imer_setup() is not compatible with PaX's RAP

Jason A. Donenfeld Jason at
Tue Nov 14 10:29:14 CET 2017

On Tue, Nov 14, 2017 at 1:15 AM, PaX Team <pageexec at> wrote:
> oh boy, can't disagree with ugly ;)

The goal is the highest possible density of filth.

> --- WireGuard-0.0.20171111.orig/src/compat/compat.h       2017-11-11 04:35:06.000000000 +0100
> +++ WireGuard-0.0.20171111/src/compat/compat.h    2017-11-13 23:21:17.967716768 +0100

I fixed things up here:

> the KERNEXEC block isn't needed as it was removing KERNEXEC's own define

Wait, but earlier you wrote:

> speaking of PaX support, you recently added some __ro_after_init wrapper
> to wireguard which breaks under KERNEXEC when it's used on ops structs
> (my __read_only has different semantics) so i have to revert it here but
> it'd be nicer if you didn't define it when KERNEXEC is active.

So what exactly should I be fixing? I think in that last patch I
forgot to redefine it to be empty. Would this do what you have in

#include <linux/cache.h>
#undef __ro_after_init
#define __ro_after_init

Or is there something else?


More information about the WireGuard mailing list