[PATCH natty] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Kees Cook kees at ubuntu.com
Wed Mar 30 22:06:32 UTC 2011 

When booting a 32bit non-PAE kernel on a CPU that supports hardware NX,
dmesg did not indicate that NX emulation was being used. This changes
the dmesg reporting to be more clear. Warnings about lacking hardware
NX remain, and the state of NX-emulation is reported when enabled.

BugLink: https://launchpad.net/bugs/745181

Signed-off-by: Kees Cook <kees.cook at canonical.com>
---
 arch/x86/mm/setup_nx.c |   28 +++++++++++++++++-----------
 1 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index 4323de4..90c9eff 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -40,19 +40,12 @@ void __cpuinit x86_configure_nx(void)
 
 void __init x86_report_nx(void)
 {
+	int nx_emulation = 0;
+
 	if (!cpu_has_nx) {
-#ifdef CONFIG_X86_32
-		if (!disable_nx)
-			printk(KERN_INFO "NX (Execute Disable) protection: "
-			       "approximated by x86 segment limits\n");
-		else
-			printk(KERN_INFO "NX (Execute Disable) protection: "
-			       "approximation disabled by kernel command "
-			       "line option\n");
-#else
 		printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
 		       "missing in CPU!\n");
-#endif
+		nx_emulation = 1;
 	} else {
 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
 		if (disable_nx) {
@@ -65,7 +58,20 @@ void __init x86_report_nx(void)
 #else
 		/* 32bit non-PAE kernel, NX cannot be used */
 		printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
-		       "cannot be enabled: non-PAE kernel!\n");
+		       "cannot be enabled in hardware: non-PAE kernel!\n");
+		nx_emulation = 1;
+#endif
+	}
+
+	if (nx_emulation) {
+#ifdef CONFIG_X86_32
+		if (!disable_nx)
+			printk(KERN_INFO "NX (Execute Disable) protection: "
+			       "approximated by x86 segment limits\n");
+		else
+			printk(KERN_INFO "NX (Execute Disable) protection: "
+			       "approximation disabled by kernel command "
+			       "line option\n");
 #endif
 	}
 }
-- 
1.7.4.1


-- 
Kees Cook
Ubuntu Security Team

More information about the kernel-team mailing list