Linux 6.1 Lands Code To Warn About W+X Mappings By Default
As outlined a month ago, Linux 6.1 will now warn about W+X mappings by default. The Linux kernel has offered "CONFIG_DEBUG_WX" to warn about memory mappings at boot time that are both writable and executable as they can pose an obvious security risk. Finally with Linux 6.1 that kernel boot time warning will be enabled by default for x86_64.
The changes for Linux 6.1 also include various detection improvements/fixes around the W+X mappings. The goal is to ultimately have the kernel refuse to allow W+X mappings but that didn't happen for Linux 6.1.
Due to some 32-bit x86 headaches and then uncovering some systemd eBPF issues that caused boot failures and only addressed recently, Linux 6.1 will stick to only warning about W+X mappings. Hopefully though for Linux 6.2 will be the point at which the kernel will refuse to create W+X kernel mappings.
The list of x86/mm feature patches merged for Linux 6.1 can be found via this pull.
Linux 6.1 is shaping up to be a damn fine kernel release and should be this year's LTS kernel.