Re: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend
From: matthieu castet
Date: Sat Feb 12 2011 - 11:10:37 EST
H. Peter Anvin a écrit :
On 02/07/2011 11:59 AM, castet.matthieu@xxxxxxx wrote:
For .39 I hope we could remove most of the RWX rights after init (This means
make low memory trampoline NX or !RW).
This should be possible on :
- 32 bit if wakeup use trampoline_32 [1] that doesn't enable paging in low
memory (can be NX)
- trampoline_64 need fix to support NX on data section. It tries to read data
section before enabling NX. A possible fix is to use its own page table [2]. And
the kernel one can be NX.
No, you're really barking down the wrong path on this. The trampoline
code is tiny; I don't think it is really worth trying to NX-ify it. The
Even if the trampoline is tiny, a hole is a hole.
The trampoline code job is to jump from low memory (realmode) to somewhere in kernel text.
Why should we enable paging or use kernel page table for doing that ?
additional complexity caused by not being able to execute in this space
will really damage some other incoming code, so it isn't an option as
far as I'm concerned.
What do you plan to add that won't be compatible with that ?
Matthieu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/