Build: Pass "-z separate-code" to linker

This tells the linker to not combine read-only data and executable code, instead favoring multiple PT_LOAD headers with more precise permissions. This greatly reduces the amount of executable pages in all our programs and libraries. /usr/lib/libjs.so before: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000000 0x00000000 0x00000000 0x2fc77c 0x2fc77c R E 0x1000 LOAD 0x2fc900 0x002fd900 0x002fd900 0x0c708 0x0dd1c RW 0x1000 /usr/lib/libjs.so after: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align LOAD 0x000000 0x00000000 0x00000000 0x80e60 0x80e60 R 0x1000 LOAD 0x081000 0x00081000 0x00081000 0x25f6c9 0x25f6c9 R E 0x1000 LOAD 0x2e1000 0x002e1000 0x002e1000 0x1c27c 0x1c27c R 0x1000 LOAD 0x2fd900 0x002fe900 0x002fe900 0x0c708 0x0dd1c RW 0x1000 As you can see, we go from 0x2fc77c bytes of executable memory down to 0x25f6c9 (a ~20% reduction!) The memory that was previous executable is now simply read-only instead. :^)
2024-07-21 01:55:07 +00:00 · 2021-08-31 16:08:11 +02:00 · 2021-08-31 16:08:11 +02:00 · fac0bbe739
parent 5046a1fe38
commit fac0bbe739
1 changed files with 2 additions and 2 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -217,8 +217,8 @@ endforeach()

 set(CMAKE_INSTALL_NAME_TOOL "")
 set(CMAKE_SHARED_LIBRARY_SUFFIX ".so")
-set(CMAKE_SHARED_LIBRARY_CREATE_CXX_FLAGS "-shared -Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack")
-set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack,-z,max-page-size=0x1000")
+set(CMAKE_SHARED_LIBRARY_CREATE_CXX_FLAGS "-shared -Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack,-z,separate-code")
+set(CMAKE_CXX_LINK_FLAGS "-Wl,--hash-style=gnu,-z,relro,-z,now,-z,noexecstack,-z,max-page-size=0x1000,-z,separate-code")

 # We disable it completely because it makes cmake very spammy.
 # This will need to be revisited when the Loader supports RPATH/RUN_PATH.