As part of the ever ongoing exploit mitigation work, OpenBSD is now moving towards code segments (.text) that can only be executed but not be read. It will no longer be possible to intermingle code and data. The compiler already handles this. Handwritten assembly language parts might not. To find offenders, semarie@ has provided a patch to clang that issues warnings like this one:
test.S:29:8: warning: directive value inside .text section: directive '.byte', section '.text' This is in -current snapshots, and I have run an amd64 bulk build with it. (Started with the ports tree as of approximately 19:20 UTC on Tuesday, Jan 17.) The build took 38 hours to run instead of the expected 30.5h and produced a total of 38514086 relevant warnings. Below is the list of affected package paths and the number of warnings each. As you can see, anything Haskell spews an extraordinary amount. Quite a few warnings will be false positives, because it is a somewhat common idiom to use data directives to embed opcodes for new CPU instructions that assemblers might not yet support. E.g. audio/flac uses ".byte 0x0f, 0x01, 0xd0" for the "xgetbv" instruction. Anyway, here's the list: archivers/blosc 9 archivers/libdeflate 6 archivers/lzop 19 audio/flac 6 audio/libsoxr 3 audio/mpg123 6 audio/wavpack 512 benchmarks/fio 11 databases/mongodb/36 22 databases/mongodb/44 19 devel/alex 17118 devel/cabal-bundler 1391502 devel/cabal-install 1324786 devel/ccache 24 devel/clang-tools-extra 6 devel/cpphs 46729 devel/cryptopp 25 devel/darcs 2515323 devel/git-annex 5546772 devel/gmp 142 devel/happy 26504 devel/hasktags 460505 devel/llvm,,-main 6 devel/py-lief,python3 205 devel/sdl2 12 devel/shellcheck 1538471 devel/spidermonkey102 3 devel/tbb 30 editors/neovim 16262 emulators/citra 3 emulators/mame 3 emulators/mednafen 3 emulators/qemu,-ga 93 emulators/retroarch 3 games/0ad/base 3 games/allegro 2 games/gzdoom 3 games/tome4,-data 14623 graphics/blender 3 graphics/freeimage 6 graphics/libwebp 24 lang/erlang/25 6 lang/ghc 13772113 lang/luajit 29234 lang/mono 10499 lang/node 65765 lang/php/7.4,embed,-embed 6 lang/php/7.4 6 lang/php/8.0,embed,-embed 6 lang/php/8.0 6 lang/php/8.1,embed,-embed 6 lang/php/8.1 6 lang/php/8.2,embed,-embed 6 lang/php/8.2 6 lang/sbcl,threads 3 lang/sbcl 3 mail/rspamd,hyperscan 117 mail/rspamd 117 multimedia/aom 15 multimedia/libvpx 6 multimedia/svt-av1 6 multimedia/xine-lib 6 net/bitcoin,no_x11 112 net/bitcoin 112 net/litecoin,no_x11 112 net/tg_owt 3 productivity/hledger 2154151 security/botan 3 security/gnutls 15552 security/libgcrypt 14212 security/libnettle 56 security/libsodium 6 security/openssl/1.0.2 20569 security/openssl/1.1 58385 security/openssl/3.0 125318 security/polarssl 410 security/sslscan 58385 security/veracrypt 3 textproc/pandoc 6089411 www/chromium 43695 www/firefox-esr 85 www/hiawatha 205 www/hugo,extended 6 www/iridium 43698 www/mozilla-firefox 69 www/seamonkey 251793 www/tor-browser/browser 82 www/ungoogled-chromium 43698 www/webkitgtk4,webkitgtk41 570 www/webkitgtk4,webkitgtk50 570 www/webkitgtk4 570 x11/agar/agar 8 x11/agar/test 4 x11/qt5/qtbase 6 x11/qt5/qtwebengine 42460 x11/qt6/qtbase 3 x11/xmobar 2677239 x11/xmonad 94780 -- Christian "naddy" Weisgerber [email protected]
