Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2
From: Jeff Garzik
Date: Wed Jun 02 2004 - 19:19:57 EST
Rusty Russell wrote:
On Thu, 2004-06-03 at 06:50, Ingo Molnar wrote:
furthermore, the patch also implements 'NX protection' for kernelspace
code: only the kernel code and modules are executable - so even
No, actually, it doesn't quite do that:
--- linux/kernel/module.c.orig
+++ linux/kernel/module.c
@@ -1431,7 +1431,7 @@ static struct module *load_module(void _
/* Suck in entire file: we'll want most of it. */
/* vmalloc barfs on "unusual" numbers. Check here */
- if (len > 64 * 1024 * 1024 || (hdr = vmalloc(len)) == NULL)
+ if (len > 64 * 1024 * 1024 || (hdr = vmalloc_exec(len)) == NULL)
return ERR_PTR(-ENOMEM);
if (copy_from_user(hdr, umod, len) != 0) {
err = -EFAULT;
This is where we such the module file into kernel memory to parse it,
not where we actually copy the memory.
You want to replace the arch-specific module_alloc() function for this.
Or even better, reset the NX bit only on executable sections (in the
arch-specific module_finalize(), using mod->core_text_size and
mod->init_text_size). No generic changes necessary.
What surprises me is that this error didn't cause your kernel to explode
the moment you inserted a module containing a function...
bah, modules are for lame people who don't want to squeeze that last
%0.00001 of additional performance out of their kernel by reducing TLB
and I-cache misses...
Jeff
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/