| Message ID | 20091018161644.GG5394@outflux.net |
|---|---|
| State | Accepted |
| Commit | 8bf095f8b62c5fdfe55a8c95be775ea62be7bc10 |
| Headers | show |
Kees Cook wrote: > This is a correction to the patch titled "UBUNTU: SAUCE: [x86] implement > cs-limit nx-emulation for ia32" so that NX capabilities are correctly > reported based on actual hardware and arch details. > > BugLink: http://bugs.launchpad.net/bugs/454285 > > Signed-off-by: Kees Cook <kees.cook@canonical.com> > --- > arch/x86/mm/init.c | 6 ++++++ > 1 files changed, 6 insertions(+), 0 deletions(-) > > diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c > index 10de7ed..2044967 100644 > --- a/arch/x86/mm/init.c > +++ b/arch/x86/mm/init.c > @@ -77,6 +77,7 @@ static void __init set_nx(void) > #else > static inline void set_nx(void) > { > + nx_enabled = ( (__supported_pte_mask & _PAGE_NX) == _PAGE_NX ); > } > #endif > > @@ -213,8 +214,13 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, > if (nx_enabled) > printk(KERN_INFO "NX (Execute Disable) protection: active\n"); > else > +#ifdef CONFIG_X86_32 > printk(KERN_INFO "Using x86 segment limits to approximate " > "NX protection\n"); > +#else > + printk(KERN_WARNING "Warning: NX (Execute Disable) protection " > + "missing in CPU or disabled in BIOS!\n"); > +#endif > > /* Enable PSE if available */ > if (cpu_has_pse) Applied - would you submit a similar patch upstream for 2.6.32 if you haven't already ? (note that stuff has moved around a bit). rtg
Hi Tim, On Mon, Oct 19, 2009 at 10:45:26AM -0400, Tim Gardner wrote: > Kees Cook wrote: > >This is a correction to the patch titled "UBUNTU: SAUCE: [x86] implement > >cs-limit nx-emulation for ia32" so that NX capabilities are correctly > >reported based on actual hardware and arch details. > > Applied - would you submit a similar patch upstream for 2.6.32 if > you haven't already ? (note that stuff has moved around a bit). Yup, this was my plan. Thanks! -Kees
On Mon, Oct 19, 2009 at 10:45:26AM -0400, Tim Gardner wrote: > Applied - would you submit a similar patch upstream for 2.6.32 if > you haven't already ? (note that stuff has moved around a bit). http://lkml.org/lkml/2009/10/19/228
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c index 10de7ed..2044967 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -77,6 +77,7 @@ static void __init set_nx(void) #else static inline void set_nx(void) { + nx_enabled = ( (__supported_pte_mask & _PAGE_NX) == _PAGE_NX ); } #endif @@ -213,8 +214,13 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, if (nx_enabled) printk(KERN_INFO "NX (Execute Disable) protection: active\n"); else +#ifdef CONFIG_X86_32 printk(KERN_INFO "Using x86 segment limits to approximate " "NX protection\n"); +#else + printk(KERN_WARNING "Warning: NX (Execute Disable) protection " + "missing in CPU or disabled in BIOS!\n"); +#endif /* Enable PSE if available */ if (cpu_has_pse)
This is a correction to the patch titled "UBUNTU: SAUCE: [x86] implement cs-limit nx-emulation for ia32" so that NX capabilities are correctly reported based on actual hardware and arch details. BugLink: http://bugs.launchpad.net/bugs/454285 Signed-off-by: Kees Cook <kees.cook@canonical.com> --- arch/x86/mm/init.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-)