Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754611AbZIUX54 (ORCPT ); Mon, 21 Sep 2009 19:57:56 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754532AbZIUX5z (ORCPT ); Mon, 21 Sep 2009 19:57:55 -0400 Received: from mx1.redhat.com ([209.132.183.28]:6301 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754317AbZIUX5y (ORCPT ); Mon, 21 Sep 2009 19:57:54 -0400 Date: Mon, 21 Sep 2009 17:40:47 -0400 From: Dave Jones To: Siarhei Liakh Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Ingo Molnar , Rusty Russell , Stephen Rothwell Subject: Re: [PATCH v6] RO/NX protection for loadable kernel modules Message-ID: <20090921214046.GA17243@redhat.com> Mail-Followup-To: Dave Jones , Siarhei Liakh , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Ingo Molnar , Rusty Russell , Stephen Rothwell References: <817ecb6f0909101950v2fc6dc6u5cbc40cd9a9dde77@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <817ecb6f0909101950v2fc6dc6u5cbc40cd9a9dde77@mail.gmail.com> User-Agent: Mutt/1.5.19 (2009-01-05) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2013 Lines: 47 On Thu, Sep 10, 2009 at 10:50:47PM -0400, Siarhei Liakh wrote: > This patch is a logical extension of the protection provided by > CONFIG_DEBUG_RODATA to LKMs. The protection is provided by splitting > module_core and module_init into three logical parts each and setting > appropriate page access permissions for each individual section: > > 1. Code: RO+X > 2. RO data: RO+NX > 3. RW data: RW+NX Hi Siarhei, I tried out this patch on 2.6.31, and got the following trace during bootup.. ------------[ cut here ]------------ WARNING: at kernel/trace/ftrace.c:1003 ftrace_bug+0x198/0x27e() (Not tainted) Hardware name: VGN-Z540N Modules linked in: output(+) Pid: 115, comm: modprobe Not tainted 2.6.31-23.fc12.x86_64 #1 Call Trace: [] warn_slowpath_common+0x95/0xc3 [] ? video_output_register+0x11/0x10a [output] [] warn_slowpath_null+0x27/0x3d [] ftrace_bug+0x198/0x27e [] ? video_output_register+0x11/0x10a [output] [] ftrace_convert_nops+0x201/0x2b9 [] ? video_output_register+0x11/0x10a [output] [] ftrace_module_notify+0x4c/0x7f [] notifier_call_chain+0x72/0xba [] ? __blocking_notifier_call_chain+0x4c/0x8e [] __blocking_notifier_call_chain+0x63/0x8e [] blocking_notifier_call_chain+0x27/0x3d [] sys_init_module+0xb7/0x249 [] system_call_fastpath+0x16/0x1b ---[ end trace 95b33ebf87286ae6 ]--- ftrace faulted on writing [] video_output_register+0x11/0x10a [output] I guess ftrace is trying to NOP out something in the modules which are marked read-only ? Dave -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/