diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-06 14:07:33 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-01-06 14:07:33 -0500 |
| commit | 4f00b901d4233a78e6ca4d44c8c6fc5d38a3ee9e (patch) | |
| tree | 9b9da4230d33c47298d4fa3e93a4a5f0cb047ee8 /arch/x86/kernel | |
| parent | b4c6e2ea5e46b03c764a918f4999a77a3149979f (diff) | |
| parent | 94462ad3b14739d158a1ab87bb30008c1e5a6bc1 (diff) | |
Merge branch 'x86-security-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip
* 'x86-security-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip:
module: Move RO/NX module protection to after ftrace module update
x86: Resume trampoline must be executable
x86: Add RO/NX protection for loadable kernel modules
x86: Add NX protection for kernel data
x86: Fix improper large page preservation
Diffstat (limited to 'arch/x86/kernel')
| -rw-r--r-- | arch/x86/kernel/ftrace.c | 3 | ||||
| -rw-r--r-- | arch/x86/kernel/vmlinux.lds.S | 8 |
2 files changed, 9 insertions, 2 deletions
diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c index 3afb33f14d2d..298448656b60 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c | |||
| @@ -19,6 +19,7 @@ | |||
| 19 | #include <linux/sched.h> | 19 | #include <linux/sched.h> |
| 20 | #include <linux/init.h> | 20 | #include <linux/init.h> |
| 21 | #include <linux/list.h> | 21 | #include <linux/list.h> |
| 22 | #include <linux/module.h> | ||
| 22 | 23 | ||
| 23 | #include <trace/syscall.h> | 24 | #include <trace/syscall.h> |
| 24 | 25 | ||
| @@ -49,6 +50,7 @@ static DEFINE_PER_CPU(int, save_modifying_code); | |||
| 49 | int ftrace_arch_code_modify_prepare(void) | 50 | int ftrace_arch_code_modify_prepare(void) |
| 50 | { | 51 | { |
| 51 | set_kernel_text_rw(); | 52 | set_kernel_text_rw(); |
| 53 | set_all_modules_text_rw(); | ||
| 52 | modifying_code = 1; | 54 | modifying_code = 1; |
| 53 | return 0; | 55 | return 0; |
| 54 | } | 56 | } |
| @@ -56,6 +58,7 @@ int ftrace_arch_code_modify_prepare(void) | |||
| 56 | int ftrace_arch_code_modify_post_process(void) | 58 | int ftrace_arch_code_modify_post_process(void) |
| 57 | { | 59 | { |
| 58 | modifying_code = 0; | 60 | modifying_code = 0; |
| 61 | set_all_modules_text_ro(); | ||
| 59 | set_kernel_text_ro(); | 62 | set_kernel_text_ro(); |
| 60 | return 0; | 63 | return 0; |
| 61 | } | 64 | } |
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S index e03530aebfd0..bf4700755184 100644 --- a/arch/x86/kernel/vmlinux.lds.S +++ b/arch/x86/kernel/vmlinux.lds.S | |||
| @@ -69,7 +69,7 @@ jiffies_64 = jiffies; | |||
| 69 | 69 | ||
| 70 | PHDRS { | 70 | PHDRS { |
| 71 | text PT_LOAD FLAGS(5); /* R_E */ | 71 | text PT_LOAD FLAGS(5); /* R_E */ |
| 72 | data PT_LOAD FLAGS(7); /* RWE */ | 72 | data PT_LOAD FLAGS(6); /* RW_ */ |
| 73 | #ifdef CONFIG_X86_64 | 73 | #ifdef CONFIG_X86_64 |
| 74 | user PT_LOAD FLAGS(5); /* R_E */ | 74 | user PT_LOAD FLAGS(5); /* R_E */ |
| 75 | #ifdef CONFIG_SMP | 75 | #ifdef CONFIG_SMP |
| @@ -116,6 +116,10 @@ SECTIONS | |||
| 116 | 116 | ||
| 117 | EXCEPTION_TABLE(16) :text = 0x9090 | 117 | EXCEPTION_TABLE(16) :text = 0x9090 |
| 118 | 118 | ||
| 119 | #if defined(CONFIG_DEBUG_RODATA) | ||
| 120 | /* .text should occupy whole number of pages */ | ||
| 121 | . = ALIGN(PAGE_SIZE); | ||
| 122 | #endif | ||
| 119 | X64_ALIGN_DEBUG_RODATA_BEGIN | 123 | X64_ALIGN_DEBUG_RODATA_BEGIN |
| 120 | RO_DATA(PAGE_SIZE) | 124 | RO_DATA(PAGE_SIZE) |
| 121 | X64_ALIGN_DEBUG_RODATA_END | 125 | X64_ALIGN_DEBUG_RODATA_END |
| @@ -335,7 +339,7 @@ SECTIONS | |||
| 335 | __bss_start = .; | 339 | __bss_start = .; |
| 336 | *(.bss..page_aligned) | 340 | *(.bss..page_aligned) |
| 337 | *(.bss) | 341 | *(.bss) |
| 338 | . = ALIGN(4); | 342 | . = ALIGN(PAGE_SIZE); |
| 339 | __bss_stop = .; | 343 | __bss_stop = .; |
| 340 | } | 344 | } |
| 341 | 345 | ||