On Tue, Feb 2, 2010 at 6:05 PM, Andi Kleen <andi@xxxxxxxxxxxxxx> wrote: > My current kernel has 52 modules loaded, most of them very small. > Assuming the additional alignment of the data section cost two more > pages on average (I think that's a good assumption), that's roughly > 424KB of additional memory, plus associated runtime costs in increased > TLB usage. You are right about the additional memory consumption with this option enabled. In worst case scenario, a one-page module will get split into 3 pages. This might be a significant and unwelcome increase in some cases (embedded systems come to mind) and that is why this is implemented as compile-time option. However, on a general run-of-the-mill system the impact is not that significant. Case in point: I run Ubuntu 9.04 amd x86_64 with stock kernel on a generic AMD box. There are 111 modules loaded for all the hardware in the box and all the functions that it provides (regular consumer-grade hardware, but definitely not a typical home desktop setup). In total, 111 modules consume 15590884 bytes, with no module less then 10KB. After eliminating top 3 memory hogs (nvidia@8MB, vboxdrv@xxxxx and snd_hda_intel@xxxxx) we left with 5007532 bytes, 108 modules and nfs leading the list at 300KB. Assuming the worst-case scenario of 2 additional pages per module, we get (5007532+108*8192)/5007532 = 1.18 - only 18%. In addition, most modules already have some unused space left at the end of the last page and some padding in the middle for page/cache-aligned data. With that in mind, it looks to me that typical overhead will be about 1 page per module (9% for the case above, although I have no solid statistics to back this up). > What would I get for that if I applied the patch and enabled the option? With this patch you get strict separation of code, RO-data and RW-data in LKMs. This will prevent all attempts (intentional or erroneous) to modify code and RO-data, while keeping all data non-executable. While not targeted to prevent any specific exploit, this patch does improve general kernel security. When combined with the other two patches I have submitted (RW+NX for first megabyte and NX for static kernel data), this patch set completely eliminates kernel pages with executable data and modifiable code. > Did you find any bugs with this option? Well, so far I did not find any bugs in the last version of the patch, but it definitely breaks any module that uses self-modifying code or data execution. An issue with ftrace have been reported earlier and fixed in V7. -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
