Missing option "Paging based non-executable pages"

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Missing option "Paging based non-executable pages"

Postby Carceru » Wed Jul 06, 2005 6:41 am

When I try to configure PAX in my kernel 2.6.11.12 I can see the following options:

Code: Select all
|       Non-executable pages  --->
|         [*] Enforce non-executable pages
|         [*]   Segmentation based non-executable pages
|         [ ] Emulate trampolines
|         [*] Restrict mprotect()
|         [ ]   Disallow ELF text relocations


However, from other screenshots I have seen I am missing an entry called "Paging based non-executable pages". Any idea why?
Carceru
 
Posts: 12
Joined: Tue Jun 21, 2005 8:24 am

Re: Missing option "Paging based non-executable pages&q

Postby PaX Team » Wed Jul 06, 2005 3:19 pm

Carceru wrote:However, from other screenshots I have seen I am missing an entry called "Paging based non-executable pages". Any idea why?
what's your CPU type?
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby Carceru » Fri Jul 08, 2005 7:16 am

It's a VIA C3 Eden 600 MHz ("Processor family (CyrixIII/VIA-C3)" in the kernel configuration)
Carceru
 
Posts: 12
Joined: Tue Jun 21, 2005 8:24 am

Postby PaX Team » Fri Jul 08, 2005 10:27 am

Carceru wrote:It's a VIA C3 Eden 600 MHz ("Processor family (CyrixIII/VIA-C3)" in the kernel configuration)
ok, that explains it. PAGEEXEC requires a certain TLB configuration that didn't use to hold for VIA (and others), so it's disabled in the config system. if you want to verify that PAGEEXEC does work on your CPU, then modify the PAGEEXEC 'depends' line in security/Kconfig and then enable PAGEEXEC (but not SEGMEXEC) and see if your system still works (if the TLB is not good enough you'll notice it right on boot as init will most likely hang). in the meantime i looked at some docs and it seems that at least in theory your CPU and a few later models from VIA/Centaur should support PAGEEXEC, so if anyone out there with such chips can check them, i'd appreciate feedback.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Postby Carceru » Tue Jul 12, 2005 6:43 am

Okay thanks. When grsecurity for 2.6.12.2 is released I will try to recompile with PAGEEXEC and see if it works.
Carceru
 
Posts: 12
Joined: Tue Jun 21, 2005 8:24 am


Return to grsecurity support

cron