| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 30 Jan 2009 18:50:49 +0000 From: Ian Campbell <Ian.Campbell@...rix.com> To: Mark McLoughlin <markmc@...hat.com> Cc: Jon Swanson <jswanson@...uecommerce.co.jp>, fedora-virt@...hat.com, Jeremy Fitzhardinge <jeremy@...p.org>, Ingo Molnar <mingo@...e.hu>, linux-kernel@...r.kernel.org, stable@...nel.org Subject: Re: [PATCH] xen: do not set NX bit when making initial pagetables readonly I meant to CC lkml and stable@ (some of the original reports are against 2.6.27) and fat-fingered the to: line. A few previous threads on the subject: http://lists.xensource.com/archives/html/xen-devel/2009-01/msg00176.html http://www.redhat.com/archives/fedora-xen/2009-January/msg00022.html http://www.redhat.com/archives/fedora-virt/2009-January/msg00013.html Ian. On Fri, 2009-01-30 at 18:19 +0000, Ian Campbell wrote: > __supported_pte_mask has not been correctly configured at this point > and Xen prevents us from using the NX bit if the hardware does not > support it. Some BIOSes seem to offer the option to disable NX. > > Signed-off-by: Ian Campbell <ian.campbell@...rix.com> > Cc: Mark McLoughlin <markmc@...hat.com> > Cc: Jon Swanson <jswanson@...uecommerce.co.jp> > Cc: fedora-virt@...hat.com > Cc: Jeremy Fitzhardinge <jeremy@...p.org> > Cc: Ingo Molnar <mingo@...e.hu> > --- > arch/x86/xen/enlighten.c | 24 +++++++++++++----------- > 1 files changed, 13 insertions(+), 11 deletions(-) > > diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c > index bea2152..e705bdf 100644 > --- a/arch/x86/xen/enlighten.c > +++ b/arch/x86/xen/enlighten.c > @@ -53,6 +53,8 @@ > #include "mmu.h" > #include "multicalls.h" > > +#define _KERNPG_TABLE_RO __pgprot(_KERNPG_TABLE & ~_PAGE_RW) > + > EXPORT_SYMBOL_GPL(hypercall_page); > > DEFINE_PER_CPU(struct vcpu_info *, xen_vcpu); > @@ -1487,9 +1489,9 @@ static __init void xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn) > } > > for (pteidx = 0; pteidx < ident_pte; pteidx += PTRS_PER_PTE) > - set_page_prot(&level1_ident_pgt[pteidx], PAGE_KERNEL_RO); > + set_page_prot(&level1_ident_pgt[pteidx], _KERNPG_TABLE_RO); > > - set_page_prot(pmd, PAGE_KERNEL_RO); > + set_page_prot(pmd, _KERNPG_TABLE_RO); > } > > #ifdef CONFIG_X86_64 > @@ -1543,12 +1545,12 @@ static __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, > xen_map_identity_early(level2_ident_pgt, max_pfn); > > /* Make pagetable pieces RO */ > - set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); > - set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); > - set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); > - set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); > - set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); > - set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); > + set_page_prot(init_level4_pgt, _KERNPG_TABLE_RO); > + set_page_prot(level3_ident_pgt, _KERNPG_TABLE_RO); > + set_page_prot(level3_kernel_pgt, _KERNPG_TABLE_RO); > + set_page_prot(level3_user_vsyscall, _KERNPG_TABLE_RO); > + set_page_prot(level2_kernel_pgt, _KERNPG_TABLE_RO); > + set_page_prot(level2_fixmap_pgt, _KERNPG_TABLE_RO); > > /* Pin down new L4 */ > pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE, > @@ -1597,9 +1599,9 @@ static __init pgd_t *xen_setup_kernel_pagetable(pgd_t *pgd, > set_pgd(&swapper_pg_dir[KERNEL_PGD_BOUNDARY], > __pgd(__pa(level2_kernel_pgt) | _PAGE_PRESENT)); > > - set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); > - set_page_prot(swapper_pg_dir, PAGE_KERNEL_RO); > - set_page_prot(empty_zero_page, PAGE_KERNEL_RO); > + set_page_prot(level2_kernel_pgt, _KERNPG_TABLE_RO); > + set_page_prot(swapper_pg_dir, _KERNPG_TABLE_RO); > + set_page_prot(empty_zero_page, _KERNPG_TABLE_RO); > > pin_pagetable_pfn(MMUEXT_UNPIN_TABLE, PFN_DOWN(__pa(pgd))); > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists