1 files changed, 114 insertions, 0 deletions
diff --git a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch b/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch
new file mode 100644
index 000000000..b82aabdc4
--- /dev/null
+++ b/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch
@@ -0,0 +1,114 @@
+From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Tue, 23 Aug 2022 12:31:46 +0000
+Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
+ .S files
+When building for arm32 with GNU binutils 2.39, the linker outputs
+warnings when linking Trusted Applications:
+ arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
+ arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
+We could silence the warning by adding the '-z execstack' option to the
+TA link flags, like we did in the parent commit for the TEE core and
+ldelf. Indeed, ldelf always allocates a non-executable piece of memory
+for the TA to use as a stack.
+However it seems preferable to comply with the common ELF practices in
+this case. A better fix is therefore to add the missing .note.GNU-stack
+sections in the assembler files.
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
+---
+ lib/libutee/arch/arm/utee_syscalls_a32.S             | 2 ++
+ lib/libutils/ext/arch/arm/atomic_a32.S               | 2 ++
+ lib/libutils/ext/arch/arm/mcount_a32.S               | 2 ++
+ lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S  | 2 ++
+ lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
+ lib/libutils/isoc/arch/arm/setjmp_a32.S              | 2 ++
+ ta/arch/arm/ta_entry_a32.S                           | 2 ++
+ 7 files changed, 14 insertions(+)
+--- a/lib/libutee/arch/arm/utee_syscalls_a32.S
+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
+@@ -9,6 +9,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+         .section .text
+         .balign 4
+         .code 32
+--- a/lib/libutils/ext/arch/arm/atomic_a32.S
+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
+@@ -7,6 +7,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /* uint32_t atomic_inc32(uint32_t *v); */
+ FUNC atomic_inc32 , :
+        ldrex   r1, [r0]
+--- a/lib/libutils/ext/arch/arm/mcount_a32.S
+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
+@@ -9,6 +9,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /*
+  * Convert return address to call site address by subtracting the size of the
+  * mcount call instruction (blx __gnu_mcount_nc).
+--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+@@ -7,6 +7,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /*
+  * signed ret_idivmod_values(signed quot, signed rem);
+  * return quotient and remaining the EABI way (regs r0,r1)
+--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+@@ -7,6 +7,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /*
+  * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
+  */
+--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
+@@ -53,6 +53,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /* Arm/Thumb interworking support:
+ 
+    The interworking scheme expects functions to use a BX instruction
+--- a/ta/arch/arm/ta_entry_a32.S
+++ b/ta/arch/arm/ta_entry_a32.S
+@@ -7,6 +7,8 @@
+ 
+        .section .note.GNU-stack,"",%progbits
+ 
+       .section .note.GNU-stack,"",%progbits
+
+ /*
+  * This function is the bottom of the user call stack. Mark it as such so that
+  * the unwinding code won't try to go further down.

diff --git a/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch b/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch new file mode 100644 index 000000000..b82aabdc4 --- /dev/null +++ b/recipes-security/optee-imx/optee-os/0010-add-note-GNU-stack-section.patch
@@ -0,0 +1,114 @@
	1	From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
	2	From: Jerome Forissier <jerome.forissier@linaro.org>
	3	Date: Tue, 23 Aug 2022 12:31:46 +0000
	4	Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
	5
	6	.S files
	7
	8	When building for arm32 with GNU binutils 2.39, the linker outputs
	9	warnings when linking Trusted Applications:
	10
	11	arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
	12	arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
	13
	14	We could silence the warning by adding the '-z execstack' option to the
	15	TA link flags, like we did in the parent commit for the TEE core and
	16	ldelf. Indeed, ldelf always allocates a non-executable piece of memory
	17	for the TA to use as a stack.
	18
	19	However it seems preferable to comply with the common ELF practices in
	20	this case. A better fix is therefore to add the missing .note.GNU-stack
	21	sections in the assembler files.
	22
	23	Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
	24
	25	Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
	26	Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
	27
	28	---
	29	lib/libutee/arch/arm/utee_syscalls_a32.S \| 2 ++
	30	lib/libutils/ext/arch/arm/atomic_a32.S \| 2 ++
	31	lib/libutils/ext/arch/arm/mcount_a32.S \| 2 ++
	32	lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S \| 2 ++
	33	lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S \| 2 ++
	34	lib/libutils/isoc/arch/arm/setjmp_a32.S \| 2 ++
	35	ta/arch/arm/ta_entry_a32.S \| 2 ++
	36	7 files changed, 14 insertions(+)
	37
	38	--- a/lib/libutee/arch/arm/utee_syscalls_a32.S
	39	+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
	40	@@ -9,6 +9,8 @@
	41
	42	.section .note.GNU-stack,"",%progbits
	43
	44	+ .section .note.GNU-stack,"",%progbits
	45	+
	46	.section .text
	47	.balign 4
	48	.code 32
	49	--- a/lib/libutils/ext/arch/arm/atomic_a32.S
	50	+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
	51	@@ -7,6 +7,8 @@
	52
	53	.section .note.GNU-stack,"",%progbits
	54
	55	+ .section .note.GNU-stack,"",%progbits
	56	+
	57	/* uint32_t atomic_inc32(uint32_t v); /
	58	FUNC atomic_inc32 , :
	59	ldrex r1, [r0]
	60	--- a/lib/libutils/ext/arch/arm/mcount_a32.S
	61	+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
	62	@@ -9,6 +9,8 @@
	63
	64	.section .note.GNU-stack,"",%progbits
	65
	66	+ .section .note.GNU-stack,"",%progbits
	67	+
	68	/*
	69	* Convert return address to call site address by subtracting the size of the
	70	* mcount call instruction (blx __gnu_mcount_nc).
	71	--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
	72	+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
	73	@@ -7,6 +7,8 @@
	74
	75	.section .note.GNU-stack,"",%progbits
	76
	77	+ .section .note.GNU-stack,"",%progbits
	78	+
	79	/*
	80	* signed ret_idivmod_values(signed quot, signed rem);
	81	* return quotient and remaining the EABI way (regs r0,r1)
	82	--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
	83	+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
	84	@@ -7,6 +7,8 @@
	85
	86	.section .note.GNU-stack,"",%progbits
	87
	88	+ .section .note.GNU-stack,"",%progbits
	89	+
	90	/*
	91	* __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
	92	*/
	93	--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
	94	+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
	95	@@ -53,6 +53,8 @@
	96
	97	.section .note.GNU-stack,"",%progbits
	98
	99	+ .section .note.GNU-stack,"",%progbits
	100	+
	101	/* Arm/Thumb interworking support:
	102
	103	The interworking scheme expects functions to use a BX instruction
	104	--- a/ta/arch/arm/ta_entry_a32.S
	105	+++ b/ta/arch/arm/ta_entry_a32.S
	106	@@ -7,6 +7,8 @@
	107
	108	.section .note.GNU-stack,"",%progbits
	109
	110	+ .section .note.GNU-stack,"",%progbits
	111	+
	112	/*
	113	* This function is the bottom of the user call stack. Mark it as such so that
	114	* the unwinding code won't try to go further down.