* If we have either disabled exec-shield on the boot command line,
* or we have NX, then we don't need to do this.
*/
- if (exec_shield != 0) {
+ if (!disable_nx) {
#ifdef CONFIG_X86_PAE
if (!test_cpu_cap(c, X86_FEATURE_NX))
#endif
#include <asm/pgtable.h>
#include <asm/proto.h>
-static int disable_nx __cpuinitdata;
+int disable_nx __cpuinitdata;
/*
* noexec = on|off
disable_nx = 0;
} else if (!strncmp(str, "off", 3)) {
disable_nx = 1;
- exec_shield = 0;
}
x86_configure_nx();
return 0;
void __init x86_report_nx(void)
{
if (!cpu_has_nx) {
- if (exec_shield)
+ if (disable_nx)
printk(KERN_INFO "Using x86 segment limits to approximate NX protection\n");
else
* Turn off the CS limit completely if exec-shield disabled or
* NX active:
*/
- if (!exec_shield || executable_stack != EXSTACK_DISABLE_X || (__supported_pte_mask & _PAGE_NX))
+ if (disable_nx || executable_stack != EXSTACK_DISABLE_X || (__supported_pte_mask & _PAGE_NX))
arch_add_exec_range(current->mm, -1);
#endif
struct fs_struct;
struct perf_event_context;
-extern int exec_shield;
+extern int disable_nx;
extern int print_fatal_signals;
/*
#ifndef CONFIG_MMU
extern int sysctl_nr_trim_pages;
#endif
-
-int exec_shield = 1;
-
-static int __init setup_exec_shield(char *str)
-{
- get_option(&str, &exec_shield);
-
- return 1;
-}
-__setup("exec-shield=", setup_exec_shield);
-
#ifdef CONFIG_BLOCK
extern int blk_iopoll_enabled;
#endif
.mode = 0644,
.proc_handler = proc_dointvec,
},
-#ifdef CONFIG_X86_32
- {
- .procname = "exec-shield",
- .data = &exec_shield,
- .maxlen = sizeof(int),
- .mode = 0644,
- .proc_handler = &proc_dointvec,
- },
-#endif
-
#ifdef CONFIG_PROC_SYSCTL
{
.procname = "tainted",