Support the GNU non-exec stack annotation system

On recent GNU ELF systems one can mark an object file as not requiring an executable stack. If all objects- linked into a program have this note then the program will not use an executable stack, which is good for security (and some distros have it as a QA policy). GHC generated code does not need an executable stack so add the note to the assembly output of the native code generator (conditional on a configure test).

Support the GNU non-exec stack annotation system
On recent GNU ELF systems one can mark an object file as not requiring an executable stack. If all objects- linked into a program have this note then the program will not use an executable stack, which is good for security (and some distros have it as a QA policy). GHC generated code does not need an executable stack so add the note to the assembly output of the native code generator (conditional on a configure test).
c4597dfe · duncan.coutts@worc.ox.ac.uk · 334bc6d8 · c4597dfe · c4597dfe
Commit c4597dfe authored Jul 06, 2006 by duncan.coutts@worc.ox.ac.uk
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 0 deletions

compiler/nativeGen/AsmCodeGen.lhs compiler/nativeGen/AsmCodeGen.lhs +9 -0

configure.ac configure.ac +12 -0

No files found.
--- a/compiler/nativeGen/AsmCodeGen.lhs
+++ b/compiler/nativeGen/AsmCodeGen.lhs
@@ -130,6 +130,15 @@ nativeCodeGen dflags cmms us
                -- dead-stripping of code and data on a per-symbol basis.
                -- There's a hack to make this work in PprMach.pprNatCmmTop.
            Pretty.$$ Pretty.text ".subsections_via_symbols"
+#endif
+#if HAVE_GNU_NONEXEC_STACK
+                -- On recent GNU ELF systems one can mark an object file
+                -- as not requiring an executable stack. If all objects
+                -- linked into a program have this note then the program
+                -- will not use an executable stack, which is good for
+                -- security. GHC generated code does not need an executable
+                -- stack so add the note in:
+            Pretty.$$ Pretty.text ".section .note.GNU-stack,\"\",@progbits"
 #endif
            )
   }

--- a/configure.ac
+++ b/configure.ac
@@ -1148,6 +1148,18 @@ AC_TRY_COMPILE(,[__asm__ (".subsections_via_symbols");],
            [Define to 1 if Apple-style dead-stripping is supported.])
    ])

+dnl *** check for GNU non-executable stack note support (ELF only)
+dnl     (.section .note.GNU-stack,"",@progbits)
+
+AC_MSG_CHECKING(for GNU non-executable stack support)
+AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([__asm__ (".section .note.GNU-stack,\"\",@progbits");], [0])],
+    [AC_MSG_RESULT(yes)
+     AC_DEFINE([HAVE_GNU_NONEXEC_STACK],[1],
+               [Define to 1 if GNU non-executable stack notes are supported.])
+    ],
+    [AC_MSG_RESULT(no)])
+
 dnl ** check for librt
 AC_CHECK_LIB(rt, clock_gettime)
 AC_CHECK_FUNCS(clock_gettime)