Re: [PATCH v6] RO/NX protection for loadable kernel modules

From: Rusty Russell
Date: Mon Sep 21 2009 - 19:59:47 EST

Next message: Ulrich Drepper: "Re: [PATCH] remove duplicate asm/mman.h files"
Previous message: Mauro Carvalho Chehab: "Re: [origin tree build failure] [PATCH] media: video: Fix build insaa7164"
In reply to: Siarhei Liakh: "Re: [PATCH v6] RO/NX protection for loadable kernel modules"
Next in thread: Siarhei Liakh: "Re: [PATCH v6] RO/NX protection for loadable kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 11 Sep 2009 12:20:47 pm Siarhei Liakh wrote:
> +/*
> + * LKM RO/NX protection: protect module's text/ro-data
> + * from modification and any data from execution.
> + */
> +static void set_section_ro_nx(void *base,
> + unsigned long text_size,
> + unsigned long ro_size,
> + unsigned long total_size)
> +{
> +#ifdef CONFIG_X86

This is usually considered a bad idea. Make a new config option,
CONFIG_HAVE_SET_MEMORY_PROTECTION, select it in arch/x86/Kconfig.
Then wrap the entire functions in one #ifdef CONFIG_HAVE_....
and put empty versions in the #else.

Thanks,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ulrich Drepper: "Re: [PATCH] remove duplicate asm/mman.h files"
Previous message: Mauro Carvalho Chehab: "Re: [origin tree build failure] [PATCH] media: video: Fix build insaa7164"
In reply to: Siarhei Liakh: "Re: [PATCH v6] RO/NX protection for loadable kernel modules"
Next in thread: Siarhei Liakh: "Re: [PATCH v6] RO/NX protection for loadable kernel modules"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]