6036f373ea
Fix the NX feature boot warning when NX is missing to correctly reflect that BIOSes cannot disable NX now. Signed-off-by: Kees Cook <kees.cook@canonical.com> LKML-Reference: <1289414154-7829-5-git-send-email-kees.cook@canonical.com> Acked-by: Pekka Enberg <penberg@kernel.org> Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk> Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
60 lines
1.3 KiB
C
60 lines
1.3 KiB
C
#include <linux/spinlock.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/init.h>
|
|
|
|
#include <asm/pgtable.h>
|
|
#include <asm/proto.h>
|
|
|
|
static int disable_nx __cpuinitdata;
|
|
|
|
/*
|
|
* noexec = on|off
|
|
*
|
|
* Control non-executable mappings for processes.
|
|
*
|
|
* on Enable
|
|
* off Disable
|
|
*/
|
|
static int __init noexec_setup(char *str)
|
|
{
|
|
if (!str)
|
|
return -EINVAL;
|
|
if (!strncmp(str, "on", 2)) {
|
|
disable_nx = 0;
|
|
} else if (!strncmp(str, "off", 3)) {
|
|
disable_nx = 1;
|
|
}
|
|
x86_configure_nx();
|
|
return 0;
|
|
}
|
|
early_param("noexec", noexec_setup);
|
|
|
|
void __cpuinit x86_configure_nx(void)
|
|
{
|
|
if (cpu_has_nx && !disable_nx)
|
|
__supported_pte_mask |= _PAGE_NX;
|
|
else
|
|
__supported_pte_mask &= ~_PAGE_NX;
|
|
}
|
|
|
|
void __init x86_report_nx(void)
|
|
{
|
|
if (!cpu_has_nx) {
|
|
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
|
|
"missing in CPU!\n");
|
|
} else {
|
|
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
|
|
if (disable_nx) {
|
|
printk(KERN_INFO "NX (Execute Disable) protection: "
|
|
"disabled by kernel command line option\n");
|
|
} else {
|
|
printk(KERN_INFO "NX (Execute Disable) protection: "
|
|
"active\n");
|
|
}
|
|
#else
|
|
/* 32bit non-PAE kernel, NX cannot be used */
|
|
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
|
|
"cannot be enabled: non-PAE kernel!\n");
|
|
#endif
|
|
}
|
|
}
|