imer_setup() is not compatible with PaX's RAP
Jason A. Donenfeld
Jason at zx2c4.com
Tue Nov 14 10:29:14 CET 2017
On Tue, Nov 14, 2017 at 1:15 AM, PaX Team <pageexec at freemail.hu> wrote:
> oh boy, can't disagree with ugly ;)
The goal is the highest possible density of filth.
>
> --- WireGuard-0.0.20171111.orig/src/compat/compat.h 2017-11-11 04:35:06.000000000 +0100
> +++ WireGuard-0.0.20171111/src/compat/compat.h 2017-11-13 23:21:17.967716768 +0100
I fixed things up here:
https://git.zx2c4.com/WireGuard/commit/?id=df318d1f0526663a2d92439376379e32ebcfef1a
> the KERNEXEC block isn't needed as it was removing KERNEXEC's own define
Wait, but earlier you wrote:
> speaking of PaX support, you recently added some __ro_after_init wrapper
> to wireguard which breaks under KERNEXEC when it's used on ops structs
> (my __read_only has different semantics) so i have to revert it here but
> it'd be nicer if you didn't define it when KERNEXEC is active.
So what exactly should I be fixing? I think in that last patch I
forgot to redefine it to be empty. Would this do what you have in
mind:
#ifdef CONFIG_PAX_KERNEXEC
#include <linux/cache.h>
#undef __ro_after_init
#define __ro_after_init
#endif
Or is there something else?
Jason
More information about the WireGuard
mailing list