[Pull request] [Natty] Add RO/NX protection for loadable kernel modules

Kees Cook kees at ubuntu.com
Fri Nov 19 21:57:37 GMT 2010


This pulls in the module RO/NX protections currently living in tip
x86/security.

The following changes since commit 04c5cc1a4894c3b9d16af7977f5fc4baf230864c:

  UBUNTU: Start new release (2010-11-18 18:12:54 +0000)

are available in the git repository at:
  git://kernel.ubuntu.com/kees/ubuntu-natty.git master

Kees Cook (1):
      UBUNTU: [Config] update config for CONFIG_DEBUG_SET_MODULE_RONX

Matthieu CASTET (3):
      x86: Fix improper large page preservation
      x86: Add NX protection for kernel data
      x86: Add RO/NX protection for loadable kernel modules

 arch/x86/Kconfig.debug                    |   11 ++
 arch/x86/include/asm/pci.h                |    1 +
 arch/x86/kernel/ftrace.c                  |    3 +
 arch/x86/kernel/vmlinux.lds.S             |    8 +-
 arch/x86/mm/init.c                        |    3 +-
 arch/x86/mm/init_32.c                     |   20 +++-
 arch/x86/mm/init_64.c                     |    3 +-
 arch/x86/mm/pageattr.c                    |   33 ++++--
 arch/x86/pci/pcbios.c                     |   23 ++++
 debian.master/config/config.common.ubuntu |    1 +
 debian.master/config/enforce              |    1 +
 include/linux/module.h                    |   11 ++-
 kernel/module.c                           |  171 ++++++++++++++++++++++++++++-
 13 files changed, 270 insertions(+), 19 deletions(-)

-- 
Kees Cook
Ubuntu Security Team



More information about the kernel-team mailing list