| Message ID | 20101209000646.GA4464@outflux.net |
|---|---|
| State | Accepted |
| Delegated to: | Andy Whitcroft |
| Headers | show |
On 12/08/2010 05:06 PM, Kees Cook wrote: > This includes the suspend/resume fix that is in upstream tip, and the > jump_table fix. I've verified the jump_table fix works, but can't verify > personally the resume fix since resume in -8 (even without these patches) > doesn't work for me, but upstream claims this fixes it. > > The following changes since commit 72dbc55000bd08a2bce7dfd7177bdff65e916ef4: > > UBUNTU: Ubuntu-2.6.37-8.21 (2010-12-05 17:39:04 +0000) > > are available in the git repository at: > git://kernel.ubuntu.com/kees/ubuntu-natty.git master > > Kees Cook (4): > Revert "Revert "x86: Add NX protection for kernel data"" > Revert "Revert "x86: Add RO/NX protection for loadable kernel modules"" > Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX"" > x86: RO/NX protection for loadable kernel, jump_table fix > > Lin Ming (1): > x86: Resume trampoline must be executable > > arch/x86/Kconfig.debug | 11 ++ > arch/x86/include/asm/jump_label.h | 2 +- > arch/x86/include/asm/pci.h | 1 + > arch/x86/kernel/ftrace.c | 3 + > arch/x86/kernel/vmlinux.lds.S | 8 +- > arch/x86/mm/init.c | 3 +- > arch/x86/mm/init_32.c | 20 +++- > arch/x86/mm/pageattr.c | 5 +- > arch/x86/pci/pcbios.c | 23 ++++ > debian.master/config/config.common.ubuntu | 1 + > debian.master/config/enforce | 1 + > include/linux/module.h | 11 ++- > kernel/module.c | 171 ++++++++++++++++++++++++++++- > 13 files changed, 251 insertions(+), 9 deletions(-) > Applied, though I'm curious how you've constructed your tree. The first two reverts had already been applied in master by Ubuntu-2.6.37-6.17. Anyways, pushed to master-next. rtg
Hi Tim, On Thu, Dec 09, 2010 at 08:08:31AM -0700, Tim Gardner wrote: > >Kees Cook (4): > > Revert "Revert "x86: Add NX protection for kernel data"" > > Revert "Revert "x86: Add RO/NX protection for loadable kernel modules"" > > Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX"" > > x86: RO/NX protection for loadable kernel, jump_table fix > > > >Lin Ming (1): > > x86: Resume trampoline must be executable > > > > arch/x86/Kconfig.debug | 11 ++ > > arch/x86/include/asm/jump_label.h | 2 +- > > arch/x86/include/asm/pci.h | 1 + > > arch/x86/kernel/ftrace.c | 3 + > > arch/x86/kernel/vmlinux.lds.S | 8 +- > > arch/x86/mm/init.c | 3 +- > > arch/x86/mm/init_32.c | 20 +++- > > arch/x86/mm/pageattr.c | 5 +- > > arch/x86/pci/pcbios.c | 23 ++++ > > debian.master/config/config.common.ubuntu | 1 + > > debian.master/config/enforce | 1 + > > include/linux/module.h | 11 ++- > > kernel/module.c | 171 ++++++++++++++++++++++++++++- > > 13 files changed, 251 insertions(+), 9 deletions(-) > > > > Applied, though I'm curious how you've constructed your tree. The > first two reverts had already been applied in master by > Ubuntu-2.6.37-6.17. Anyways, pushed to master-next. I was reverting the reverts. There are 7 patches in total for the feature. 4 original, 2 fixes, and 1 config update. 2 of the original were reverted, and the 1 config was reverted. I reapplied those, and then added the 2 fixes. I figure it'll all make sense on the next rebase. -Kees
On 12/09/2010 12:03 PM, Kees Cook wrote: > Hi Tim, > > On Thu, Dec 09, 2010 at 08:08:31AM -0700, Tim Gardner wrote: >>> Kees Cook (4): >>> Revert "Revert "x86: Add NX protection for kernel data"" >>> Revert "Revert "x86: Add RO/NX protection for loadable kernel modules"" >>> Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX"" >>> x86: RO/NX protection for loadable kernel, jump_table fix >>> >>> Lin Ming (1): >>> x86: Resume trampoline must be executable >>> >>> arch/x86/Kconfig.debug | 11 ++ >>> arch/x86/include/asm/jump_label.h | 2 +- >>> arch/x86/include/asm/pci.h | 1 + >>> arch/x86/kernel/ftrace.c | 3 + >>> arch/x86/kernel/vmlinux.lds.S | 8 +- >>> arch/x86/mm/init.c | 3 +- >>> arch/x86/mm/init_32.c | 20 +++- >>> arch/x86/mm/pageattr.c | 5 +- >>> arch/x86/pci/pcbios.c | 23 ++++ >>> debian.master/config/config.common.ubuntu | 1 + >>> debian.master/config/enforce | 1 + >>> include/linux/module.h | 11 ++- >>> kernel/module.c | 171 ++++++++++++++++++++++++++++- >>> 13 files changed, 251 insertions(+), 9 deletions(-) >>> >> >> Applied, though I'm curious how you've constructed your tree. The >> first two reverts had already been applied in master by >> Ubuntu-2.6.37-6.17. Anyways, pushed to master-next. > > I was reverting the reverts. There are 7 patches in total for the feature. > 4 original, 2 fixes, and 1 config update. 2 of the original were reverted, > and the 1 config was reverted. I reapplied those, and then added the 2 > fixes. > > I figure it'll all make sense on the next rebase. > > -Kees > I'm only mildly dyslexic :) Andy seems to have figured it out and pushed correctly.
This includes the suspend/resume fix that is in upstream tip, and the jump_table fix. I've verified the jump_table fix works, but can't verify personally the resume fix since resume in -8 (even without these patches) doesn't work for me, but upstream claims this fixes it. The following changes since commit 72dbc55000bd08a2bce7dfd7177bdff65e916ef4: UBUNTU: Ubuntu-2.6.37-8.21 (2010-12-05 17:39:04 +0000) are available in the git repository at: git://kernel.ubuntu.com/kees/ubuntu-natty.git master Kees Cook (4): Revert "Revert "x86: Add NX protection for kernel data"" Revert "Revert "x86: Add RO/NX protection for loadable kernel modules"" Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX"" x86: RO/NX protection for loadable kernel, jump_table fix Lin Ming (1): x86: Resume trampoline must be executable arch/x86/Kconfig.debug | 11 ++ arch/x86/include/asm/jump_label.h | 2 +- arch/x86/include/asm/pci.h | 1 + arch/x86/kernel/ftrace.c | 3 + arch/x86/kernel/vmlinux.lds.S | 8 +- arch/x86/mm/init.c | 3 +- arch/x86/mm/init_32.c | 20 +++- arch/x86/mm/pageattr.c | 5 +- arch/x86/pci/pcbios.c | 23 ++++ debian.master/config/config.common.ubuntu | 1 + debian.master/config/enforce | 1 + include/linux/module.h | 11 ++- kernel/module.c | 171 ++++++++++++++++++++++++++++- 13 files changed, 251 insertions(+), 9 deletions(-)