x86: tighten kernel image page access rights
On x86-64, kernel memory freed after init can be entirely unmapped instead
of just getting 'poisoned' by overwriting with a debug pattern.
On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
can also be write-protected.
Version 2
On x86-64, kernel memory freed after init can be entirely unmapped instead
of just getting 'poisoned' by overwriting with a debug pattern.
On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
can also be write-protected.
Compared to the first version, this one prevents re-cre
On Thursday 29 March 2007 15:49, Jan Beulich wrote:
> >>> Andi Kleen <[EMAIL PROTECTED]> 29.03.07 14:22 >>>
> >On Thursday 29 March 2007 14:01, Jan Beulich wrote:
> >> On x86-64, kernel memory freed after init can be entirely unmapped instead
> >> of just getting 'poisoned' by overwriting with a de
>>> Andi Kleen <[EMAIL PROTECTED]> 29.03.07 14:22 >>>
>On Thursday 29 March 2007 14:01, Jan Beulich wrote:
>> On x86-64, kernel memory freed after init can be entirely unmapped instead
>> of just getting 'poisoned' by overwriting with a debug pattern.
>>
>> On i386 and x86-64 (under CONFIG_DEBUG_R
On Thursday 29 March 2007 14:01, Jan Beulich wrote:
> On x86-64, kernel memory freed after init can be entirely unmapped instead
> of just getting 'poisoned' by overwriting with a debug pattern.
>
> On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
> can also be write-prote
On x86-64, kernel memory freed after init can be entirely unmapped instead
of just getting 'poisoned' by overwriting with a debug pattern.
On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
can also be write-protected.
(Not sure what the symbol 'stext' is good for; can it b
On Thursday 29 March 2007 09:17, Jan Beulich wrote:
> >>> Andi Kleen <[EMAIL PROTECTED]> 28.03.07 21:07 >>>
> >
> >> +#ifdef CONFIG_HOTPLUG_CPU
> >> + /* It must still be possible to apply SMP alternatives. */
> >> + if (num_possible_cpus() <= 1)
> >
> >It would be better to temporarily change th
>>> Andi Kleen <[EMAIL PROTECTED]> 28.03.07 21:07 >>>
>
>> +#ifdef CONFIG_HOTPLUG_CPU
>> +/* It must still be possible to apply SMP alternatives. */
>> +if (num_possible_cpus() <= 1)
>
>It would be better to temporarily change the pages where the alternatives
>are applied while that is done
> +#ifdef CONFIG_HOTPLUG_CPU
> + /* It must still be possible to apply SMP alternatives. */
> + if (num_possible_cpus() <= 1)
It would be better to temporarily change the pages where the alternatives
are applied while that is done and keep it otherwise ro
-Andi
-
To unsubscribe from this
On x86-64, kernel memory freed after init can be entirely unmapped instead
of just getting 'poisoned' by overwriting with a debug pattern.
On i386 and x86-64 (under CONFIG_DEBUG_RODATA), kernel text and bug table
can also be write-protected. On x86-64, in addition to that, also make sure
that both
10 matches
Mail list logo