[PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Borislav Petkov
bp at alien8.de
Thu Mar 7 20:25:21 UTC 2019
On Thu, Mar 07, 2019 at 12:02:13PM -0800, Andy Lutomirski wrote:
> Should we maybe rename these functions? static_cpu_has() is at least
> reasonably obvious. But cpu_feature_enabled() is different for
> reasons I've never understood, and boot_cpu_has() is IMO terribly
> named. It's not about the boot cpu -- it's about doing the same thing
> but with less bloat and less performance.
Well, it does test bits in boot_cpu_data. I don't care about "boot" in
the name though so feel free to suggest something better.
> (And can we maybe collapse cpu_feature_enabled() and static_cpu_has()
> into the same function?)
I'm not sure it would be always ok to involve the DISABLED_MASK*
buildtime stuff in the checks. It probably is but it would need careful
auditing to be sure, first.
--
Regards/Gruss,
Boris.
Good mailing practices for 400: avoid top-posting and trim the reply.
More information about the Linux-security-module-archive
mailing list