[Lguest] NX bit support
Rusty Russell
rusty at rustcorp.com.au
Mon Nov 8 20:27:53 EST 2010
On Sat, 6 Nov 2010 10:43:26 pm Philip Sanderson wrote:
> Hello,
>
> short version:
>
> - Any plans for NX bit support?
I haven't even looked at it. I NX requires PAE, but that's all I know...
Oh, and it's generally preferred in the kernel world to put patches
inline for easier quoting BTW.
> - Patch for Documentation/lguest/lguest.c -- remove prot_exec, adds chroot.
Hmm, it's an lguest flaw that we don't enforce this in the module, really.
But making life easier for PaX/SELinux makes sense.
The mapping of extra pages... hmm, I guess so, since you've coded it and
found the other issue:
> @@ -576,8 +584,9 @@
> * We have to separately check addr and addr+size, because size could
> * be huge and addr + size might wrap around.
> */
>- if (addr >= guest_limit || addr + size >= guest_limit)
>+ if (addr >= guest_limit || addr + size >= guest_limit || addr + size < addr)
> errx(1, "%s:%i: Invalid address %#lx", __FILE__, line, addr);
One nitpick though:
> + err(1, "chroot(%s) failed: reason: %s", chroot_path, strerror(errno));
err() prints the string, then ": <strerror>" for you. Two places; could you
re-send with that fixed?
> There also appears to be a bug in the /dev/random code in 2.6.35.8
> regardless of --rng being specified or not. dd if=/dev/random bs=8 count=1
> blocks. /dev/urandom works as expected. strace'ing lguest shows it never
> reads from /dev/random. The .config has
>
> # grep RANDOM_VIRT .config
> CONFIG_HW_RANDOM_VIRTIO=y
Ah, it will appear as /dev/hwrng. It's a weirdness of Linux that our actual
hardware number generators are not wired up to /dev/random...
Thanks!
Rusty.
More information about the Lguest
mailing list