mark the assembly object stacks as non-executable

Closes #5643 This also removes the need to pass noexecstack to gcc, but that wasn't actually working anymore.
2013-03-31 16:22:05 -04:00 · 2013-03-31 16:22:05 -04:00 · c0be7df5de
commit c0be7df5de
parent 75d615d6f6
16 changed files with 94 additions and 24 deletions
--- a/mk/platform.mk
+++ b/mk/platform.mk
@ -61,8 +61,6 @@ ifdef CFG_VALGRIND
 endif

 ifneq ($(findstring linux,$(CFG_OSTYPE)),)
-  # -znoexecstack is here because librt is for some reason being created
-  # with executable stack and Fedora (or SELinux) doesn't like that (#798)
  ifdef CFG_PERF
    ifneq ($(CFG_PERF_WITH_LOGFD),)
        CFG_PERF_TOOL := $(CFG_PERF) stat -r 3 --log-fd 2
@ -126,7 +124,7 @@ CFG_GCCISH_CXXFLAGS_x86_64-unknown-linux-gnu := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_x86_64-unknown-linux-gnu := -shared -fPIC -ldl -lpthread -lrt -g -m64
 CFG_GCCISH_DEF_FLAG_x86_64-unknown-linux-gnu := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_x86_64-unknown-linux-gnu := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_x86_64-unknown-linux-gnu := .linux.def
 CFG_INSTALL_NAME_x86_64-unknown-linux-gnu =
 CFG_LIBUV_LINK_FLAGS_x86_64-unknown-linux-gnu =
@ -152,7 +150,7 @@ CFG_GCCISH_CXXFLAGS_i686-unknown-linux-gnu := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_i686-unknown-linux-gnu := -shared -fPIC -ldl -lpthread -lrt -g -m32
 CFG_GCCISH_DEF_FLAG_i686-unknown-linux-gnu := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_i686-unknown-linux-gnu := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_i686-unknown-linux-gnu := .linux.def
 CFG_INSTALL_NAME_i686-unknown-linux-gnu =
 CFG_LIBUV_LINK_FLAGS_i686-unknown-linux-gnu =
@ -228,7 +226,7 @@ CFG_GCCISH_CXXFLAGS_arm-linux-androideabi := -fno-rtti
 CFG_GCCISH_LINK_FLAGS_arm-linux-androideabi := -shared -fPIC -ldl -g -lm -lsupc++ -lgnustl_shared
 CFG_GCCISH_DEF_FLAG_arm-linux-androideabi := -Wl,--export-dynamic,--dynamic-list=
 CFG_GCCISH_PRE_LIB_FLAGS_arm-linux-androideabi := -Wl,-whole-archive
-CFG_GCCISH_POST_LIB_FLAGS_arm-linux-androideabi := -Wl,-no-whole-archive -Wl,-znoexecstack
+CFG_GCCISH_POST_LIB_FLAGS_arm-linux-androideabi := -Wl,-no-whole-archive
 CFG_DEF_SUFFIX_arm-linux-androideabi := .android.def
 CFG_INSTALL_NAME_arm-linux-androideabi =
 CFG_LIBUV_LINK_FLAGS_arm-linux-androideabi =
--- a/src/rt/arch/arm/_context.S
+++ b/src/rt/arch/arm/_context.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@ -17,12 +22,12 @@ swap_registers:
 	str r10, [r0, #40]
 	str r11, [r0, #44]
 	str r12, [r0, #48]
-	str sp, [r0, #52] 
+	str sp, [r0, #52]
 	str lr, [r0, #56]

 	mrs r2, cpsr
 	str r2, [r0, #64]
-	
+

 	ldr r0, [r1, #0]
 	ldr r3, [r1, #12]
@ -35,10 +40,10 @@ swap_registers:
 	ldr r10, [r1, #40]
 	ldr r11, [r1, #44]
 	ldr r12, [r1, #48]
-	
+
 	ldr sp, [r1, #52]
 	ldr lr, [r1, #56]
-	 
+
 	ldr r2, [r1, #64]
 	msr cpsr_cxsf, r2

--- a/src/rt/arch/arm/ccall.S
+++ b/src/rt/arch/arm/ccall.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@ -19,4 +24,3 @@ __morestack:
 	pop {r4, fp, lr}
 	mov pc, lr
 	.fnend
-
--- a/src/rt/arch/arm/morestack.S
+++ b/src/rt/arch/arm/morestack.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
--- a/src/rt/arch/arm/record_sp.S
+++ b/src/rt/arch/arm/record_sp.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .code 32
 .arm
@ -45,11 +50,12 @@ get_sp_limit:
 get_sp:
 	mov r0, sp
 	mov pc, lr
-	
+
 .data
 my_cpu:	.long	0
 .global my_array
-my_array:	
+my_array:
+	.long	0
 	.long	0
 	.long	0
 	.long	0
@ -57,5 +63,4 @@ my_array:
 	.long	0
 	.long	0
 	.long	0
-	.long	0	
 .end
--- a/src/rt/arch/i386/_context.S
+++ b/src/rt/arch/i386/_context.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
        .text

 /*
--- a/src/rt/arch/i386/ccall.S
+++ b/src/rt/arch/i386/ccall.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	The function for switching to the C stack.  It is called
 	__morestack because gdb allows any frame with that name to
--- a/src/rt/arch/i386/morestack.S
+++ b/src/rt/arch/i386/morestack.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	__morestack

@ -218,11 +223,11 @@ MORESTACK:
 .L$bail:
 	movl 32(%esp),%eax
 	inc %eax
-	
+
 	addl $44, %esp
 	popl %ebp
 	addl $4+8,%esp
-	
+
 	jmpl *%eax

 #if defined(__linux__) || defined(__APPLE__) || defined(__FreeBSD__)
@ -241,7 +246,7 @@ L_rust_get_task$stub:
 L_upcall_new_stack$stub:
 	.indirect_symbol _upcall_new_stack
 	.ascii	 "\364\364\364\364\364"
-	
+
 L_upcall_del_stack$stub:
 	.indirect_symbol _upcall_del_stack
 	.ascii	 "\364\364\364\364\364"
--- a/src/rt/arch/i386/record_sp.S
+++ b/src/rt/arch/i386/record_sp.S
@ -0,0 +1,4 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
--- a/src/rt/arch/mips/_context.S
+++ b/src/rt/arch/mips/_context.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text
 .globl swap_registers
 .align 2
--- a/src/rt/arch/mips/ccall.S
+++ b/src/rt/arch/mips/ccall.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text

 .globl __morestack
--- a/src/rt/arch/mips/record_sp.S
+++ b/src/rt/arch/mips/record_sp.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 .text

 .globl record_sp_limit
--- a/src/rt/arch/x86_64/_context.S
+++ b/src/rt/arch/x86_64/_context.S
@ -1,7 +1,12 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 #include "regs.h"
 #define ARG0 RUSTRT_ARG0_S
 #define ARG1 RUSTRT_ARG1_S
-        
+
        .text

 /*
@ -11,7 +16,7 @@ and Microsoft discussion at
 http://msdn.microsoft.com/en-US/library/9z1stfyw%28v=VS.80%29.aspx.

 BOTH CALLING CONVENTIONS
-        
+
 Callee save registers:
 	R12--R15, RDI, RSI, RBX, RBP, RSP
        XMM0--XMM5
@ -30,7 +35,7 @@ User flags have no specified role and are not preserved
        across calls, with the exception of DF in %rFLAGS,
        which must be clear (set to "forward" direction)
        on function entry and return.
-        
+
 MICROSOFT CALLING CONVENTIONS

 Return value: RAX
@ -39,7 +44,7 @@ First four arguments:
        RCX, RDX, R8, R9
        XMM0, XMM1, XMM2, XMM3
 */
-	
+
 /*
        Stores current registers into arg0/RCX and restores
        registers found in arg1/RDX. This is used by our
@ -47,7 +52,7 @@ First four arguments:
        registers and the register used for the first argument.
        Volatile registers in general ought to be saved by the caller
        anyhow.
-*/	
+*/

 #if defined(__APPLE__) || defined(_WIN32)
 #define SWAP_REGISTERS _swap_registers
--- a/src/rt/arch/x86_64/ccall.S
+++ b/src/rt/arch/x86_64/ccall.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	The function for switching to the C stack.  It is called
 	__morestack because gdb allows any frame with that name to
@ -10,7 +15,7 @@
 #define ARG0 RUSTRT_ARG0_S
 #define ARG1 RUSTRT_ARG1_S
 #define ARG2 RUSTRT_ARG2_S
-        
+
        .text

 #if defined(__APPLE__) || defined(_WIN32)
--- a/src/rt/arch/x86_64/morestack.S
+++ b/src/rt/arch/x86_64/morestack.S
@ -1,3 +1,8 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif
+
 /*
 	__morestack

@ -78,7 +83,7 @@ MORESTACK:
 	movq %r11, %rdx // Size of stack arguments
 	movq %rax, %rsi // Address of stack arguments
 	movq %r10, %rdi // The amount of stack needed
-        
+
 #ifdef __APPLE__
 	call UPCALL_NEW_STACK
 #endif
@ -132,7 +137,7 @@ MORESTACK:
 	popq %rax // Restore the return value
 	popq %rbp
 	ret
-	
+
 	.cfi_endproc

 #else
--- a/src/rt/arch/x86_64/record_sp.S
+++ b/src/rt/arch/x86_64/record_sp.S
@ -0,0 +1,4 @@
+// Mark stack as non-executable
+#if defined(__linux__) && defined(__ELF__)
+.section	.note.GNU-stack, "", @progbits
+#endif