Re: [Security] proactive defense: using read-only memory, RO/NXmodules

From: Ingo Molnar
Date: Wed Nov 10 2010 - 04:04:43 EST

* Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:

> Hi,
> On Mon, Nov 08, 2010 at 07:13:24AM +0100, Ingo Molnar wrote:
> > * Kees Cook <kees.cook@xxxxxxxxxxxxx> wrote:
> > > While Dan Rosenberg is working to make things harder to locate potential targets
> > > in the kernel through fixing kernel address leaks[1], I'd like to approach a
> > > related proactive security measure: enforcing read-only memory for things that
> > > would make good targets.
> >
> > Nice! IMHO we need more of that. (If the readonly section gets big enough in
> > practice we could perhaps even mark it large-page in the future. It could serve as
> > an allocator to module code as well - that would probably be a speedup even for
> > modules.)
> Well, I can try to extract and send what PaX does, but it seems relatively
> incompatible with the existing system that uses set_kernel_text_rw() and
> friends.
> > > - Modules need to be correctly marked RO/NX. This patch exists[3], but is
> > > not in mainline. It needs to be in mainline.
> > [...]
> > >
> > > [3];a=commitdiff;h=65187d24fa3ef60f691f847c792e8eaca7e19251
> >
> > The reason the RO/NX patch from Siarhei Liakh is not upstream yet is rather mundane:
> > it introduced regressions - it caused boot crashes on one of my testboxes.
> >
> > But there is no fundamental reason why it shouldnt be upstream. We can push it
> > upstream if the crashes are resolved and if it gets an Ack from Rusty or Linus
> > for the module bits.
> Oh, well, yes, that's a good reason. :) Where was this covered? I'd like to help
> get it reproduced and ironed out.

Matthieu Castet seems to have dusted off those patches and submitted two of them in
this mail:

Subject: [RFC] reworked NX protection for kernel data

Matthieu, are you still interested in this topic?

The original, broken patches were these -tip commits:

1e858c081af5: x86, mm: RO/NX protection for loadable kernel modules
18c60ddc9eff: x86, mm: NX protection for kernel data
c226a2feba21: x86, mm: Set first MB as RW+NX
b29d530510d4: x86, mm: Correcting improper large page preservation

I reported one of the crashes in:

Subject: Re: [tip:x86/mm] x86, mm: Set first MB as RW+NX

on lkml.


To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at