From: Mike Rapoport <rppt@kernel.org>
To: Richard Weinberger <richard@nod.at>
Cc: linux-kernel@vger.kernel.org, upstream+x86@sigma-star.at,
peterz@infradead.org, hpa@zytor.com, x86@kernel.org,
dave.hansen@linux.intel.com, bp@alien8.de, mingo@redhat.com,
tglx@kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH] x86/Kconfig: enable ROX also when STRICT_KERNEL_RWX is present
Date: Thu, 25 Jun 2026 12:17:50 +0300 [thread overview]
Message-ID: <ajzyPjOPw3bpXfuK@kernel.org> (raw)
In-Reply-To: <20260625090627.1501095-1-richard@nod.at>
On Thu, Jun 25, 2026 at 11:06:27AM +0200, Richard Weinberger wrote:
> Running a kernel with CONFIG_MODULES=n causes the W+X page dectection
> to trigger:
> x86/mm: Found insecure W+X mapping at address 0xffffffffc033a000
>
> The W+X pages come from __its_alloc() with type being EXECMEM_MODULE_TEXT.
> Without ARCH_HAS_EXECMEM_ROX pgprot is PAGE_KERNEL instead of
> PAGE_KERNEL_ROX.
>
> Cc: stable@vger.kernel.org
> Cc: Peter Zijlstra (Intel) <peterz@infradead.org>
> Cc: Mike Rapoport (Microsoft) <rppt@kernel.org>
> Fixes: 47410d839fcda ("x86/Kconfig: only enable ROX cache in execmem when STRICT_MODULE_RWX is set")
> Suggested-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Mike Rapoport (Microsoft) <rppt@kernel.org>
> ---
> arch/x86/Kconfig | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index 0b5f30d769ffb..330ccbf6726ad 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -85,7 +85,7 @@ config X86
> select ARCH_HAS_DMA_OPS if GART_IOMMU || XEN
> select ARCH_HAS_EARLY_DEBUG if KGDB
> select ARCH_HAS_ELF_RANDOMIZE
> - select ARCH_HAS_EXECMEM_ROX if X86_64 && STRICT_MODULE_RWX
> + select ARCH_HAS_EXECMEM_ROX if X86_64 && (STRICT_MODULE_RWX || STRICT_KERNEL_RWX)
> select ARCH_HAS_FAST_MULTIPLIER
> select ARCH_HAS_FORTIFY_SOURCE
> select ARCH_HAS_GCOV_PROFILE_ALL
> --
> 2.51.0
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2026-06-25 9:17 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-25 9:06 [PATCH] x86/Kconfig: enable ROX also when STRICT_KERNEL_RWX is present Richard Weinberger
2026-06-25 9:17 ` Mike Rapoport [this message]
2026-06-25 9:19 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ajzyPjOPw3bpXfuK@kernel.org \
--to=rppt@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=richard@nod.at \
--cc=stable@vger.kernel.org \
--cc=tglx@kernel.org \
--cc=upstream+x86@sigma-star.at \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.