Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753244Ab0K3Oqa (ORCPT ); Tue, 30 Nov 2010 09:46:30 -0500 Received: from hrndva-omtalb.mail.rr.com ([71.74.56.125]:36073 "EHLO hrndva-omtalb.mail.rr.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750877Ab0K3Oq2 (ORCPT ); Tue, 30 Nov 2010 09:46:28 -0500 X-Authority-Analysis: v=1.1 cv=6ptpMFIBtxRk0xdOb6IhJTbTLVRlKjWFes7R4SsWCrA= c=1 sm=0 a=qK-MKYc896kA:10 a=Q9fys5e9bTEA:10 a=OPBmh+XkhLl+Enan7BmTLg==:17 a=v-1sjdctxtBzdkx4BhoA:9 a=Nq1X4wQ_rON_DoIdo0TOCmJFsnEA:4 a=PUjeQqilurYA:10 a=OPBmh+XkhLl+Enan7BmTLg==:117 X-Cloudmark-Score: 0 X-Originating-IP: 67.242.120.143 Subject: Re: [PATCH 3/3 V13] RO/NX protection for loadable kernel From: Steven Rostedt To: Rusty Russell Cc: matthieu castet , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-next@vger.kernel.org, Arjan van de Ven , James Morris , Andrew Morton , Andi Kleen , Thomas Gleixner , "H. Peter Anvin" , Ingo Molnar , Stephen Rothwell , Dave Jones , Siarhei Liakh , Kees Cook , Peter Zijlstra In-Reply-To: <201011301005.29532.rusty@rustcorp.com.au> References: <4CE2F914.9070106@free.fr> <20101129181542.GA11630@home.goodmis.org> <201011301005.29532.rusty@rustcorp.com.au> Content-Type: text/plain; charset="ISO-8859-15" Date: Tue, 30 Nov 2010 09:46:23 -0500 Message-ID: <1291128383.27486.35.camel@gandalf.stny.rr.com> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 898 Lines: 26 On Tue, 2010-11-30 at 10:05 +1030, Rusty Russell wrote: > On Tue, 30 Nov 2010 04:45:42 am Steven Rostedt wrote: > > This patch breaks function tracer: > ... > > Here we set the text read only before we call the notifiers. The > > function tracer changes the calls to mcount into nops via a notifier > > call so this must be done after the module notifiers. > > That seems fine. > > I note that both before and after this patch we potentially execute code > in the module (via parse_args) before we set it ro & nx. But fixing this > last bit of coverage is probably not worth the pain... Rusty, can I take this as an "Acked-by"? Thanks, -- Steve -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/