On Wed, Mar 29, 2017 at 11:15 AM, Kees Cook <keesc...@chromium.org> wrote: > Based on PaX's x86 pax_{open,close}_kernel() implementation, this > allows HAVE_ARCH_RARE_WRITE to work on x86. >
> + > +static __always_inline unsigned long __arch_rare_write_begin(void) > +{ > + unsigned long cr0; > + > + preempt_disable(); This looks wrong. DEBUG_LOCKS_WARN_ON(!irqs_disabled()) would work, as would local_irq_disable(). There's no way that just disabling preemption is enough. (Also, how does this interact with perf nmis?) --Andy