From: Duncan Coutts <duncan.coutts@worc.ox.ac.uk>
Date: Thu, 6 Jul 2006 11:43:31 +0000 (+0000)
Subject: Support the GNU non-exec stack annotation system
X-Git-Tag: Before_FC_branch_merge~264
X-Git-Url: http://git.megacz.com/?a=commitdiff_plain;h=c4597dfe0b0de808b6e024b7d7e898e5ae14de19;p=ghc-hetmet.git

Support the GNU non-exec stack annotation system
On recent GNU ELF systems one can mark an object file as not
requiring an executable stack. If all objects- linked into a
program have this note then the program will not use an executable
stack, which is good for security (and some distros have it as a
QA policy). GHC generated code does not need an executable stack
so add the note to the assembly output of the native code
generator (conditional on a configure test).
---

diff --git a/compiler/nativeGen/AsmCodeGen.lhs b/compiler/nativeGen/AsmCodeGen.lhs
index 1576162..3bc9277 100644
--- a/compiler/nativeGen/AsmCodeGen.lhs
+++ b/compiler/nativeGen/AsmCodeGen.lhs
@@ -131,6 +131,15 @@ nativeCodeGen dflags cmms us
                 -- There's a hack to make this work in PprMach.pprNatCmmTop.
             Pretty.$$ Pretty.text ".subsections_via_symbols"
 #endif
+#if HAVE_GNU_NONEXEC_STACK
+                -- On recent GNU ELF systems one can mark an object file
+                -- as not requiring an executable stack. If all objects
+                -- linked into a program have this note then the program
+                -- will not use an executable stack, which is good for
+                -- security. GHC generated code does not need an executable
+                -- stack so add the note in:
+            Pretty.$$ Pretty.text ".section .note.GNU-stack,\"\",@progbits"
+#endif
             )
    }
 
diff --git a/configure.ac b/configure.ac
index 372287a..532aea3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1148,6 +1148,18 @@ AC_TRY_COMPILE(,[__asm__ (".subsections_via_symbols");],
             [Define to 1 if Apple-style dead-stripping is supported.])
     ])
 
+dnl *** check for GNU non-executable stack note support (ELF only)
+dnl     (.section .note.GNU-stack,"",@progbits)
+
+AC_MSG_CHECKING(for GNU non-executable stack support)
+AC_COMPILE_IFELSE(
+    [AC_LANG_PROGRAM([__asm__ (".section .note.GNU-stack,\"\",@progbits");], [0])],
+    [AC_MSG_RESULT(yes)
+     AC_DEFINE([HAVE_GNU_NONEXEC_STACK],[1],
+               [Define to 1 if GNU non-executable stack notes are supported.])
+    ],
+    [AC_MSG_RESULT(no)])
+
 dnl ** check for librt
 AC_CHECK_LIB(rt, clock_gettime)
 AC_CHECK_FUNCS(clock_gettime)