From a3600a106deead9ef33466ab95a87cb64e7b995b Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Thu, 11 Aug 2016 23:59:03 +0800
Subject: [PATCH] icp: mark asm files with noexec stack

If there is no explicit note in the .S files, the obj file will mark it
as requiring an executable stack. This is unneeded and causes issues on
hardened systems.

More info:
https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart

Signed-off-by: Jason Zaman <jason@perfinion.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #4947
Closes #4962
---
 module/icp/asm-x86_64/aes/aes_amd64.S    | 4 ++++
 module/icp/asm-x86_64/aes/aes_intel.S    | 4 ++++
 module/icp/asm-x86_64/modes/gcm_intel.S  | 4 ++++
 module/icp/asm-x86_64/sha1/sha1-x86_64.S | 4 ++++
 module/icp/asm-x86_64/sha2/sha256_impl.S | 4 ++++
 5 files changed, 20 insertions(+)

diff --git a/module/icp/asm-x86_64/aes/aes_amd64.S b/module/icp/asm-x86_64/aes/aes_amd64.S
index fb64441196..fa66dc3211 100644
--- a/module/icp/asm-x86_64/aes/aes_amd64.S
+++ b/module/icp/asm-x86_64/aes/aes_amd64.S
@@ -898,3 +898,7 @@ dec_tab:
 
 	SET_SIZE(aes_decrypt_amd64)
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/aes/aes_intel.S b/module/icp/asm-x86_64/aes/aes_intel.S
index 0b4700f963..6c5c0f919c 100644
--- a/module/icp/asm-x86_64/aes/aes_intel.S
+++ b/module/icp/asm-x86_64/aes/aes_intel.S
@@ -849,3 +849,7 @@ ENTRY_NP(aes_decrypt_intel)
 	SET_SIZE(aes_decrypt_intel)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/modes/gcm_intel.S b/module/icp/asm-x86_64/modes/gcm_intel.S
index 9bb40bf239..109f9b47bf 100644
--- a/module/icp/asm-x86_64/modes/gcm_intel.S
+++ b/module/icp/asm-x86_64/modes/gcm_intel.S
@@ -332,3 +332,7 @@ ENTRY_NP(gcm_mul_pclmulqdq)
 	SET_SIZE(gcm_mul_pclmulqdq)
 
 #endif	/* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha1/sha1-x86_64.S b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
index 53cc156a7d..6fb4ac5daa 100644
--- a/module/icp/asm-x86_64/sha1/sha1-x86_64.S
+++ b/module/icp/asm-x86_64/sha1/sha1-x86_64.S
@@ -1344,3 +1344,7 @@ SET_SIZE(sha1_block_data_order)
 .asciz	"SHA1 block transform for x86_64, CRYPTOGAMS by <appro@openssl.org>"
 
 #endif /* lint || __lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif
diff --git a/module/icp/asm-x86_64/sha2/sha256_impl.S b/module/icp/asm-x86_64/sha2/sha256_impl.S
index b6a9bbc863..b689c90225 100644
--- a/module/icp/asm-x86_64/sha2/sha256_impl.S
+++ b/module/icp/asm-x86_64/sha2/sha256_impl.S
@@ -2058,3 +2058,7 @@ K256:
 	.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
 	.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
 #endif /* !lint && !__lint */
+
+#ifdef __ELF__
+.section .note.GNU-stack,"",%progbits
+#endif