summaryrefslogtreecommitdiffstats
path: root/arch/x86/kernel
diff options
context:
space:
mode:
authorKees Cook <kees.cook@canonical.com>2009-11-13 15:28:17 -0800
committerH. Peter Anvin <hpa@zytor.com>2009-11-16 13:44:59 -0800
commit4b0f3b81eb33ef18283aa71440cccfede1753ae0 (patch)
tree024e05ffc845d0942dddeb8f0b760815ab0b3373 /arch/x86/kernel
parent4763ed4d45522b876c97e1f7f4b659d211f75571 (diff)
x86, mm: Report state of NX protections during boot
It is possible for x86_64 systems to lack the NX bit either due to the hardware lacking support or the BIOS having turned off the CPU capability, so NX status should be reported. Additionally, anyone booting NX-capable CPUs in 32bit mode without PAE will lack NX functionality, so this change provides feedback for that case as well. Signed-off-by: Kees Cook <kees.cook@canonical.com> Signed-off-by: H. Peter Anvin <hpa@zytor.com> LKML-Reference: <1258154897-6770-6-git-send-email-hpa@zytor.com>
Diffstat (limited to 'arch/x86/kernel')
-rw-r--r--arch/x86/kernel/setup.c11
1 files changed, 6 insertions, 5 deletions
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
index 23b7f46bf84..d2043a00abc 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
@@ -788,16 +788,17 @@ void __init setup_arch(char **cmdline_p)
*cmdline_p = command_line;
/*
- * Must call this twice: Once just to detect whether hardware doesn't
- * support NX (so that the early EHCI debug console setup can safely
- * call set_fixmap(), and then again after parsing early parameters to
- * honor the respective command line option.
+ * x86_configure_nx() is called before parse_early_param() to detect
+ * whether hardware doesn't support NX (so that the early EHCI debug
+ * console setup can safely call set_fixmap()). It may then be called
+ * again from within noexec_setup() during parsing early parameters
+ * to honor the respective command line option.
*/
x86_configure_nx();
parse_early_param();
- x86_configure_nx();
+ x86_report_nx();
/* Must be before kernel pagetables are setup */
vmi_activate();