From a3600a106deead9ef33466ab95a87cb64e7b995b Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Thu, 11 Aug 2016 23:59:03 +0800
Subject: [PATCH] icp: mark asm files with noexec stack

If there is no explicit note in the .S files, the obj file will mark it
as requiring an executable stack. This is unneeded and causes issues on
hardened systems.

More info:
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4947
Closes #4962
---
 module/icp/asm-x86_64/aes/aes_amd64.S    | 4 ++++
 module/icp/asm-x86_64/aes/aes_intel.S    | 4 ++++
 module/icp/asm-x86_64/modes/gcm_intel.S  | 4 ++++
 module/icp/asm-x86_64/sha1/sha1-x86_64.S | 4 ++++
 module/icp/asm-x86_64/sha2/sha256_impl.S | 4 ++++
 5 files changed, 20 insertions(+)

diff --git a/module/icp/asm-x86_64/aes/aes_amd64.S b/module/icp/asm-x86_64/aes/aes_amd64.S
index fb64441196c..fa66dc32114 100644
--- a/module/icp/asm-x86_64/aes/aes_amd64.S
+++ b/module/icp/asm-x86_64/aes/aes_amd64.S
@@ -898,3 +898,7 @@ dec_tab:
 
 	SET_SIZE(aes_decrypt_amd64)
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/aes/aes_intel.S b/module/icp/asm-x86_64/aes/aes_intel.S
index 0b4700f963d..6c5c0f919c3 100644
--- a/module/icp/asm-x86_64/aes/aes_intel.S
+++ b/module/icp/asm-x86_64/aes/aes_intel.S
@@ -849,3 +849,7 @@ ENTRY_NP(aes_decrypt_intel)
 	SET_SIZE(aes_decrypt_intel)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/modes/gcm_intel.S b/module/icp/asm-x86_64/modes/gcm_intel.S
index 9bb40bf239d..109f9b47bf2 100644
--- a/module/icp/asm-x86_64/modes/gcm_intel.S
+++ b/module/icp/asm-x86_64/modes/gcm_intel.S
@@ -332,3 +332,7 @@ ENTRY_NP(gcm_mul_pclmulqdq)
 	SET_SIZE(gcm_mul_pclmulqdq)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha1/sha1-x86_64.S b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
index 53cc156a7df..6fb4ac5daaa 100644
--- a/module/icp/asm-x86_64/sha1/sha1-x86_64.S
+++ b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
@@ -1344,3 +1344,7 @@ SET_SIZE(sha1_block_data_order)
 .asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>"
 
 #endif /* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha2/sha256_impl.S b/module/icp/asm-x86_64/sha2/sha256_impl.S
index b6a9bbc8634..b689c902256 100644
--- a/module/icp/asm-x86_64/sha2/sha256_impl.S
+++ b/module/icp/asm-x86_64/sha2/sha256_impl.S
@@ -2058,3 +2058,7 @@ K256:
 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 #endif /* !lint && !__lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif