[PATCH v3 15/23] ARM: linker script: create separate PT_LOAD segments for text, rodata, and data

Thu, 08 Jan 2026 08:03:24 -0800 

Fix the linker scripts to generate three distinct PT_LOAD segments with
correct permissions instead of combining .rodata with .data.

Before this fix, the linker auto-generated only two PT_LOAD segments:
1. Text segment (PF_R|PF_X)
2. Data segment (PF_R|PF_W) - containing .rodata, .data, .bss, etc.

This caused .rodata to be mapped with write permissions when
pbl_mmu_setup_from_elf() set up MMU permissions based on ELF segments,
defeating the W^X protection that commit d9ccb0cf14 intended to provide.

With explicit PHDRS directives, we now generate three segments:
1. text segment (PF_R|PF_X): .text and related code sections
2. rodata segment (PF_R): .rodata and unwind tables
3. data segment (PF_R|PF_W): .data, .bss, and related sections

This ensures pbl_mmu_setup_from_elf() correctly maps .rodata as
read-only (MAP_CACHED_RO) instead of read-write (MAP_CACHED).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
Signed-off-by: Sascha Hauer <[email protected]>
---
 arch/arm/lib32/barebox.lds.S | 34 ++++++++++++++++++++++------------
 arch/arm/lib64/barebox.lds.S | 29 +++++++++++++++++++----------
 2 files changed, 41 insertions(+), 22 deletions(-)

diff --git a/arch/arm/lib32/barebox.lds.S b/arch/arm/lib32/barebox.lds.S
index 
c704dd6d70f3ab157ceb67dfb14760e03f2a5d62..2fb43b4619ff29d8d21dd579d3a3002b7134ff71
 100644
--- a/arch/arm/lib32/barebox.lds.S
+++ b/arch/arm/lib32/barebox.lds.S
@@ -7,14 +7,23 @@
 OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
 OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
 ENTRY(start)
+
+PHDRS
+{
+       text PT_LOAD FLAGS(5);     /* PF_R | PF_X */
+       rodata PT_LOAD FLAGS(4);   /* PF_R */
+       data PT_LOAD FLAGS(6);     /* PF_R | PF_W */
+       dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
+}
+
 SECTIONS
 {
        . = 0x0;
-       .image_start : { *(.__image_start) }
+       .image_start : { *(.__image_start) } :text
 
        . = ALIGN(4);
 
-       ._text : { *(._text) }
+       ._text : { *(._text) } :text
        .text      :
        {
                _stext = .;
@@ -27,7 +36,7 @@ SECTIONS
                KEEP(*(.text_exceptions*))
                __exceptions_stop = .;
                *(.text*)
-       }
+       } :text
        BAREBOX_BARE_INIT_SIZE
 
        . = ALIGN(4096);
@@ -35,7 +44,7 @@ SECTIONS
        .rodata : {
                *(.rodata*)
                RO_DATA_SECTION
-       }
+       } :rodata
 
 #ifdef CONFIG_ARM_UNWIND
        /*
@@ -46,20 +55,21 @@ SECTIONS
                __start_unwind_idx = .;
                *(.ARM.exidx*)
                __stop_unwind_idx = .;
-       }
+       } :rodata
        .ARM.unwind_tab : {
                __start_unwind_tab = .;
                *(.ARM.extab*)
                __stop_unwind_tab = .;
-       }
+       } :rodata
 #endif
        . = ALIGN(4096);
        __end_rodata = .;
        _etext = .;
        _sdata = .;
 
-       . = ALIGN(4);
-       .data : { *(.data*) }
+       .data : { *(.data*) } :data
+
+       .dynamic : { *(.dynamic) } :data :dynamic
 
        . = .;
 
@@ -69,12 +79,12 @@ SECTIONS
 
        BAREBOX_EFI_RUNTIME
 
-       .image_end : { *(.__image_end) }
+       .image_end : { *(.__image_end) } :data
 
        . = ALIGN(4);
-       .__bss_start :  { *(.__bss_start) }
-       .bss : { *(.bss*) }
-       .__bss_stop :  { *(.__bss_stop) }
+       .__bss_start :  { *(.__bss_start) } :data
+       .bss : { *(.bss*) } :data
+       .__bss_stop :  { *(.__bss_stop) } :data
 
 #ifdef CONFIG_ARM_SECURE_MONITOR
        . = ALIGN(16);
diff --git a/arch/arm/lib64/barebox.lds.S b/arch/arm/lib64/barebox.lds.S
index 
5ee5fbc3741e1f7644c00f9b37c0903c27704a3e..71f677a917851270e09c6d439fe5cbe4b6b41034
 100644
--- a/arch/arm/lib64/barebox.lds.S
+++ b/arch/arm/lib64/barebox.lds.S
@@ -6,14 +6,23 @@
 OUTPUT_FORMAT(BAREBOX_OUTPUT_FORMAT)
 OUTPUT_ARCH(BAREBOX_OUTPUT_ARCH)
 ENTRY(start)
+
+PHDRS
+{
+       text PT_LOAD FLAGS(5);     /* PF_R | PF_X */
+       rodata PT_LOAD FLAGS(4);   /* PF_R */
+       data PT_LOAD FLAGS(6);     /* PF_R | PF_W */
+       dynamic PT_DYNAMIC FLAGS(4); /* PF_R */
+}
+
 SECTIONS
 {
        . = 0x0;
 
-       .image_start : { *(.__image_start) }
+       .image_start : { *(.__image_start) } :text
 
        . = ALIGN(4);
-       ._text : { *(._text) }
+       ._text : { *(._text) } :text
        .text      :
        {
                _stext = .;
@@ -22,7 +31,7 @@ SECTIONS
                *(.text_bare_init*)
                __bare_init_end = .;
                *(.text*)
-       }
+       } :text
        BAREBOX_BARE_INIT_SIZE
 
        . = ALIGN(4096);
@@ -30,7 +39,7 @@ SECTIONS
        .rodata : {
                *(.rodata*)
                RO_DATA_SECTION
-       }
+       } :rodata
 
        . = ALIGN(4096);
 
@@ -38,20 +47,20 @@ SECTIONS
        _etext = .;
        _sdata = .;
 
-       .data : { *(.data*) }
+       .data : { *(.data*) } :data
 
-       BAREBOX_RELOCATION_TABLE
+       .dynamic : { *(.dynamic) } :data :dynamic
 
        _edata = .;
 
        BAREBOX_EFI_RUNTIME
 
-       .image_end : { *(.__image_end) }
+       .image_end : { *(.__image_end) } :data
 
        . = ALIGN(4);
-       .__bss_start :  { *(.__bss_start) }
-       .bss : { *(.bss*) }
-       .__bss_stop :  { *(.__bss_stop) }
+       .__bss_start :  { *(.__bss_start) } :data
+       .bss : { *(.bss*) } :data
+       .__bss_stop :  { *(.__bss_stop) } :data
        _end = .;
        _barebox_image_size = __bss_start;
 }

-- 
2.47.3

Reply via email to