Re: [announce] [patch] NX (No eXecute) support for x86,2.6.7-rc2-bk2

From: Rusty Russell
Date: Wed Jun 02 2004 - 19:14:03 EST


On Thu, 2004-06-03 at 06:50, Ingo Molnar wrote:
> furthermore, the patch also implements 'NX protection' for kernelspace
> code: only the kernel code and modules are executable - so even

No, actually, it doesn't quite do that:

--- linux/kernel/module.c.orig
+++ linux/kernel/module.c
@@ -1431,7 +1431,7 @@ static struct module *load_module(void _

/* Suck in entire file: we'll want most of it. */
/* vmalloc barfs on "unusual" numbers. Check here */
- if (len > 64 * 1024 * 1024 || (hdr = vmalloc(len)) == NULL)
+ if (len > 64 * 1024 * 1024 || (hdr = vmalloc_exec(len)) == NULL)
return ERR_PTR(-ENOMEM);
if (copy_from_user(hdr, umod, len) != 0) {
err = -EFAULT;

This is where we such the module file into kernel memory to parse it,
not where we actually copy the memory.

You want to replace the arch-specific module_alloc() function for this.
Or even better, reset the NX bit only on executable sections (in the
arch-specific module_finalize(), using mod->core_text_size and
mod->init_text_size). No generic changes necessary.

What surprises me is that this error didn't cause your kernel to explode
the moment you inserted a module containing a function...

Hope that helps!
Rusty.
--
Anyone who quotes me in their signature is an idiot -- Rusty Russell

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/