From a3600a106deead9ef33466ab95a87cb64e7b995b Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Thu, 11 Aug 2016 23:59:03 +0800
Subject: [PATCH] icp: mark asm files with noexec stack

If there is no explicit note in the .S files, the obj file will mark it
as requiring an executable stack. This is unneeded and causes issues on
hardened systems.

More info:
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4947
Closes #4962
---
 module/icp/asm-x86_64/aes/aes_amd64.S    | 4 ++++
 module/icp/asm-x86_64/aes/aes_intel.S    | 4 ++++
 module/icp/asm-x86_64/modes/gcm_intel.S  | 4 ++++
 module/icp/asm-x86_64/sha1/sha1-x86_64.S | 4 ++++
 module/icp/asm-x86_64/sha2/sha256_impl.S | 4 ++++
 5 files changed, 20 insertions(+)

diff --git a/module/icp/asm-x86_64/aes/aes_amd64.S b/module/icp/asm-x86_64/aes/aes_amd64.S
index fb6444119..fa66dc321 100644
--- a/module/icp/asm-x86_64/aes/aes_amd64.S
+++ b/module/icp/asm-x86_64/aes/aes_amd64.S
@@ -898,3 +898,7 @@ dec_tab:
 
 	SET_SIZE(aes_decrypt_amd64)
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/aes/aes_intel.S b/module/icp/asm-x86_64/aes/aes_intel.S
index 0b4700f96..6c5c0f919 100644
--- a/module/icp/asm-x86_64/aes/aes_intel.S
+++ b/module/icp/asm-x86_64/aes/aes_intel.S
@@ -849,3 +849,7 @@ ENTRY_NP(aes_decrypt_intel)
 	SET_SIZE(aes_decrypt_intel)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/modes/gcm_intel.S b/module/icp/asm-x86_64/modes/gcm_intel.S
index 9bb40bf23..109f9b47b 100644
--- a/module/icp/asm-x86_64/modes/gcm_intel.S
+++ b/module/icp/asm-x86_64/modes/gcm_intel.S
@@ -332,3 +332,7 @@ ENTRY_NP(gcm_mul_pclmulqdq)
 	SET_SIZE(gcm_mul_pclmulqdq)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha1/sha1-x86_64.S b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
index 53cc156a7..6fb4ac5da 100644
--- a/module/icp/asm-x86_64/sha1/sha1-x86_64.S
+++ b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
@@ -1344,3 +1344,7 @@ SET_SIZE(sha1_block_data_order)
 .asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>"
 
 #endif /* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha2/sha256_impl.S b/module/icp/asm-x86_64/sha2/sha256_impl.S
index b6a9bbc86..b689c9022 100644
--- a/module/icp/asm-x86_64/sha2/sha256_impl.S
+++ b/module/icp/asm-x86_64/sha2/sha256_impl.S
@@ -2058,3 +2058,7 @@ K256:
 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 #endif /* !lint && !__lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif