From c0be7df5de2d5b5137f66743a428d1843b98ba9b Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 31 Mar 2013 16:22:05 -0400
Subject: [PATCH] mark the assembly object stacks as non-executable

Closes #5643

This also removes the need to pass noexecstack to gcc, but that wasn't
actually working anymore.
---
 mk/platform.mk                 |  8 +++-----
 src/rt/arch/arm/_context.S     | 13 +++++++++----
 src/rt/arch/arm/ccall.S        |  6 +++++-
 src/rt/arch/arm/morestack.S    |  5 +++++
 src/rt/arch/arm/record_sp.S    | 11 ++++++++---
 src/rt/arch/i386/_context.S    |  5 +++++
 src/rt/arch/i386/ccall.S       |  5 +++++
 src/rt/arch/i386/morestack.S   | 11 ++++++++---
 src/rt/arch/i386/record_sp.S   |  4 ++++
 src/rt/arch/mips/_context.S    |  5 +++++
 src/rt/arch/mips/ccall.S       |  5 +++++
 src/rt/arch/mips/record_sp.S   |  5 +++++
 src/rt/arch/x86_64/_context.S  | 15 ++++++++++-----
 src/rt/arch/x86_64/ccall.S     |  7 ++++++-
 src/rt/arch/x86_64/morestack.S |  9 +++++++--
 src/rt/arch/x86_64/record_sp.S |  4 ++++
 16 files changed, 94 insertions(+), 24 deletions(-)

diff --git a/mk/platform.mk b/mk/platform.mk
index 33dfac4007ae..16b5ba452f4c 100644
--- a/mk/platform.mk
+++ b/mk/platform.mk
@@ -61,8 +61,6 @@ ifdef CFG_VALGRIND
 endif
 
 ifneq ($(findstring linux,$(CFG_OSTYPE)),)
-  # -znoexecstack is here because librt is for some reason being created
-  # with executable stack and Fedora (or SELinux) doesn't like that (#798)
   ifdef CFG_PERF
     ifneq ($(CFG_PERF_WITH_LOGFD),)
         CFG_PERF_TOOL := $(CFG_PERF) stat -r 3 --log-fd 2
@@ -126,7 +124,7 @@ CFG_GCCISH_CXXFLAGS_x86_64-unknown-linux-gnu := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_x86_64-unknown-linux-gnu := -shared -fPIC -ldl -lpthread -lrt -g -m64
 CFG_GCCISH_DEF_FLAG_x86_64-unknown-linux-gnu := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_x86_64-unknown-linux-gnu := .linux.def
 CFG_INSTALL_NAME_x86_64-unknown-linux-gnu =
 CFG_LIBUV_LINK_FLAGS_x86_64-unknown-linux-gnu =
@@ -152,7 +150,7 @@ CFG_GCCISH_CXXFLAGS_i686-unknown-linux-gnu := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_i686-unknown-linux-gnu := -shared -fPIC -ldl -lpthread -lrt -g -m32
 CFG_GCCISH_DEF_FLAG_i686-unknown-linux-gnu := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_i686-unknown-linux-gnu := .linux.def
 CFG_INSTALL_NAME_i686-unknown-linux-gnu =
 CFG_LIBUV_LINK_FLAGS_i686-unknown-linux-gnu =
@@ -228,7 +226,7 @@ CFG_GCCISH_CXXFLAGS_arm-linux-androideabi := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_arm-linux-androideabi := -shared -fPIC -ldl -g -lm -lsupc++ -lgnustl_shared
 CFG_GCCISH_DEF_FLAG_arm-linux-androideabi := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_arm-linux-androideabi := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_arm-linux-androideabi := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_arm-linux-androideabi := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_arm-linux-androideabi := .android.def
 CFG_INSTALL_NAME_arm-linux-androideabi =
 CFG_LIBUV_LINK_FLAGS_arm-linux-androideabi =
diff --git a/src/rt/arch/arm/_context.S b/src/rt/arch/arm/_context.S
index 8d370c2d64e4..b29575aada9f 100644
--- a/src/rt/arch/arm/_context.S
+++ b/src/rt/arch/arm/_context.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@@ -17,12 +22,12 @@ swap_registers:
 	str r10, [r0, #40]
 	str r11, [r0, #44]
 	str r12, [r0, #48]
-	str sp, [r0, #52] 
+	str sp, [r0, #52]
 	str lr, [r0, #56]
 
 	mrs r2, cpsr
 	str r2, [r0, #64]
-	
+
 
 	ldr r0, [r1, #0]
 	ldr r3, [r1, #12]
@@ -35,10 +40,10 @@ swap_registers:
 	ldr r10, [r1, #40]
 	ldr r11, [r1, #44]
 	ldr r12, [r1, #48]
-	
+
 	ldr sp, [r1, #52]
 	ldr lr, [r1, #56]
-	 
+
 	ldr r2, [r1, #64]
 	msr cpsr_cxsf, r2
 
diff --git a/src/rt/arch/arm/ccall.S b/src/rt/arch/arm/ccall.S
index 345e6462d07b..52806d67837b 100644
--- a/src/rt/arch/arm/ccall.S
+++ b/src/rt/arch/arm/ccall.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@@ -19,4 +24,3 @@ __morestack:
 	pop {r4, fp, lr}
 	mov pc, lr
 	.fnend
-
diff --git a/src/rt/arch/arm/morestack.S b/src/rt/arch/arm/morestack.S
index bc1c0c230253..ccb23037f79f 100644
--- a/src/rt/arch/arm/morestack.S
+++ b/src/rt/arch/arm/morestack.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
diff --git a/src/rt/arch/arm/record_sp.S b/src/rt/arch/arm/record_sp.S
index 193104d53b11..528359420e62 100644
--- a/src/rt/arch/arm/record_sp.S
+++ b/src/rt/arch/arm/record_sp.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@@ -45,11 +50,12 @@ get_sp_limit:
 get_sp:
 	mov r0, sp
 	mov pc, lr
-	
+
 .data
 my_cpu:	.long	0
 .global my_array
-my_array:	
+my_array:
+	.long	0
 	.long	0
 	.long	0
 	.long	0
@@ -57,5 +63,4 @@ my_array:
 	.long	0
 	.long	0
 	.long	0
-	.long	0	
 .end
diff --git a/src/rt/arch/i386/_context.S b/src/rt/arch/i386/_context.S
index d8b7281e72b7..d2643d07c3df 100644
--- a/src/rt/arch/i386/_context.S
+++ b/src/rt/arch/i386/_context.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
         .text
 
 /*
diff --git a/src/rt/arch/i386/ccall.S b/src/rt/arch/i386/ccall.S
index c04c3e01c7ea..e47d51bbdb72 100644
--- a/src/rt/arch/i386/ccall.S
+++ b/src/rt/arch/i386/ccall.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	The function for switching to the C stack.  It is called
 	__morestack because gdb allows any frame with that name to
diff --git a/src/rt/arch/i386/morestack.S b/src/rt/arch/i386/morestack.S
index 7f2205b573a8..e8a9c1312ed2 100644
--- a/src/rt/arch/i386/morestack.S
+++ b/src/rt/arch/i386/morestack.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	__morestack
 
@@ -218,11 +223,11 @@ MORESTACK:
 .L$bail:
 	movl 32(%esp),%eax
 	inc %eax
-	
+
 	addl $44, %esp
 	popl %ebp
 	addl $4+8,%esp
-	
+
 	jmpl *%eax
 
 #if defined(__linux__) || defined(__APPLE__) || defined(__FreeBSD__)
@@ -241,7 +246,7 @@ L_rust_get_task$stub:
 L_upcall_new_stack$stub:
 	.indirect_symbol _upcall_new_stack
 	.ascii	 "\364\364\364\364\364"
-	
+
 L_upcall_del_stack$stub:
 	.indirect_symbol _upcall_del_stack
 	.ascii	 "\364\364\364\364\364"
diff --git a/src/rt/arch/i386/record_sp.S b/src/rt/arch/i386/record_sp.S
index e69de29bb2d1..12d9a2b6456c 100644
--- a/src/rt/arch/i386/record_sp.S
+++ b/src/rt/arch/i386/record_sp.S
@@ -0,0 +1,4 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
diff --git a/src/rt/arch/mips/_context.S b/src/rt/arch/mips/_context.S
index 614cf6868170..c926a03798d2 100644
--- a/src/rt/arch/mips/_context.S
+++ b/src/rt/arch/mips/_context.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .globl swap_registers
 .align 2
diff --git a/src/rt/arch/mips/ccall.S b/src/rt/arch/mips/ccall.S
index 522714a8807b..f41d8e721f66 100644
--- a/src/rt/arch/mips/ccall.S
+++ b/src/rt/arch/mips/ccall.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 
 .globl __morestack
diff --git a/src/rt/arch/mips/record_sp.S b/src/rt/arch/mips/record_sp.S
index 6b782fc4629e..dd4d2f393754 100644
--- a/src/rt/arch/mips/record_sp.S
+++ b/src/rt/arch/mips/record_sp.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 
 .globl record_sp_limit
diff --git a/src/rt/arch/x86_64/_context.S b/src/rt/arch/x86_64/_context.S
index 1f9ae1c83c56..bedd68554675 100644
--- a/src/rt/arch/x86_64/_context.S
+++ b/src/rt/arch/x86_64/_context.S
@@ -1,7 +1,12 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 #include "regs.h"
 #define ARG0 RUSTRT_ARG0_S
 #define ARG1 RUSTRT_ARG1_S
-        
+
         .text
 
 /*
@@ -11,7 +16,7 @@ and Microsoft discussion at
 http://msdn.microsoft.com/en-US/library/9z1stfyw%28v=VS.80%29.aspx.
 
 BOTH CALLING CONVENTIONS
-        
+
 Callee save registers:
 	R12--R15, RDI, RSI, RBX, RBP, RSP
         XMM0--XMM5
@@ -30,7 +35,7 @@ User flags have no specified role and are not preserved
         across calls, with the exception of DF in %rFLAGS,
         which must be clear (set to "forward" direction)
         on function entry and return.
-        
+
 MICROSOFT CALLING CONVENTIONS
 
 Return value: RAX
@@ -39,7 +44,7 @@ First four arguments:
         RCX, RDX, R8, R9
         XMM0, XMM1, XMM2, XMM3
 */
-	
+
 /*
         Stores current registers into arg0/RCX and restores
         registers found in arg1/RDX. This is used by our
@@ -47,7 +52,7 @@ First four arguments:
         registers and the register used for the first argument.
         Volatile registers in general ought to be saved by the caller
         anyhow.
-*/	
+*/
 
 #if defined(__APPLE__) || defined(_WIN32)
 #define SWAP_REGISTERS _swap_registers
diff --git a/src/rt/arch/x86_64/ccall.S b/src/rt/arch/x86_64/ccall.S
index 42415e84a52f..d4bc37fee957 100644
--- a/src/rt/arch/x86_64/ccall.S
+++ b/src/rt/arch/x86_64/ccall.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	The function for switching to the C stack.  It is called
 	__morestack because gdb allows any frame with that name to
@@ -10,7 +15,7 @@
 #define ARG0 RUSTRT_ARG0_S
 #define ARG1 RUSTRT_ARG1_S
 #define ARG2 RUSTRT_ARG2_S
-        
+
         .text
 
 #if defined(__APPLE__) || defined(_WIN32)
diff --git a/src/rt/arch/x86_64/morestack.S b/src/rt/arch/x86_64/morestack.S
index 4acb50497d92..e4dfc033bf43 100644
--- a/src/rt/arch/x86_64/morestack.S
+++ b/src/rt/arch/x86_64/morestack.S
@@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	__morestack
 
@@ -78,7 +83,7 @@ MORESTACK:
 	movq %r11, %rdx // Size of stack arguments
 	movq %rax, %rsi // Address of stack arguments
 	movq %r10, %rdi // The amount of stack needed
-        
+
 #ifdef __APPLE__
 	call UPCALL_NEW_STACK
 #endif
@@ -132,7 +137,7 @@ MORESTACK:
 	popq %rax // Restore the return value
 	popq %rbp
 	ret
-	
+
 	.cfi_endproc
 
 #else
diff --git a/src/rt/arch/x86_64/record_sp.S b/src/rt/arch/x86_64/record_sp.S
index e69de29bb2d1..12d9a2b6456c 100644
--- a/src/rt/arch/x86_64/record_sp.S
+++ b/src/rt/arch/x86_64/record_sp.S
@@ -0,0 +1,4 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif