From: ko-zu <causeless@gmail.com>
Date: Sat, 13 Nov 2021 13:48:33 +0000 (+0900)
Subject: Remove executable flag from GNU_STACK section
X-Git-Tag: v1.5.1~1^2~57^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2857%2Fhead;p=thirdparty%2Fzstd.git

Remove executable flag from GNU_STACK section

Putting stack marking into every assembly files is required to indicate
that the stack does not need to be executable.
Executable flag on stack conflicts with some security measures, Systemd
MemoryDenyWriteExecute=yes for example.
---

diff --git a/lib/decompress/huf_decompress_amd64.S b/lib/decompress/huf_decompress_amd64.S
index 83e3d7565..97646a2e1 100644
--- a/lib/decompress/huf_decompress_amd64.S
+++ b/lib/decompress/huf_decompress_amd64.S
@@ -1,5 +1,12 @@
 #if !defined(HUF_DISABLE_ASM) && defined(__x86_64__)
 
+/* Stack marking
+ * ref: https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart
+ */
+#if defined(__linux__) && defined(__ELF__)
+.section .note.GNU-stack,"",%progbits
+#endif
+
 /* Calling convention:
  *
  * %rdi contains the first argument: HUF_DecompressAsmArgs*.