imer_setup() is not compatible with PaX's RAP

PaX Team pageexec at freemail.hu
Tue Nov 14 12:12:24 CET 2017


On 14 Nov 2017 at 10:29, Jason A. Donenfeld wrote:

> I fixed things up here:
> https://git.zx2c4.com/WireGuard/commit/?id=df318d1f0526663a2d92439376379e32ebcfef1a

works fine, thanks.

> > speaking of PaX support, you recently added some __ro_after_init wrapper
> > to wireguard which breaks under KERNEXEC when it's used on ops structs
> > (my __read_only has different semantics) so i have to revert it here but
> > it'd be nicer if you didn't define it when KERNEXEC is active.
> 
> So what exactly should I be fixing? I think in that last patch I
> forgot to redefine it to be empty. Would this do what you have in
> mind:

i said 'don't define it', not 'redefine it' ;). the difference is that the
latter removes the definition provided under KERNEXEC.



More information about the WireGuard mailing list