Re: [PATCH] x86/mm: Remove set_pages_x() and set_pages_nx()
From: Linus Torvalds
Date: Wed Sep 18 2019 - 13:54:16 EST
On Wed, Sep 18, 2019 at 10:50 AM Larry Finger <Larry.Finger@xxxxxxxxxxxx> wrote:
> Is there approved way for pages to be set to be executable by an external module
> that would not be a security issue?
Point to what external module and why.
Honestly, the likely answer is simply "no". Why would an external
module ever need to make something executable that isn't read-only
code? That's pretty fundamental. Marking data executable is fairly
questionable these days.
Instead, what might work is to have some higher-level concept that we
actually trust, and that isn't about making data executable, but about
doing something reasonable.
See the difference? Making things executable is not ok, but perhaps a
"alternative runtime code sequence" is ok.