Re: [announce] [patch] NX (No eXecute) support for x86,2.6.7-rc2-bk2
From: Rusty Russell
Date: Thu Jun 03 2004 - 19:08:36 EST
On Thu, 2004-06-03 at 18:53, Ingo Molnar wrote:
> * Rusty Russell <rusty@xxxxxxxxxxxxxxx> wrote:
>
> > You want to replace the arch-specific module_alloc() function for
> > this. Or even better, reset the NX bit only on executable sections (in
> > the arch-specific module_finalize(), using mod->core_text_size and
> > mod->init_text_size). No generic changes necessary.
...
> and yet another sub-topic: when building modules we should align .rodata
> (the first non-executable section) to page boundary. This adds ~2K to
> the module size but it's not an issue i think. Data section overflows do
> happen and if it has a function pointer that can be used as a trampoline
> then we want the whole data section to be non-executable.
Yes. It would add ~4k (if you want to do it for the init sections as
well as the core sections of the module: might not be worth it).
You can set the alignment requirement in module_frob_arch_sections(),
but beware that this alignment will only be relative to the allocation
returned by module_alloc(), so to do this you'll want module_alloc() to
return page-aligned memory.
Note the section sorting done in kernel/module.c:layout_sections(): in
particular, all executable sections are placed FIRST in the module,
which makes your life easier here.
Hope that helps!
Rusty.
--
Anyone who quotes me in their signature is an idiot -- Rusty Russell
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/