Jordan Niethe <jniet...@gmail.com> writes: > From: Russell Currey <rus...@russell.cc> > > Optionally run W+X checks when dumping pagetable information to > debugfs' kernel_page_tables. > > To use: > $ echo 1 > /sys/kernel/debug/check_wx_pages > $ cat /sys/kernel/debug/kernel_page_tables > > and check the kernel log. Useful for testing strict module RWX. > > To disable W+X checks: > $ echo 0 > /sys/kernel/debug/check_wx_pages > > Update the Kconfig entry to reflect this. > > Also fix a typo. > > Reviewed-by: Kees Cook <keesc...@chromium.org> > Signed-off-by: Russell Currey <rus...@russell.cc> > [jpn: Change check_wx_pages to act as mode bit affecting > kernel_page_tables instead of triggering action on its own] > Signed-off-by: Jordan Niethe <jniet...@gmail.com> > --- > v10: check_wx_pages now affects kernel_page_tables rather then triggers > its own action.
Hmm. I liked the old version better :) I think you changed it based on Christophe's comment: Why not just perform the test everytime someone dumps kernel_page_tables ? But I think he meant *always* do the check when someone dumps kernel_page_tables, not have another file to enable checking and then require someone to dump kernel_page_tables to do the actual check. Still I like the previous version where you can do the checks separately, without having to dump the page tables, because dumping can sometimes take quite a while. What would be even better is if ptdump_check_wx() returned an error when wx pages were found, and that was plumbed out to the debugs file. That way you can script around it. cheers
