From: Tulio A M Mendes <tadryanom@hotmail.com>
Date: Fri, 6 Feb 2026 14:31:32 +0000 (-0300)
Subject: x86: enforce W^X and non-exec stack
X-Git-Url: https://projects.tadryanom.me/?a=commitdiff_plain;h=052fcc27257f7db5fd5236d638bc3524931dffee;p=AdrOS.git

x86: enforce W^X and non-exec stack
---

diff --git a/src/arch/x86/boot.S b/src/arch/x86/boot.S
index dfc68be..9580038 100644
--- a/src/arch/x86/boot.S
+++ b/src/arch/x86/boot.S
@@ -189,5 +189,7 @@ stack_bottom:
     .skip 16384
 stack_top:
 
+.section .note.GNU-stack,"",@progbits
+
 /* Helper symbol for map loop limit */
 _kernel_physical_end:
\ No newline at end of file
diff --git a/src/arch/x86/gdt_flush.S b/src/arch/x86/gdt_flush.S
index 18adc31..93b2663 100644
--- a/src/arch/x86/gdt_flush.S
+++ b/src/arch/x86/gdt_flush.S
@@ -14,3 +14,5 @@ gdt_flush:
     ljmp $0x08, $flush_cs
 flush_cs:
     ret
+
+ .section .note.GNU-stack,"",@progbits
diff --git a/src/arch/x86/interrupts.S b/src/arch/x86/interrupts.S
index 235e31c..4f44821 100644
--- a/src/arch/x86/interrupts.S
+++ b/src/arch/x86/interrupts.S
@@ -133,3 +133,5 @@ IRQ 15, 47
 
 /* Syscall vector (int 0x80 -> 128) */
 ISR_NOERRCODE 128
+
+ .section .note.GNU-stack,"",@progbits
diff --git a/src/arch/x86/linker.ld b/src/arch/x86/linker.ld
index 1c82843..82e99da 100644
--- a/src/arch/x86/linker.ld
+++ b/src/arch/x86/linker.ld
@@ -11,6 +11,13 @@ PHYSICAL_BASE = 0x00100000;
 /* But we want to run at 3GB + 1MB virtual */
 KERNEL_VIRT_BASE = 0xC0000000;
 
+PHDRS
+{
+    text PT_LOAD FLAGS(5);
+    rodata PT_LOAD FLAGS(4);
+    data PT_LOAD FLAGS(6);
+}
+
 SECTIONS
 {
     /* 
@@ -30,23 +37,29 @@ SECTIONS
         *(.boot_text)
         /* Rest of the kernel code */
         *(.text)
-    }
+    } :text
+
+    . = ALIGN(0x1000);
 
     .rodata : AT(ADDR(.rodata) - KERNEL_VIRT_BASE)
     {
         *(.rodata)
-    }
+    } :rodata
+
+    . = ALIGN(0x1000);
 
     .data : AT(ADDR(.data) - KERNEL_VIRT_BASE)
     {
         *(.data)
-    }
+    } :data
+
+    . = ALIGN(0x1000);
 
     .bss : AT(ADDR(.bss) - KERNEL_VIRT_BASE)
     {
         *(.bss)
         *(COMMON)
-    }
+    } :data
 
     _end = .;
 }
diff --git a/src/arch/x86/process.S b/src/arch/x86/process.S
index 51c62b7..b1528a9 100644
--- a/src/arch/x86/process.S
+++ b/src/arch/x86/process.S
@@ -32,3 +32,5 @@ context_switch:
     /* 5. Return */
     /* Since we changed ESP, this 'ret' pops the EIP from the NEW stack! */
     ret
+
+ .section .note.GNU-stack,"",@progbits
diff --git a/src/arch/x86/tss_flush.S b/src/arch/x86/tss_flush.S
index fd91165..45d1098 100644
--- a/src/arch/x86/tss_flush.S
+++ b/src/arch/x86/tss_flush.S
@@ -4,3 +4,5 @@ tss_flush:
     mov 4(%esp), %ax
     ltr %ax
     ret
+
+ .section .note.GNU-stack,"",@progbits