Re: [PATCH V5] x86: NX protection for kernel data
From: Arjan van de Ven
Date: Tue Oct 13 2009 - 10:08:35 EST
On Tue, 13 Oct 2009 07:35:28 -0400
Siarhei Liakh <sliakh.lkml@xxxxxxxxx> wrote:
> ---[ Kernel Mapping ]---
> 0xc0000000-0xc0100000 1M RW GLB x pte
> -0xc0100000-0xc048d000 3636K ro GLB x pte
> -0xc048d000-0xc04d0000 268K RW GLB x pte
> -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> -0xc04d2000-0xc04d3000 4K RW GLB x pte
> -0xc04d3000-0xc0531000 376K RW GLB NX pte
> -0xc0531000-0xc0600000 828K RW GLB x pte
> +0xc0100000-0xc0381000 2564K ro GLB x pte
> +0xc0381000-0xc048d000 1072K ro GLB NX pte
> +0xc048d000-0xc0600000 1484K RW GLB NX pte
> 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> 0xf79fe000-0xf7a00000 8K pte
> ===============================================
>
looks great to me; the result is
* kernel is ro + x
* rodata is ro + NX
* data is RW + NX
(and there is no "RW + x", other than the first megabyte... hmm. maybe
we need to look at that as well at some point)
Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/