From 82ef8858b394718e21a6a36793bc6a796cdd1c3e Mon Sep 17 00:00:00 2001 From: Xavier Leroy Date: Tue, 20 Aug 2024 09:29:44 +0200 Subject: [PATCH] Mark stack as non-executable in binaries produced by ccomp On Linux and BSD, add "stack not executable" annotations to every asm file produced by ccomp or hand-written in the runtime support library. Left for future work: adding the annotation to runtime/powerpc*/*.s . (These files are not preprocessed, and must remain compatible with Diab.) --- backend/PrintAsm.ml | 1 + backend/PrintAsmaux.ml | 9 +++++++++ runtime/aarch64/sysdeps.h | 4 ++++ runtime/arm/sysdeps.h | 4 ++++ runtime/riscV/sysdeps.h | 3 +++ runtime/x86_32/sysdeps.h | 2 ++ runtime/x86_64/sysdeps.h | 2 ++ 7 files changed, 25 insertions(+) diff --git a/backend/PrintAsm.ml b/backend/PrintAsm.ml index 514f3d32fe..18bedd4f50 100644 --- a/backend/PrintAsm.ml +++ b/backend/PrintAsm.ml @@ -210,6 +210,7 @@ let print_program oc p = List.iter (Printer.print_globdef oc) p.prog_defs; Target.print_epilogue oc; Printer.print_ais_annot oc; + print_nonexec_stack_note oc; if !Clflags.option_g then begin let atom_to_s s = diff --git a/backend/PrintAsmaux.ml b/backend/PrintAsmaux.ml index e99d18040f..aee37305c4 100644 --- a/backend/PrintAsmaux.ml +++ b/backend/PrintAsmaux.ml @@ -355,3 +355,12 @@ let macos_mergeable_string_section sz = | 0 | 2 | 4 -> ".const" | 1 -> ".cstring" | _ -> assert false + +(** Marking the stack as non executable *) + +let print_nonexec_stack_note oc = + match Configuration.system with + | "linux" | "bsd" -> + output_string oc "\n\t.section .note.GNU-stack,\"\",%progbits\n" + | _ -> + () diff --git a/runtime/aarch64/sysdeps.h b/runtime/aarch64/sysdeps.h index b098cf1c44..4f050fbe83 100644 --- a/runtime/aarch64/sysdeps.h +++ b/runtime/aarch64/sysdeps.h @@ -63,3 +63,7 @@ _\name: .type f, @function; .size f, . - f #endif + +#if defined(SYS_linux) || defined(SYS_bsd) + .section .note.GNU-stack,"",%progbits +#endif diff --git a/runtime/arm/sysdeps.h b/runtime/arm/sysdeps.h index 0c873f951d..0906fa19a6 100644 --- a/runtime/arm/sysdeps.h +++ b/runtime/arm/sysdeps.h @@ -138,3 +138,7 @@ #define Reg3HI r7 #define Reg3LO r6 #endif + +#if defined(SYS_linux) || defined(SYS_bsd) + .section .note.GNU-stack,"",%progbits +#endif diff --git a/runtime/riscV/sysdeps.h b/runtime/riscV/sysdeps.h index b95ca1b176..ca081dcafd 100644 --- a/runtime/riscV/sysdeps.h +++ b/runtime/riscV/sysdeps.h @@ -61,3 +61,6 @@ #endif +#if defined(SYS_linux) || defined(SYS_bsd) + .section .note.GNU-stack,"",%progbits +#endif diff --git a/runtime/x86_32/sysdeps.h b/runtime/x86_32/sysdeps.h index 973bbe2f9f..c22ed7701d 100644 --- a/runtime/x86_32/sysdeps.h +++ b/runtime/x86_32/sysdeps.h @@ -36,6 +36,8 @@ #if defined(SYS_linux) || defined(SYS_bsd) + .section .note.GNU-stack,"",%progbits + #define GLOB(x) x #define FUNCTION(f) \ .text; \ diff --git a/runtime/x86_64/sysdeps.h b/runtime/x86_64/sysdeps.h index 9031d5d07b..26fc7456c5 100644 --- a/runtime/x86_64/sysdeps.h +++ b/runtime/x86_64/sysdeps.h @@ -36,6 +36,8 @@ #if defined(SYS_linux) || defined(SYS_bsd) + .section .note.GNU-stack,"",%progbits + #define GLOB(x) x #define FUNCTION(f) \ .text; \