diff options
| author | Kees Cook <kees.cook@canonical.com> | 2010-05-25 10:38:53 -0700 |
|---|---|---|
| committer | Leann Ogasawara <leann.ogasawara@canonical.com> | 2010-08-20 15:58:57 -0700 |
| commit | 42f979652e2c2d3fa719add4af9ee0b297c8e00d (patch) | |
| tree | 8044ad088ba4996ef181734253b958087ab55b2d /kernel | |
| parent | 5acb3100199f6b3c4d7e36d7906a2ef010c0e52c (diff) | |
UBUNTU: SAUCE: x86: more tightly confine cs-limit nx-emulation to ia32 only
This makes sure to not disable fast syscalls too generally, and clarifies
nx-emulation code a bit more.
Signed-off-by: Kees Cook <kees.cook@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/sysctl.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index fdb581b5a0c6..e06db19518db 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -102,15 +102,12 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max; extern int sysctl_nr_trim_pages; #endif +#ifdef CONFIG_X86_32 int exec_shield = (1<<0); /* exec_shield is a bitmask: * 0: off; vdso at STACK_TOP, 1 page below TASK_SIZE * (1<<0) 1: on [also on if !=0] * (1<<1) 2: force noexecstack regardless of PT_GNU_STACK - * The old settings - * (1<<2) 4: vdso just below .text of main (unless too low) - * (1<<3) 8: vdso just below .text of PT_INTERP (unless too low) - * are ignored because the vdso is placed completely randomly */ static int __init setup_exec_shield(char *str) @@ -120,6 +117,7 @@ static int __init setup_exec_shield(char *str) return 1; } __setup("exec-shield=", setup_exec_shield); +#endif #ifdef CONFIG_BLOCK extern int blk_iopoll_enabled; @@ -448,6 +446,7 @@ static struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dointvec, }, +#ifdef CONFIG_X86_32 { .procname = "exec-shield", .data = &exec_shield, @@ -455,6 +454,7 @@ static struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = &proc_dointvec, }, +#endif #ifdef CONFIG_PROC_SYSCTL { |