[Pull Request] [Natty] module RO/NX take 2, with fixes
Kees Cook
kees.cook at canonical.com
Thu Dec 9 19:03:18 UTC 2010
Hi Tim,
On Thu, Dec 09, 2010 at 08:08:31AM -0700, Tim Gardner wrote:
> >Kees Cook (4):
> > Revert "Revert "x86: Add NX protection for kernel data""
> > Revert "Revert "x86: Add RO/NX protection for loadable kernel modules""
> > Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX""
> > x86: RO/NX protection for loadable kernel, jump_table fix
> >
> >Lin Ming (1):
> > x86: Resume trampoline must be executable
> >
> > arch/x86/Kconfig.debug | 11 ++
> > arch/x86/include/asm/jump_label.h | 2 +-
> > arch/x86/include/asm/pci.h | 1 +
> > arch/x86/kernel/ftrace.c | 3 +
> > arch/x86/kernel/vmlinux.lds.S | 8 +-
> > arch/x86/mm/init.c | 3 +-
> > arch/x86/mm/init_32.c | 20 +++-
> > arch/x86/mm/pageattr.c | 5 +-
> > arch/x86/pci/pcbios.c | 23 ++++
> > debian.master/config/config.common.ubuntu | 1 +
> > debian.master/config/enforce | 1 +
> > include/linux/module.h | 11 ++-
> > kernel/module.c | 171 ++++++++++++++++++++++++++++-
> > 13 files changed, 251 insertions(+), 9 deletions(-)
> >
>
> Applied, though I'm curious how you've constructed your tree. The
> first two reverts had already been applied in master by
> Ubuntu-2.6.37-6.17. Anyways, pushed to master-next.
I was reverting the reverts. There are 7 patches in total for the feature.
4 original, 2 fixes, and 1 config update. 2 of the original were reverted,
and the 1 config was reverted. I reapplied those, and then added the 2
fixes.
I figure it'll all make sense on the next rebase.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list