Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel

[Tobias Karnat]

> Sure.  I can verify that the patch series (a) doesn't break well-behaved
> modules and (b) it *does* trigger for misbehaving modules (I sent the
> VirtualBox crew a bug report for a module that tried to write to an area
> marked executable).

This seems to be fixed by VirtualBox 4.

I applied the patchset to 2.6.36.
('All in one' patch, http://pastebin.com/raw.php?i=6CDnAkjP )

I have however noticed that after enabling;
CONFIG_DEBUG_KERNEL, CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX
there are three "Freeing unused kernel memory" messages, is this correct?

Before applying patch:
[    1.449499] Freeing initrd memory: 16328k freed
[    3.336464] Freeing unused kernel memory: 844k freed

After applying patch:
[    1.449262] Freeing initrd memory: 16328k freed
[    3.297901] Freeing unused kernel memory: 844k freed
[    3.311849] Write protecting the kernel read-only data: 8192k
[    3.327592] Freeing unused kernel memory: 448k freed
[    3.342651] Freeing unused kernel memory: 276k freed

And why does CONFIG_DEBUG_RODATA depend on CONFIG_DEBUG_KERNEL;
Isn't it primarily a security enhancement?

-Tobias

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/