lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 09 Jul 2014 19:56:29 -0500
From:	Stuart Hayes <stuart.w.hayes@...il.com>
To:	"H. Peter Anvin" <hpa@...or.com>
CC:	tglx@...utronix.de, mingo@...hat.com, x86@...nel.org,
	linux-kernel@...r.kernel.org, matt.fleming@...el.com, bp@...e.de
Subject: Re: [PATCH] x86: Configure NX support earlier in setup_arch

On 7/8/2014 5:38 PM, H. Peter Anvin wrote:

> On 07/08/2014 03:34 PM, Stuart Hayes wrote:
>>
>> I haven't received any responses... is there a problem with the patch?  Also CCing a couple people.
>>
> 
> I was on vacation last week and am still catching up.
> 
> It would also help if you describe the real-world scenario that made you
> trip over this.
> 
> 	-hpa
> 


Well... I got this issue because a co-worker tripped over it.  He had NX disabled in BIOS for some reason, and found that linux wouldn't boot--it hung right after grub2.  I guess it took a while to figure out that it was the fact that NX was disabled that caused linux not to come up--and that could happen to other people.  I don't know of any real-world scenarios in which someone would actually prefer to run a recent linux kernel with NX disabled, though.

It looks like some of the other boot paths into the kernel automatically clear the XD_DISABLE bit in the MISC_ENABLE MSR in the CPU (in verify_cpu), but that doesn't happen when grub2 jumps to startup_64 in arch/x86/boot/compressed/head_64.S.  I guess instead of this patch, I could try to make a patch that turns NX back on (somewhere in startup_64), but since the kernel already supports NX being disabled, so I thought maybe just fixing that would be better.  I didn't like seeing the kernel just die without giving any indication of what the problem is.

Stuart

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists