| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Nov 2008 22:33:47 +0000 From: "Mingarelli, Thomas" <Thomas.Mingarelli@...com> To: Andrew Morton <akpm@...ux-foundation.org>, Bernhard Walle <bwalle@...e.de> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, "wim@...ana.be" <wim@...ana.be>, "bwalle@...e.de" <bwalle@...e.de>, "stable@...nel.org" <stable@...nel.org>, "Montgomery, Bob" <bob.montgomery@...com> Subject: RE: [PATCH] [WATCHDOG] [hpwdt] Set the mapped BIOS address space as executable Yes. I agree with this fix. The HP ProLiant systems have an RBSU setting in the BIOS for the NX bit but we need to make certain we can execute as the default setting for this RBSU option may switch between enable/disable. Tom -----Original Message----- From: Andrew Morton [mailto:akpm@...ux-foundation.org] Sent: Tuesday, November 18, 2008 4:30 PM To: Bernhard Walle Cc: Mingarelli, Thomas; linux-kernel@...r.kernel.org; wim@...ana.be; bwalle@...e.de; stable@...nel.org Subject: Re: [PATCH] [WATCHDOG] [hpwdt] Set the mapped BIOS address space as executable On Fri, 14 Nov 2008 15:47:03 +0100 Bernhard Walle <bwalle@...e.de> wrote: > The address provided by the SMBIOS/DMI CRU information is mapped via > ioremap() in the virtual address space. However, since the address > is executed (i.e. call'd), we need to set that pages as executable. > > Without that, I get following oops on a HP ProLiant DL385 G2 > machine with BIOS from 05/29/2008 when I trigger crashdump: > > BUG: unable to handle kernel paging request at ffffc20011090c00 > IP: [<ffffc20011090c00>] 0xffffc20011090c00 > PGD 12f813067 PUD 7fe6a067 PMD 7effe067 PTE 80000000fffd3173 > Oops: 0011 [1] SMP > last sysfs file: /sys/devices/system/cpu/cpu3/cache/index2/shared_cpu_map > CPU 1 > Modules linked in: autofs4 ipv6 af_packet cpufreq_conservative cpufreq_userspace > cpufreq_powersave powernow_k8 fuse loop dm_mod rtc_cmos ipmi_si sg rtc_core i2c > _piix4 ipmi_msghandler bnx2 sr_mod container button i2c_core hpilo joydev pcspkr > rtc_lib shpchp hpwdt cdrom pci_hotplug usbhid hid ff_memless ohci_hcd ehci_hcd > uhci_hcd usbcore edd ext3 mbcache jbd fan ide_pci_generic serverworks ide_core p > ata_serverworks pata_acpi cciss ata_generic libata scsi_mod dock thermal process > or thermal_sys hwmon > Supported: Yes > Pid: 0, comm: swapper Not tainted 2.6.27.5-HEAD_20081111100657-default #1 > RIP: 0010:[<ffffc20011090c00>] [<ffffc20011090c00>] 0xffffc20011090c00 > RSP: 0018:ffff88012f6f9e68 EFLAGS: 00010046 > RAX: 0000000000000d02 RBX: 0000000000000000 RCX: 0000000000000000 > RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 > RBP: ffff88012f6f9e98 R08: 666666666666660a R09: ffffffffa1006fc0 > R10: 0000000000000000 R11: ffff88012f6f3ea8 R12: ffffc20011090c00 > R13: ffff88012f6f9ee8 R14: 000000000000000e R15: 0000000000000000 > FS: 00007ff70b29a6f0(0000) GS:ffff88012f6512c0(0000) knlGS:0000000000000000 > CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b > CR2: ffffc20011090c00 CR3: 0000000000201000 CR4: 00000000000006e0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 > Process swapper (pid: 0, threadinfo ffff88012f6f2000, task ffff88007fa8a1c0) > Stack: ffffffffa0f8502b 0000000000000002 ffffffff80738d50 0000000000000000 > 0000000000000046 0000000000000046 00000000fffffffe ffffffffa0f852ec > 0000000000000000 ffffffff804ad9a6 0000000000000000 0000000000000000 > Call Trace: > Inexact backtrace: > > <NMI> [<ffffffffa0f8502b>] ? asminline_call+0x2b/0x55 [hpwdt] > [<ffffffffa0f852ec>] hpwdt_pretimeout+0x3c/0xa0 [hpwdt] > [<ffffffff804ad9a6>] ? notifier_call_chain+0x29/0x4c > [<ffffffff802587e4>] ? notify_die+0x2d/0x32 > [<ffffffff804abbdc>] ? default_do_nmi+0x53/0x1d9 > [<ffffffff804abd90>] ? do_nmi+0x2e/0x43 > [<ffffffff804ab552>] ? nmi+0xa2/0xd0 > [<ffffffff80221ef9>] ? native_safe_halt+0x2/0x3 > <<EOE>> [<ffffffff8021345d>] ? default_idle+0x38/0x54 > [<ffffffff8021359a>] ? c1e_idle+0x118/0x11c > [<ffffffff8020b3b5>] ? cpu_idle+0xa9/0xf1 > > > Code: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff <55> 50 e8 00 00 00 00 58 48 2d 07 10 40 00 48 8b e8 58 e9 68 02 > RIP [<ffffc20011090c00>] 0xffffc20011090c00 > RSP <ffff88012f6f9e68> > CR2: ffffc20011090c00 > Kernel panic - not syncing: Fatal exception > > > Signed-off-by: Bernhard Walle <bwalle@...e.de> > --- > drivers/watchdog/hpwdt.c | 3 +++ > 1 files changed, 3 insertions(+), 0 deletions(-) > > diff --git a/drivers/watchdog/hpwdt.c b/drivers/watchdog/hpwdt.c > index 9890dff..e83e1ac 100644 > --- a/drivers/watchdog/hpwdt.c > +++ b/drivers/watchdog/hpwdt.c > @@ -40,6 +40,7 @@ > #include <linux/bootmem.h> > #include <linux/slab.h> > #include <asm/desc.h> > +#include <asm/cacheflush.h> > > #define PCI_BIOS32_SD_VALUE 0x5F32335F /* "_32_" */ > #define CRU_BIOS_SIGNATURE_VALUE 0x55524324 > @@ -394,6 +395,8 @@ static void __devinit dmi_find_cru(const struct dmi_header *dm) > smbios_cru64_ptr->double_offset; > cru_rom_addr = ioremap(cru_physical_address, > smbios_cru64_ptr->double_length); > + set_memory_x((unsigned long)cru_rom_addr & PAGE_MASK, > + smbios_cru64_ptr->double_length >> PAGE_SHIFT); > } > } > } This is also needed in 2.6.27.x, yes? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists