[Pull Request] [Natty] module RO/NX take 2, with fixes
Kees Cook
kees at ubuntu.com
Thu Dec 9 00:06:46 UTC 2010
This includes the suspend/resume fix that is in upstream tip, and the
jump_table fix. I've verified the jump_table fix works, but can't verify
personally the resume fix since resume in -8 (even without these patches)
doesn't work for me, but upstream claims this fixes it.
The following changes since commit 72dbc55000bd08a2bce7dfd7177bdff65e916ef4:
UBUNTU: Ubuntu-2.6.37-8.21 (2010-12-05 17:39:04 +0000)
are available in the git repository at:
git://kernel.ubuntu.com/kees/ubuntu-natty.git master
Kees Cook (4):
Revert "Revert "x86: Add NX protection for kernel data""
Revert "Revert "x86: Add RO/NX protection for loadable kernel modules""
Revert "Revert "UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX""
x86: RO/NX protection for loadable kernel, jump_table fix
Lin Ming (1):
x86: Resume trampoline must be executable
arch/x86/Kconfig.debug | 11 ++
arch/x86/include/asm/jump_label.h | 2 +-
arch/x86/include/asm/pci.h | 1 +
arch/x86/kernel/ftrace.c | 3 +
arch/x86/kernel/vmlinux.lds.S | 8 +-
arch/x86/mm/init.c | 3 +-
arch/x86/mm/init_32.c | 20 +++-
arch/x86/mm/pageattr.c | 5 +-
arch/x86/pci/pcbios.c | 23 ++++
debian.master/config/config.common.ubuntu | 1 +
debian.master/config/enforce | 1 +
include/linux/module.h | 11 ++-
kernel/module.c | 171 ++++++++++++++++++++++++++++-
13 files changed, 251 insertions(+), 9 deletions(-)
--
Kees Cook
Ubuntu Security Team
More information about the kernel-team
mailing list