From mboxrd@z Thu Jan 1 00:00:00 1970 From: Rusty Russell Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel Date: Thu, 2 Dec 2010 00:06:45 +1030 Message-ID: <201012020006.46115.rusty@rustcorp.com.au> References: <4CE2F914.9070106@free.fr> <201011301005.29532.rusty@rustcorp.com.au> <1291128383.27486.35.camel@gandalf.stny.rr.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <1291128383.27486.35.camel@gandalf.stny.rr.com> Sender: linux-security-module-owner@vger.kernel.org To: Steven Rostedt Cc: matthieu castet , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Ingo Molnar , Stephen Rothwell , Dave Jones , Siarhei Liakh , Kees Cook , Peter Zijlstra List-Id: linux-next.vger.kernel.org On Wed, 1 Dec 2010 01:16:23 am Steven Rostedt wrote: > On Tue, 2010-11-30 at 10:05 +1030, Rusty Russell wrote: > > On Tue, 30 Nov 2010 04:45:42 am Steven Rostedt wrote: > > > This patch breaks function tracer: > > ... > > > Here we set the text read only before we call the notifiers. The > > > function tracer changes the calls to mcount into nops via a notifier > > > call so this must be done after the module notifiers. > > > > That seems fine. > > > > I note that both before and after this patch we potentially execute code > > in the module (via parse_args) before we set it ro & nx. But fixing this > > last bit of coverage is probably not worth the pain... > > Rusty, can I take this as an "Acked-by"? Yep... Acked-by: Rusty Russell Thanks, Rusty.