lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Oct 2009 21:44:45 -0700 From: Kees Cook <kees.cook@...onical.com> To: "H. Peter Anvin" <hpa@...or.com> Cc: Arjan van de Ven <arjan@...radead.org>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, x86@...nel.org, Pekka Enberg <penberg@...helsinki.fi>, Jan Beulich <jbeulich@...ell.com>, Vegard Nossum <vegardno@....uio.no>, Yinghai Lu <yinghai@...nel.org>, Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2] [x86] detect and report lack of NX protections Hi, On Tue, Oct 20, 2009 at 11:18:43AM +0900, H. Peter Anvin wrote: > On 10/20/2009 11:04 AM, Kees Cook wrote: > >It is possible for x86_64 systems to lack the NX bit (see check_efer()) > >either due to the hardware lacking support or the BIOS having turned > >off the CPU capability, so NX status should be reported. Additionally, > >anyone booting NX-capable CPUs in 32bit mode without PAE will lack NX > >functionality, so this change provides feedback for that case as well. > > > >v2: use "Alert:" instead of "Warning:" to avoid confusiong with WARN_ON() > > > > They're both wrong. Both imply that the user needs to take an > action, which is wrong because the kernel is working as intended. > If you need to use any kind of alert word, it should be something > like "Notice:", and it should be KERN_NOTICE or even KERN_INFO. In the case of a system where the BIOS was shipped with XD not enabled, the user needs to take an action. I'm okay with switching to Notice:, but I don't think KERN_INFO is right. I would agree, "Alert:" would seem to be a KERN_ALERT, which is above KERN_CRIT, which this is clearly not. "Notice" it is. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists