x86: split NX setup into separate file to limit unstack-protected code

Move the NX setup into a separate file so that it can be compiled without stack-protection while leaving the rest of the mm/init code protected. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>

x86: split NX setup into separate file to limit unstack-protected code
Move the NX setup into a separate file so that it can be compiled without stack-protection while leaving the rest of the mm/init code protected. Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Jeremy Fitzhardinge
1 parent b75fe4e5b8
Showing 4 changed files with 72 additions and 65 deletions Side-by-side Diff
arch/x86/include/asm/pgtable_types.h
arch/x86/mm/Makefile
arch/x86/mm/init.c
arch/x86/mm/setup_nx.c
@@ -277,6 +277,7 @@
 typedef struct page *pgtable_t;
  
 extern pteval_t __supported_pte_mask;
+extern void set_nx(void);
 extern int nx_enabled;
  
 #define pgprot_writecombine	pgprot_writecombine
 obj-y	:=  init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
-	    pat.o pgtable.o physaddr.o gup.o
+	    pat.o pgtable.o physaddr.o gup.o setup_nx.o
  
 # Make sure __phys_addr has no stackprotector
 nostackp := $(call cc-option, -fno-stack-protector)
 CFLAGS_physaddr.o		:= $(nostackp)
-CFLAGS_init.o			:= $(nostackp)
+CFLAGS_setup_nx.o		:= $(nostackp)
  
 obj-$(CONFIG_SMP)		+= tlb.o
  
@@ -28,69 +28,6 @@
 #endif
 ;
  
-int nx_enabled;
-
-#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
-static int disable_nx __cpuinitdata;
-
-/*
- * noexec = on|off
- *
- * Control non-executable mappings for processes.
- *
- * on      Enable
- * off     Disable
- */
-static int __init noexec_setup(char *str)
-{
-	if (!str)
-		return -EINVAL;
-	if (!strncmp(str, "on", 2)) {
-		__supported_pte_mask |= _PAGE_NX;
-		disable_nx = 0;
-	} else if (!strncmp(str, "off", 3)) {
-		disable_nx = 1;
-		__supported_pte_mask &= ~_PAGE_NX;
-	}
-	return 0;
-}
-early_param("noexec", noexec_setup);
-#endif
-
-#ifdef CONFIG_X86_PAE
-static void __init set_nx(void)
-{
-	unsigned int v[4], l, h;
-
-	if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
-		cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
-
-		if ((v[3] & (1 << 20)) && !disable_nx) {
-			rdmsr(MSR_EFER, l, h);
-			l |= EFER_NX;
-			wrmsr(MSR_EFER, l, h);
-			nx_enabled = 1;
-			__supported_pte_mask |= _PAGE_NX;
-		}
-	}
-}
-#else
-static inline void set_nx(void)
-{
-}
-#endif
-
-#ifdef CONFIG_X86_64
-void __cpuinit check_efer(void)
-{
-	unsigned long efer;
-
-	rdmsrl(MSR_EFER, efer);
-	if (!(efer & EFER_NX) || disable_nx)
-		__supported_pte_mask &= ~_PAGE_NX;
-}
-#endif
-
 static void __init find_early_table_space(unsigned long end, int use_pse,
 					  int use_gbpages)
 {
+#include <linux/spinlock.h>
+#include <linux/errno.h>
+#include <linux/init.h>
+
+#include <asm/pgtable.h>
+
+int nx_enabled;
+
+#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
+static int disable_nx __cpuinitdata;
+
+/*
+ * noexec = on|off
+ *
+ * Control non-executable mappings for processes.
+ *
+ * on      Enable
+ * off     Disable
+ */
+static int __init noexec_setup(char *str)
+{
+	if (!str)
+		return -EINVAL;
+	if (!strncmp(str, "on", 2)) {
+		__supported_pte_mask |= _PAGE_NX;
+		disable_nx = 0;
+	} else if (!strncmp(str, "off", 3)) {
+		disable_nx = 1;
+		__supported_pte_mask &= ~_PAGE_NX;
+	}
+	return 0;
+}
+early_param("noexec", noexec_setup);
+#endif
+
+#ifdef CONFIG_X86_PAE
+void __init set_nx(void)
+{
+	unsigned int v[4], l, h;
+
+	if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
+		cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
+
+		if ((v[3] & (1 << 20)) && !disable_nx) {
+			rdmsr(MSR_EFER, l, h);
+			l |= EFER_NX;
+			wrmsr(MSR_EFER, l, h);
+			nx_enabled = 1;
+			__supported_pte_mask |= _PAGE_NX;
+		}
+	}
+}
+#else
+void set_nx(void)
+{
+}
+#endif
+
+#ifdef CONFIG_X86_64
+void __cpuinit check_efer(void)
+{
+	unsigned long efer;
+
+	rdmsrl(MSR_EFER, efer);
+	if (!(efer & EFER_NX) || disable_nx)
+		__supported_pte_mask &= ~_PAGE_NX;
+}
+#endif
...	...	@@ -277,6 +277,7 @@
277	277	typedef struct page *pgtable_t;
278	278
279	279	extern pteval_t __supported_pte_mask;
	280	+extern void set_nx(void);
280	281	extern int nx_enabled;
281	282
282	283	#define pgprot_writecombine pgprot_writecombine
1	1	obj-y := init.o init_$(BITS).o fault.o ioremap.o extable.o pageattr.o mmap.o \
2		- pat.o pgtable.o physaddr.o gup.o
	2	+ pat.o pgtable.o physaddr.o gup.o setup_nx.o
3	3
4	4	# Make sure __phys_addr has no stackprotector
5	5	nostackp := $(call cc-option, -fno-stack-protector)
6	6	CFLAGS_physaddr.o := $(nostackp)
7		-CFLAGS_init.o := $(nostackp)
	7	+CFLAGS_setup_nx.o := $(nostackp)
8	8
9	9	obj-$(CONFIG_SMP) += tlb.o
10	10
...	...	@@ -28,69 +28,6 @@
28	28	#endif
29	29	;
30	30
31		-int nx_enabled;
32		-
33		-#if defined(CONFIG_X86_64) \|\| defined(CONFIG_X86_PAE)
34		-static int disable_nx __cpuinitdata;
35		-
36		-/*
37		- * noexec = on\|off
38		- *
39		- * Control non-executable mappings for processes.
40		- *
41		- * on Enable
42		- * off Disable
43		- */
44		-static int __init noexec_setup(char *str)
45		-{
46		- if (!str)
47		- return -EINVAL;
48		- if (!strncmp(str, "on", 2)) {
49		- __supported_pte_mask \|= _PAGE_NX;
50		- disable_nx = 0;
51		- } else if (!strncmp(str, "off", 3)) {
52		- disable_nx = 1;
53		- __supported_pte_mask &= ~_PAGE_NX;
54		- }
55		- return 0;
56		-}
57		-early_param("noexec", noexec_setup);
58		-#endif
59		-
60		-#ifdef CONFIG_X86_PAE
61		-static void __init set_nx(void)
62		-{
63		- unsigned int v[4], l, h;
64		-
65		- if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
66		- cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
67		-
68		- if ((v[3] & (1 << 20)) && !disable_nx) {
69		- rdmsr(MSR_EFER, l, h);
70		- l \|= EFER_NX;
71		- wrmsr(MSR_EFER, l, h);
72		- nx_enabled = 1;
73		- __supported_pte_mask \|= _PAGE_NX;
74		- }
75		- }
76		-}
77		-#else
78		-static inline void set_nx(void)
79		-{
80		-}
81		-#endif
82		-
83		-#ifdef CONFIG_X86_64
84		-void __cpuinit check_efer(void)
85		-{
86		- unsigned long efer;
87		-
88		- rdmsrl(MSR_EFER, efer);
89		- if (!(efer & EFER_NX) \|\| disable_nx)
90		- __supported_pte_mask &= ~_PAGE_NX;
91		-}
92		-#endif
93		-
94	31	static void __init find_early_table_space(unsigned long end, int use_pse,
95	32	int use_gbpages)
96	33	{
	1	+#include <linux/spinlock.h>
	2	+#include <linux/errno.h>
	3	+#include <linux/init.h>
	4	+
	5	+#include <asm/pgtable.h>
	6	+
	7	+int nx_enabled;
	8	+
	9	+#if defined(CONFIG_X86_64) \|\| defined(CONFIG_X86_PAE)
	10	+static int disable_nx __cpuinitdata;
	11	+
	12	+/*
	13	+ * noexec = on\|off
	14	+ *
	15	+ * Control non-executable mappings for processes.
	16	+ *
	17	+ * on Enable
	18	+ * off Disable
	19	+ */
	20	+static int __init noexec_setup(char *str)
	21	+{
	22	+ if (!str)
	23	+ return -EINVAL;
	24	+ if (!strncmp(str, "on", 2)) {
	25	+ __supported_pte_mask \|= _PAGE_NX;
	26	+ disable_nx = 0;
	27	+ } else if (!strncmp(str, "off", 3)) {
	28	+ disable_nx = 1;
	29	+ __supported_pte_mask &= ~_PAGE_NX;
	30	+ }
	31	+ return 0;
	32	+}
	33	+early_param("noexec", noexec_setup);
	34	+#endif
	35	+
	36	+#ifdef CONFIG_X86_PAE
	37	+void __init set_nx(void)
	38	+{
	39	+ unsigned int v[4], l, h;
	40	+
	41	+ if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
	42	+ cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
	43	+
	44	+ if ((v[3] & (1 << 20)) && !disable_nx) {
	45	+ rdmsr(MSR_EFER, l, h);
	46	+ l \|= EFER_NX;
	47	+ wrmsr(MSR_EFER, l, h);
	48	+ nx_enabled = 1;
	49	+ __supported_pte_mask \|= _PAGE_NX;
	50	+ }
	51	+ }
	52	+}
	53	+#else
	54	+void set_nx(void)
	55	+{
	56	+}
	57	+#endif
	58	+
	59	+#ifdef CONFIG_X86_64
	60	+void __cpuinit check_efer(void)
	61	+{
	62	+ unsigned long efer;
	63	+
	64	+ rdmsrl(MSR_EFER, efer);
	65	+ if (!(efer & EFER_NX) \|\| disable_nx)
	66	+ __supported_pte_mask &= ~_PAGE_NX;
	67	+}
	68	+#endif