Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel
From: Valdis . Kletnieks
Date: Mon Nov 29 2010 - 12:00:31 EST
On Fri, 26 Nov 2010 18:23:55 +0100, mat said:
> Le Wed, 24 Nov 2010 22:41:07 -0500,
> Valdis.Kletnieks@xxxxxx a =E9crit :
> > This is incompatible with CONFIG_JUMP_LABEL:
> >
> > [ 252.093624] BUG: unable to handle kernel paging request at
> > ffffffffa0680764 [ 252.094008] IP: [<ffffffff81225ee0>]
> > generic_swap+0xa/0x1a [ 252.094008] PGD 1a1e067 PUD 1a22063 PMD
> > 1093ac067 PTE 8000000109786161 [ 252.094008] Oops: 0003 [#1] PREEMPT
> > SMP
> > > +config DEBUG_SET_MODULE_RONX
> > > + bool "Set loadable kernel module data as NX and text as RO"
> > > + default n
> > > + depends on X86 && MODULES
> >
> > depends on X86 && MODULES && !JUMP_LABEL
> could you try the attached patch ?
>
> on module load, we sort the __jump_table section. So we should make it
> writable.
> diff --git a/arch/x86/include/asm/jump_label.h b/arch/x86/include/asm/jump_la
bel.h
> index f52d42e..574dbc2 100644
> --- a/arch/x86/include/asm/jump_label.h
> +++ b/arch/x86/include/asm/jump_label.h
> @@ -14,7 +14,7 @@
> do { \
> asm goto("1:" \
> JUMP_LABEL_INITIAL_NOP \
> - ".pushsection __jump_table, \"a\" \n\t"\
> + ".pushsection __jump_table, \"aw\" \n\t"\
Confirming that fixes the issue I was seeing, thanks...
Attachment:
pgp00000.pgp
Description: PGP signature