Thank you @dinosaure . As @Kensan pointed in #562 I though about adding something rather than removing the /DISCARD/ part. It seems that it's mandatory to add the lines in the asm files and not in thge linker script. About this PR and the change proposed at https://github.com/codelabs-ch/solo5/tree/asm-noexec-stack, when I compile qubes-mirage-firewall, I have:

• current head

/usr/bin/ld: warning: /home/user/.opam/4.14.1/bin/../lib/x86_64-solo5-none-static/solo5_xen.o: requires executable stack (because the .note.GNU-stack section is executable)

• this PR

/usr/bin/ld: warning: /home/user/.opam/4.14.1/bin/../lib/x86_64-solo5-none-static/solo5_xen.o: requires executable stack (because the .note.GNU-stack section is executable)

• the commit proposed that add some asm notes

/usr/bin/ld: warning: amd64.o: missing .note.GNU-stack section implies executable stack
/usr/bin/ld: NOTE: This behaviour is deprecated and will be removed in a future version of the linker

That warning comes from the caml compiler directory, so it might be relevant to also investigate there.

So to me the issue should be fixed by https://github.com/codelabs-ch/solo5/tree/asm-noexec-stack :)

Yes, I agree to put the .note.GNUinto assembly code and discard it at the link time 👍.

That warning comes from the caml compiler directory, so it might be relevant to also investigate there.

You mean with ocaml-solo5? Not sure to understand well this warning. The warning will be deleted then in next versions of the linker?

You mean with ocaml-solo5? Not sure to understand well this warning. The warning will be deleted then in next versions of the linker?

The only amd64.o I've found is in ~/.opam/default/.opam-switch/build/ocaml-solo5.xxx/ocaml/runtime/ and ocaml has assembly files (e.g. https://github.com/ocaml/ocaml/blob/trunk/runtime/amd64.S). It seems that this warning has been recently added and reading https://discuss.ocaml.org/t/ld-error-missing-note-gnu-stack-section/12478 leave me thinking about adding the directive to ocaml-solo5.

So to me this is unrelated to solo5, the commit proposed by @Kensan LGTM.

To move forward I wonder if the best is to add (flags (:standard -cclib "-z noexecstack")) in ocaml-solo5 (if possible) or PR at ocaml to add a similar .section .note.GNU-stack,"",%progbits in the asm files? EDIT: As it seems there's no issue about that in the ocaml repository, it's probably relevant to ocaml-solo5 :)

To move forward I wonder if the best is to add (flags (:standard -cclib "-z noexecstack")) in ocaml-solo5 (if possible) or PR at ocaml to add a similar .section .note.GNU-stack,"",%progbits in the asm files? EDIT: As it seems there's no issue about that in the ocaml repository, it's probably relevant to ocaml-solo5 :)

So, I will let this PR opens but we probably should check if the warning continues to appear if we update ocaml-solo5.