From: Arjan van de Ven <arjan@infradead.org>
To: Ingo Molnar <mingo@elte.hu>
Cc: Siarhei Liakh <sliakh.lkml@gmail.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
Andrew Morton <akpm@linux-foundation.org>, Andi Kleen <ak@muc.de>,
Rusty Russell <rusty@rustcorp.com.au>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>,
David Howells <dhowells@redhat.com>,
Aristeu Rozanski <aris@redhat.com>
Subject: Re: [PATCH V5] x86: NX protection for kernel data
Date: Tue, 13 Oct 2009 07:29:07 -0700 [thread overview]
Message-ID: <20091013072907.1daeba73@infradead.org> (raw)
In-Reply-To: <20091013141527.GA7053@elte.hu>
On Tue, 13 Oct 2009 16:15:27 +0200
Ingo Molnar <mingo@elte.hu> wrote:
>
> * Arjan van de Ven <arjan@infradead.org> wrote:
>
> > On Tue, 13 Oct 2009 07:35:28 -0400
> > Siarhei Liakh <sliakh.lkml@gmail.com> wrote:
> >
> > > ---[ Kernel Mapping ]---
> > > 0xc0000000-0xc0100000 1M RW GLB x pte
> > > -0xc0100000-0xc048d000 3636K ro GLB x pte
> > > -0xc048d000-0xc04d0000 268K RW GLB x pte
> > > -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> > > -0xc04d2000-0xc04d3000 4K RW GLB x pte
> > > -0xc04d3000-0xc0531000 376K RW GLB NX pte
> > > -0xc0531000-0xc0600000 828K RW GLB x pte
> > > +0xc0100000-0xc0381000 2564K ro GLB x pte
> > > +0xc0381000-0xc048d000 1072K ro GLB NX pte
> > > +0xc048d000-0xc0600000 1484K RW GLB NX pte
> > > 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> > > 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> > > 0xf79fe000-0xf7a00000 8K pte
> > > ===============================================
> > >
> >
> > looks great to me; the result is
> > * kernel is ro + x
> > * rodata is ro + NX
> > * data is RW + NX
> >
> > (and there is no "RW + x", other than the first megabyte... hmm.
> > maybe we need to look at that as well at some point)
>
> Could we cover the first megabyte too please via a (default-disabled)
> option? Modern Xorg shouldnt mind about that anymore, right?
I'd be surprised if anything ever did; this is the *kernel* mapping of
the first megabyte, not some userspace mapping....
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
next prev parent reply other threads:[~2009-10-13 14:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-13 1:03 [PATCH V5] x86: NX protection for kernel data Siarhei Liakh
2009-10-13 4:32 ` Arjan van de Ven
2009-10-13 6:03 ` Ingo Molnar
2009-10-13 11:35 ` Siarhei Liakh
2009-10-13 12:28 ` Ingo Molnar
2009-10-13 14:07 ` Arjan van de Ven
2009-10-13 14:15 ` Ingo Molnar
2009-10-13 14:29 ` Arjan van de Ven [this message]
2009-10-13 14:49 ` Alan Cox
2009-10-13 15:34 ` Siarhei Liakh
2009-10-13 14:35 ` Arjan van de Ven
2009-10-13 7:14 ` David Howells
2009-10-13 7:48 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091013072907.1daeba73@infradead.org \
--to=arjan@infradead.org \
--cc=ak@muc.de \
--cc=akpm@linux-foundation.org \
--cc=aris@redhat.com \
--cc=dhowells@redhat.com \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rusty@rustcorp.com.au \
--cc=sliakh.lkml@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.