lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20081118143015.72af31d3.akpm@linux-foundation.org>
Date:	Tue, 18 Nov 2008 14:30:15 -0800
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Bernhard Walle <bwalle@...e.de>
Cc:	thomas.mingarelli@...com, linux-kernel@...r.kernel.org,
	wim@...ana.be, bwalle@...e.de, stable@...nel.org
Subject: Re: [PATCH] [WATCHDOG] [hpwdt] Set the mapped BIOS address space as
 executable

On Fri, 14 Nov 2008 15:47:03 +0100
Bernhard Walle <bwalle@...e.de> wrote:

> The address provided by the SMBIOS/DMI CRU information is mapped via
> ioremap() in the virtual address space. However, since the address
> is executed (i.e. call'd), we need to set that pages as executable.
> 
> Without that, I get following oops on a HP ProLiant DL385 G2
> machine with BIOS from 05/29/2008 when I trigger crashdump:
> 
>     BUG: unable to handle kernel paging request at ffffc20011090c00
>     IP: [<ffffc20011090c00>] 0xffffc20011090c00
>     PGD 12f813067 PUD 7fe6a067 PMD 7effe067 PTE 80000000fffd3173
>     Oops: 0011 [1] SMP
>     last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map
>     CPU 1
>     Modules linked in: autofs4 ipv6 af_packet cpufreq_conservative cpufreq_userspace
>      cpufreq_powersave powernow_k8 fuse loop dm_mod rtc_cmos ipmi_si sg rtc_core i2c
>     _piix4 ipmi_msghandler bnx2 sr_mod container button i2c_core hpilo joydev pcspkr
>      rtc_lib shpchp hpwdt cdrom pci_hotplug usbhid hid ff_memless ohci_hcd ehci_hcd
>     uhci_hcd usbcore edd ext3 mbcache jbd fan ide_pci_generic serverworks ide_core p
>     ata_serverworks pata_acpi cciss ata_generic libata scsi_mod dock thermal process
>     or thermal_sys hwmon
>     Supported: Yes
>     Pid: 0, comm: swapper Not tainted 2.6.27.5-HEAD_20081111100657-default #1
>     RIP: 0010:[<ffffc20011090c00>]  [<ffffc20011090c00>] 0xffffc20011090c00
>     RSP: 0018:ffff88012f6f9e68  EFLAGS: 00010046
>     RAX: 0000000000000d02 RBX: 0000000000000000 RCX: 0000000000000000
>     RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
>     RBP: ffff88012f6f9e98 R08: 666666666666660a R09: ffffffffa1006fc0
>     R10: 0000000000000000 R11: ffff88012f6f3ea8 R12: ffffc20011090c00
>     R13: ffff88012f6f9ee8 R14: 000000000000000e R15: 0000000000000000
>     FS:  00007ff70b29a6f0(0000) GS:ffff88012f6512c0(0000) knlGS:0000000000000000
>     CS:  0010 DS: 0018 ES: 0018 CR0: 000000008005003b
>     CR2: ffffc20011090c00 CR3: 0000000000201000 CR4: 00000000000006e0
>     DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
>     DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
>     Process swapper (pid: 0, threadinfo ffff88012f6f2000, task ffff88007fa8a1c0)
>     Stack:  ffffffffa0f8502b 0000000000000002 ffffffff80738d50 0000000000000000
>      0000000000000046 0000000000000046 00000000fffffffe ffffffffa0f852ec
>      0000000000000000 ffffffff804ad9a6 0000000000000000 0000000000000000
>     Call Trace:
>     Inexact backtrace:
> 
>      <NMI>  [<ffffffffa0f8502b>] ? asminline_call+0x2b/0x55 [hpwdt]
>      [<ffffffffa0f852ec>] hpwdt_pretimeout+0x3c/0xa0 [hpwdt]
>      [<ffffffff804ad9a6>] ? notifier_call_chain+0x29/0x4c
>      [<ffffffff802587e4>] ? notify_die+0x2d/0x32
>      [<ffffffff804abbdc>] ? default_do_nmi+0x53/0x1d9
>      [<ffffffff804abd90>] ? do_nmi+0x2e/0x43
>      [<ffffffff804ab552>] ? nmi+0xa2/0xd0
>      [<ffffffff80221ef9>] ? native_safe_halt+0x2/0x3
>      <<EOE>>  [<ffffffff8021345d>] ? default_idle+0x38/0x54
>      [<ffffffff8021359a>] ? c1e_idle+0x118/0x11c
>      [<ffffffff8020b3b5>] ? cpu_idle+0xa9/0xf1
> 
> 
>     Code: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <55> 50 e8 00 00 00 00 58 48 2d 07 10 40 00 48 8b e8 58 e9 68 02
>     RIP  [<ffffc20011090c00>] 0xffffc20011090c00
>      RSP <ffff88012f6f9e68>
>     CR2: ffffc20011090c00
>     Kernel panic - not syncing: Fatal exception
> 
> 
> Signed-off-by: Bernhard Walle <bwalle@...e.de>
> ---
>  drivers/watchdog/hpwdt.c |    3 +++
>  1 files changed, 3 insertions(+), 0 deletions(-)
> 
> diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c
> index 9890dff..e83e1ac 100644
> --- a/drivers/watchdog/hpwdt.c
> +++ b/drivers/watchdog/hpwdt.c
> @@ -40,6 +40,7 @@
>  #include <linux/bootmem.h>
>  #include <linux/slab.h>
>  #include <asm/desc.h>
> +#include <asm/cacheflush.h>
>  
>  #define PCI_BIOS32_SD_VALUE		0x5F32335F	/* "_32_" */
>  #define CRU_BIOS_SIGNATURE_VALUE	0x55524324
> @@ -394,6 +395,8 @@ static void __devinit dmi_find_cru(const struct dmi_header *dm)
>  				smbios_cru64_ptr->double_offset;
>  			cru_rom_addr = ioremap(cru_physical_address,
>  				smbios_cru64_ptr->double_length);
> +			set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK,
> +				smbios_cru64_ptr->double_length >> PAGE_SHIFT);
>  		}
>  	}
>  }

This is also needed in 2.6.27.x, yes?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ