[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-security-module
Subject: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend
From: matthieu castet <castet.matthieu () free ! fr>
Date: 2011-01-31 23:03:49
Message-ID: 4D473FD5.1090903 () free ! fr
[Download RAW message or body]
I think it should be applied before 2.6.38 release, because without
this patch S3 suspend doesn't work on x86_32 with CONFIG_DEBUG_RODATA.
["0001-NX-protection-for-kernel-data-fix-32-bits-S3-suspend.patch" (text/x-diff)]
From a8d56e665c9b26c953f355b6e8eeeecafa07efdb Mon Sep 17 00:00:00 2001
From: Matthieu CASTET <castet.matthieu@free.fr>
Date: Thu, 27 Jan 2011 21:36:07 +0100
Subject: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend
32 bits wakeup realmode trampoline enable paging, while still
in low memory.
We should make this memory !NX in order it works.
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Tested-by: Matthias Hopf <mhopf@suse.de>
---
arch/x86/mm/init_32.c | 8 ++++++++
arch/x86/mm/pageattr.c | 7 +++++++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index c821074..0048738 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -227,6 +227,14 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
static inline int is_kernel_text(unsigned long addr)
{
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+ /*
+ * We need to make the wakeup trampoline in first 1MB !NX
+ */
+ if (addr >= PAGE_OFFSET && addr <= (PAGE_OFFSET + (1<<20)))
+ return 1;
+#endif
+
if (addr >= (unsigned long)_text && addr <= (unsigned long)__init_end)
return 1;
return 0;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index d343b3c..f1d6cf5 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -265,6 +265,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
pgprot_val(forbidden) |= _PAGE_NX;
#endif
+ /*
+ * We need to make the wakeup trampoline in first 1MB !NX
+ */
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+ if (within(address, PAGE_OFFSET, PAGE_OFFSET + (1<<20)))
+ pgprot_val(forbidden) |= _PAGE_NX;
+#endif
/*
* The kernel text needs to be executable for obvious reasons
--
1.7.2.3
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic