From: Arjan van de Ven <arjan@infradead.org>
To: Siarhei Liakh <sliakh.lkml@gmail.com>
Cc: linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
Andrew Morton <akpm@linux-foundation.org>, Andi Kleen <ak@muc.de>,
Rusty Russell <rusty@rustcorp.com.au>,
Thomas Gleixner <tglx@linutronix.de>,
"H. Peter Anvin" <hpa@zytor.com>, Ingo Molnar <mingo@elte.hu>
Subject: Re: [PATCH v3] RO/NX protection for loadable kernel modules
Date: Sun, 5 Jul 2009 17:03:06 -0700 [thread overview]
Message-ID: <20090705170306.5916293a@infradead.org> (raw)
In-Reply-To: <817ecb6f0907051623l46ad93e9uc24d8d61669c938e@mail.gmail.com>
On Sun, 5 Jul 2009 19:23:56 -0400
Siarhei Liakh <sliakh.lkml@gmail.com> wrote:
>
> By default, the original section layout is preserved and RO/NX is
> enforced only for whole pages of same content.
> However, when compiled with CONFIG_DEBUG_RODATA=y, the patch
> will page-align each group of section to ensure that each page
> contains only one type of content mentioned above.
I like it.
A few minor nitpicks below, but again, I like this.
> +
> +/* Given a virtual address returns 1 if the address is page-aligned,
> + * 0 otherwise */
> +#define PAGE_ALIGNED(ADDR) (((unsigned long) ADDR & \
> + ((1UL << PAGE_SHIFT) - 1UL)) ? \
> + (0) : (1))
there is a #define IS_ALIGNED in include/linux/kernel.h... can that be
used either directly or wrapped around?
> +
> +/* Given a virtual address returns a virtual page number
> + * that contains that address */
> +#define PAGE_NUMBER(ADDR) (((unsigned long) ADDR) >> PAGE_SHIFT)
this is PFN_DOWN() from include/linux/pfn.h
there is also a PFN_UP(), which might be useful in your code where
you first round down, and then skip the first page if it's partial...
... might be able to just round up from the start instead...
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
next prev parent reply other threads:[~2009-07-06 0:02 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-05 23:23 [PATCH v3] RO/NX protection for loadable kernel modules Siarhei Liakh
2009-07-06 0:03 ` Arjan van de Ven [this message]
2009-07-06 1:13 ` Rusty Russell
2009-07-08 0:47 ` [PATCH v4] " Siarhei Liakh
2009-07-08 5:06 ` Arjan van de Ven
2009-07-08 22:31 ` Siarhei Liakh
2009-07-11 11:49 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090705170306.5916293a@infradead.org \
--to=arjan@infradead.org \
--cc=ak@muc.de \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@elte.hu \
--cc=rusty@rustcorp.com.au \
--cc=sliakh.lkml@gmail.com \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox