lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080212125325.E993B1B4174@basil.firstfloor.org>
Date:	Tue, 12 Feb 2008 13:53:25 +0100 (CET)
From:	Andi Kleen <ak@...e.de>
To:	tglx@...utronix.de, mingo@...e.hu, linux-kernel@...r.kernel.org
Subject: [PATCH] [2/2] Improve not NX check in i386 direct mapping setup


[This is a replacement for the direct mapping protections patchkit from 
 last week.  It is simpler by implementing its own specialized duplicated logic
 instead of adapting the existing pageattr logic to be usable for this case]

The i386 direct mapping support needs to avoid setting NX on pages
that are used by the kernel text. This patch improves the checks
for that case.

- Check the correct range of kernel text not including data only
sections at the end.
- Check the beginning too because there could be quite some pages
before the kernel text on a high loaded kernel
(previously all pages) 
- Add a special check for the PCI-BIOS range in the first MB 
that needs to be executable.
- Drop the inline for that function because it is larger now.

Result will be less pages in the direct mapping without NX
in some cases (particular with relocatable kernel loaded high)
giving a very minor increase of security against buffer overflows
in the kernel.

Signed-off-by: Andi Kleen <ak@...e.de>

---
 arch/x86/kernel/vmlinux_32.lds.S |    1 +
 arch/x86/mm/init_32.c            |   14 +++++++++-----
 2 files changed, 10 insertions(+), 5 deletions(-)

Index: linux/arch/x86/mm/init_32.c
===================================================================
--- linux.orig/arch/x86/mm/init_32.c
+++ linux/arch/x86/mm/init_32.c
@@ -143,9 +143,14 @@ page_table_range_init(unsigned long star
 	}
 }
 
-static inline int is_kernel_text(unsigned long addr)
+extern char __end_text[];
+
+static int __init is_kernel_text(unsigned long start, unsigned long end)
 {
-	if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end)
+	if (end >= (unsigned long)_text && start < (unsigned long)__end_text)
+		return 1;
+	/* Allow execution of 32bit BIOS */
+	if (end >= BIOS_BEGIN && start < BIOS_END)
 		return 1;
 	return 0;
 }
@@ -188,8 +193,7 @@ static void __init kernel_physical_mappi
 				addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
 					PAGE_OFFSET + PAGE_SIZE-1;
 
-				if (is_kernel_text(addr) ||
-				    is_kernel_text(addr2))
+				if (is_kernel_text(addr, addr2))
 					prot = PAGE_KERNEL_LARGE_EXEC;
 
 				set_pmd(pmd, pfn_pmd(pfn, prot));
@@ -205,7 +209,7 @@ static void __init kernel_physical_mappi
 			     pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
 				pgprot_t prot = PAGE_KERNEL;
 
-				if (is_kernel_text(addr))
+				if (is_kernel_text(addr, addr + PAGE_SIZE - 1))
 					prot = PAGE_KERNEL_EXEC;
 
 				set_pte(pte, pfn_pte(pfn, prot));
Index: linux/arch/x86/kernel/vmlinux_32.lds.S
===================================================================
--- linux.orig/arch/x86/kernel/vmlinux_32.lds.S
+++ linux/arch/x86/kernel/vmlinux_32.lds.S
@@ -165,6 +165,7 @@ SECTIONS
 	*(.parainstructions)
   	__parainstructions_end = .;
   }
+  __end_text = .;
   /* .exit.text is discard at runtime, not link time, to deal with references
      from .altinstructions and .eh_frame */
   .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ