| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 2 Feb 2011 15:55:04 -0500
From: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
To: hpa@...or.com, tglx@...utronix.de, x86@...nel.org
Cc: Linux Kernel list <linux-kernel@...r.kernel.org>,
Ingo Molnar <mingo@...e.hu>,
linux-security-module@...r.kernel.org,
Ian Campbell <Ian.Campbell@...citrix.com>,
Kees Cook <kees.cook@...onical.com>,
matthieu castet <castet.matthieu@...e.fr>
Subject: for tip-bugfix? Re: [PATCH] NX protection for kernel data : fix
xen boot
On Thu, Jan 27, 2011 at 11:09:23PM +0100, matthieu castet wrote:
> I think it should be applied before 2.6.38 release, because without
> this patch xen doesn't boot on x86_32 with CONFIG_DEBUG_RODATA.
>
Hey tglx + hpa,
The title is a bit wrong, the issue here is not with the NX bit
but with setting RW on RO areas in the .bss area.
I was wondering if you guys would be OK picking this up in your
"tip-2.6.38-rc4-bug-fix" branch for Linus? I've done the baremetal tests
on this patch (x86, x86_64) and have not found any regressions with it.
> >From 08f54ec4007ab0df231d81ed436632aa7f605feb Mon Sep 17 00:00:00 2001
> From: Matthieu CASTET <castet.matthieu@...e.fr>
> Date: Thu, 20 Jan 2011 21:11:45 +0100
> Subject: [PATCH] NX protection for kernel data : fix xen boot
>
> Xen want page table pages read only.
>
> But the initial page table (from head_*.S) live in .data or .bss.
>
> That was broken by 64edc8ed5ffae999d8d413ba006850e9e34166cb.
> Revert the problematic part as it is only a protection and
> not really needed.
>
> Signed-off-by: Matthieu CASTET <castet.matthieu@...e.fr>
> Tested-by: Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>
> ---
> arch/x86/mm/pageattr.c | 8 --------
> 1 files changed, 0 insertions(+), 8 deletions(-)
>
> diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
> index 2ad6c48..951eb4a 100644
> --- a/arch/x86/mm/pageattr.c
> +++ b/arch/x86/mm/pageattr.c
> @@ -256,7 +256,6 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
> unsigned long pfn)
> {
> pgprot_t forbidden = __pgprot(0);
> - pgprot_t required = __pgprot(0);
>
> /*
> * The BIOS area between 640k and 1Mb needs to be executable for
> @@ -286,12 +285,6 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
> if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
> __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
> pgprot_val(forbidden) |= _PAGE_RW;
> - /*
> - * .data and .bss should always be writable.
> - */
> - if (within(address, (unsigned long)_sdata, (unsigned long)_edata) ||
> - within(address, (unsigned long)__bss_start, (unsigned long)__bss_stop))
> - pgprot_val(required) |= _PAGE_RW;
>
> #if defined(CONFIG_X86_64) && defined(CONFIG_DEBUG_RODATA)
> /*
> @@ -331,7 +324,6 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
> #endif
>
> prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
> - prot = __pgprot(pgprot_val(prot) | pgprot_val(required));
>
> return prot;
> }
> --
> 1.7.2.3
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists