Update.

* sysdeps/unisx/sysv/linux/dl-execstack.c: Get protection flag
	from memory.
	* elf/dl-load.c (_dl_map_object_from_fd): Add PROT_EXEC flag to
	__stack_flags.

ChangeLog

@@ -1,5 +1,10 @@
 2004-09-18  Ulrich Drepper  <drepper@redhat.com>
 
+	* sysdeps/unisx/sysv/linux/dl-execstack.c: Get protection flag
+	from memory.
+	* elf/dl-load.c (_dl_map_object_from_fd): Add PROT_EXEC flag to
+	__stack_flags.
+
 	* sysdeps/posix/getaddrinfo.c (gaih_inet): Do not use
 	gethostbyname3_r if we are not looking for the canonical name.
 

elf/dl-load.c

@@ -101,6 +101,9 @@ ELF_PREFERRED_ADDRESS_DATA;
 # define ELF_FIXED_ADDRESS(loader, mapstart) ((void) 0)
 #endif
 
+
+extern int __stack_prot attribute_relro attribute_hidden;
+
 /* Type for the buffer we put the ELF header and hopefully the program
    header.  This buffer does not really have to be too large.  In most
    cases the program header follows the ELF header directly.  If this
@@ -1302,6 +1305,35 @@ cannot allocate TLS data structures for initial thread");
       goto call_lose;
     }
 
+  if (__builtin_expect ((stack_flags &~ GL(dl_stack_flags)) & PF_X, 0))
+    {
+      /* The stack is presently not executable, but this module
+	 requires that it be executable.  We must change the
+	 protection of the variable which contains the flags used in
+	 the mprotect calls.  */
+#ifdef HAVE_Z_RELRO
+      if (mode & __RTLD_DLOPEN)
+	{
+	  uintptr_t p = ((uintptr_t) &__stack_prot) & ~(GLRO(dl_pagesize) - 1);
+	  size_t s = (uintptr_t) &__stack_prot - p + sizeof (int);
+
+	  __mprotect ((void *) p, s, PROT_READ|PROT_WRITE);
+	  __stack_prot |= PROT_EXEC;
+	  __mprotect ((void *) p, s, PROT_READ);
+	}
+      else
+#endif
+	__stack_prot |= PROT_EXEC;
+
+      errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
+      if (errval)
+	{
+	  errstring = N_("\
+cannot enable executable stack as shared object requires");
+	  goto call_lose;
+	}
+    }
+
   if (l->l_info[DT_HASH])
     _dl_setup_hash (l);
 
@@ -1344,19 +1376,6 @@ cannot allocate TLS data structures for initial thread");
   l->l_dev = st.st_dev;
   l->l_ino = st.st_ino;
 
-  if (__builtin_expect ((stack_flags &~ GL(dl_stack_flags)) & PF_X, 0))
-    {
-      /* The stack is presently not executable, but this module
-	 requires that it be executable.  */
-      errval = (*GL(dl_make_stack_executable_hook)) (stack_endp);
-      if (errval)
-	{
-	  errstring = N_("\
-cannot enable executable stack as shared object requires");
-	  goto call_lose;
-	}
-    }
-
   /* When we profile the SONAME might be needed for something else but
      loading.  Add it right away.  */
   if (__builtin_expect (GLRO(dl_profile) != NULL, 0)

sysdeps/unix/sysv/linux/dl-execstack.c

@@ -28,6 +28,14 @@
 #include "kernel-features.h"
 
 
+int __stack_prot attribute_hidden attribute_relro
+#if _STACK_GROWS_DOWN
+     = PROT_READ|PROT_WRITE|PROT_GROWSDOWN;
+#elif _STACK_GROWS_UP
+     = PROT_READ|PROT_WRITE|PROT_GROWSUP;
+#endif
+
+
 int
 internal_function
 _dl_make_stack_executable (void **stack_endp)
@@ -51,8 +59,7 @@ _dl_make_stack_executable (void **stack_endp)
 #  endif
     {
       if (__builtin_expect (__mprotect ((void *) page, GLRO(dl_pagesize),
-					PROT_READ|PROT_WRITE|PROT_EXEC
+					__stack_prot) == 0, 1))
-					|PROT_GROWSDOWN) == 0, 1))
 	goto return_success;
 #  if __ASSUME_PROT_GROWSUPDOWN == 0
       if (errno == EINVAL)
@@ -76,7 +83,7 @@ _dl_make_stack_executable (void **stack_endp)
   while (1)
     {
       if (__mprotect ((void *) page, size,
-		      PROT_READ|PROT_WRITE|PROT_EXEC) == 0)
+		      __stack_prot & ~PROT_GROWSDOWN) == 0)
 	/* We got this chunk changed; loop to do another chunk below.  */
 	page -= size;
       else