Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel
From: Tobias Karnat
Date: Mon Jan 03 2011 - 07:46:58 EST
> Sure. I can verify that the patch series (a) doesn't break well-behaved
> modules and (b) it *does* trigger for misbehaving modules (I sent the
> VirtualBox crew a bug report for a module that tried to write to an area
> marked executable).
This seems to be fixed by VirtualBox 4.
I applied the patchset to 2.6.36.
('All in one' patch, http://pastebin.com/raw.php?i=6CDnAkjP )
I have however noticed that after enabling;
CONFIG_DEBUG_KERNEL, CONFIG_DEBUG_RODATA and CONFIG_DEBUG_SET_MODULE_RONX
there are three "Freeing unused kernel memory" messages, is this correct?
Before applying patch:
[ 1.449499] Freeing initrd memory: 16328k freed
[ 3.336464] Freeing unused kernel memory: 844k freed
After applying patch:
[ 1.449262] Freeing initrd memory: 16328k freed
[ 3.297901] Freeing unused kernel memory: 844k freed
[ 3.311849] Write protecting the kernel read-only data: 8192k
[ 3.327592] Freeing unused kernel memory: 448k freed
[ 3.342651] Freeing unused kernel memory: 276k freed
And why does CONFIG_DEBUG_RODATA depend on CONFIG_DEBUG_KERNEL;
Isn't it primarily a security enhancement?
-Tobias
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/