 +112,17 @@ vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_thunk_$(BITS).o vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o efi-obj-$(CONFIG_EFI_STUB) = $(objtree)/drivers/firmware/efi/libstub/lib.a +quiet_cmd_wx_check = WXCHK $< +cmd_wx_check = if $(OBJDUMP) -p $< | grep "flags .wx" > /dev/null; \ + then (echo >&2 "$<: Simultaneously writable and executable sections are prohibited"; \ + /bin/false); fi + $(obj)/vmlinux: $(vmlinux-objs-y) $(efi-obj-y) FORCE $(call if_changed,ld) OBJCOPYFLAGS_vmlinux.bin := -R .comment -S $(obj)/vmlinux.bin: vmlinux FORCE + $(call cmd,wx_check) $(call if_changed,objcopy) targets += $(patsubst $(obj)/%,%,$(vmlinux-objs-y)) vmlinux.bin.all vmlinux.relocs -- 2.37.4
