• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 #include <linux/spinlock.h>
3 #include <linux/errno.h>
4 #include <linux/init.h>
5 #include <linux/pgtable.h>
6 
7 #include <asm/proto.h>
8 #include <asm/cpufeature.h>
9 
10 static int disable_nx;
11 
12 /*
13  * noexec = on|off
14  *
15  * Control non-executable mappings for processes.
16  *
17  * on      Enable
18  * off     Disable
19  */
noexec_setup(char * str)20 static int __init noexec_setup(char *str)
21 {
22 	if (!str)
23 		return -EINVAL;
24 	if (!strncmp(str, "on", 2)) {
25 		disable_nx = 0;
26 	} else if (!strncmp(str, "off", 3)) {
27 		disable_nx = 1;
28 	}
29 	x86_configure_nx();
30 	return 0;
31 }
32 early_param("noexec", noexec_setup);
33 
x86_configure_nx(void)34 void x86_configure_nx(void)
35 {
36 	if (boot_cpu_has(X86_FEATURE_NX) && !disable_nx)
37 		__supported_pte_mask |= _PAGE_NX;
38 	else
39 		__supported_pte_mask &= ~_PAGE_NX;
40 }
41 
x86_report_nx(void)42 void __init x86_report_nx(void)
43 {
44 	if (!boot_cpu_has(X86_FEATURE_NX)) {
45 		printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
46 		       "missing in CPU!\n");
47 	} else {
48 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
49 		if (disable_nx) {
50 			printk(KERN_INFO "NX (Execute Disable) protection: "
51 			       "disabled by kernel command line option\n");
52 		} else {
53 			printk(KERN_INFO "NX (Execute Disable) protection: "
54 			       "active\n");
55 		}
56 #else
57 		/* 32bit non-PAE kernel, NX cannot be used */
58 		printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
59 		       "cannot be enabled: non-PAE kernel!\n");
60 #endif
61 	}
62 }
63