lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <1226674023-5374-1-git-send-email-bwalle@suse.de>
Date:	Fri, 14 Nov 2008 15:47:03 +0100
From:	Bernhard Walle <bwalle@...e.de>
To:	thomas.mingarelli@...com
Cc:	linux-kernel@...r.kernel.org, wim@...ana.be,
	Bernhard Walle <bwalle@...e.de>
Subject: [PATCH] [WATCHDOG] [hpwdt] Set the mapped BIOS address space as executable

The address provided by the SMBIOS/DMI CRU information is mapped via
ioremap() in the virtual address space. However, since the address
is executed (i.e. call'd), we need to set that pages as executable.

Without that, I get following oops on a HP ProLiant DL385 G2
machine with BIOS from 05/29/2008 when I trigger crashdump:

    BUG: unable to handle kernel paging request at ffffc20011090c00
    IP: [<ffffc20011090c00>] 0xffffc20011090c00
    PGD 12f813067 PUD 7fe6a067 PMD 7effe067 PTE 80000000fffd3173
    Oops: 0011 [1] SMP
    last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
    CPU 1
    Modules linked in: autofs4 ipv6 af_packet cpufreq_conservative cpufreq_userspace
     cpufreq_powersave powernow_k8 fuse loop dm_mod rtc_cmos ipmi_si sg rtc_core i2c
    _piix4 ipmi_msghandler bnx2 sr_mod container button i2c_core hpilo joydev pcspkr
     rtc_lib shpchp hpwdt cdrom pci_hotplug usbhid hid ff_memless ohci_hcd ehci_hcd
    uhci_hcd usbcore edd ext3 mbcache jbd fan ide_pci_generic serverworks ide_core p
    ata_serverworks pata_acpi cciss ata_generic libata scsi_mod dock thermal process
    or thermal_sys hwmon
    Supported: Yes
    Pid: 0, comm: swapper Not tainted 2.6.27.5-HEAD_20081111100657-default #1
    RIP: 0010:[<ffffc20011090c00>]  [<ffffc20011090c00>] 0xffffc20011090c00
    RSP: 0018:ffff88012f6f9e68  EFLAGS: 00010046
    RAX: 0000000000000d02 RBX: 0000000000000000 RCX: 0000000000000000
    RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
    RBP: ffff88012f6f9e98 R08: 666666666666660a R09: ffffffffa1006fc0
    R10: 0000000000000000 R11: ffff88012f6f3ea8 R12: ffffc20011090c00
    R13: ffff88012f6f9ee8 R14: 000000000000000e R15: 0000000000000000
    FS:  00007ff70b29a6f0(0000) GS:ffff88012f6512c0(0000) knlGS:0000000000000000
    CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
    CR2: ffffc20011090c00 CR3: 0000000000201000 CR4: 00000000000006e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
    Process swapper (pid: 0, threadinfo ffff88012f6f2000, task ffff88007fa8a1c0)
    Stack:  ffffffffa0f8502b 0000000000000002 ffffffff80738d50 0000000000000000
     0000000000000046 0000000000000046 00000000fffffffe ffffffffa0f852ec
     0000000000000000 ffffffff804ad9a6 0000000000000000 0000000000000000
    Call Trace:
    Inexact backtrace:

     <NMI>  [<ffffffffa0f8502b>] ? asminline_call+0x2b/0x55 [hpwdt]
     [<ffffffffa0f852ec>] hpwdt_pretimeout+0x3c/0xa0 [hpwdt]
     [<ffffffff804ad9a6>] ? notifier_call_chain+0x29/0x4c
     [<ffffffff802587e4>] ? notify_die+0x2d/0x32
     [<ffffffff804abbdc>] ? default_do_nmi+0x53/0x1d9
     [<ffffffff804abd90>] ? do_nmi+0x2e/0x43
     [<ffffffff804ab552>] ? nmi+0xa2/0xd0
     [<ffffffff80221ef9>] ? native_safe_halt+0x2/0x3
     <<EOE>>  [<ffffffff8021345d>] ? default_idle+0x38/0x54
     [<ffffffff8021359a>] ? c1e_idle+0x118/0x11c
     [<ffffffff8020b3b5>] ? cpu_idle+0xa9/0xf1


    Code: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <55> 50 e8 00 00 00 00 58 48 2d 07 10 40 00 48 8b e8 58 e9 68 02
    RIP  [<ffffc20011090c00>] 0xffffc20011090c00
     RSP <ffff88012f6f9e68>
    CR2: ffffc20011090c00
    Kernel panic - not syncing: Fatal exception


Signed-off-by: Bernhard Walle <bwalle@...e.de>
---
 drivers/watchdog/hpwdt.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
index 9890dff..e83e1ac 100644
--- a/drivers/watchdog/hpwdt.c
+++ b/drivers/watchdog/hpwdt.c
@@ -40,6 +40,7 @@
 #include <linux/bootmem.h>
 #include <linux/slab.h>
 #include <asm/desc.h>
+#include <asm/cacheflush.h>
 
 #define PCI_BIOS32_SD_VALUE		0x5F32335F	/* "_32_" */
 #define CRU_BIOS_SIGNATURE_VALUE	0x55524324
@@ -394,6 +395,8 @@ static void __devinit dmi_find_cru(const struct dmi_header *dm)
 				smbios_cru64_ptr->double_offset;
 			cru_rom_addr = ioremap(cru_physical_address,
 				smbios_cru64_ptr->double_length);
+			set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK,
+				smbios_cru64_ptr->double_length >> PAGE_SHIFT);
 		}
 	}
 }
-- 
1.6.0.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ