lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100619162156.GW24749@outflux.net>
Date:	Sat, 19 Jun 2010 09:21:56 -0700
From:	Kees Cook <kees.cook@...onical.com>
To:	Andi Kleen <andi@...stfloor.org>
Cc:	x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Alexander Potashev <aspotashev@...il.com>,
	Tim Abbott <tabbott@...lice.com>,
	Sam Ravnborg <sam@...nborg.org>,
	Jan Beulich <jbeulich@...ell.com>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/4] x86: clear XD_DISABLED flag on Intel to regain
 NX

Hi,

On Sat, Jun 19, 2010 at 10:21:29AM +0200, Andi Kleen wrote:
> Kees Cook <kees.cook@...onical.com> writes:
> 
> > This will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX cannot
> > be inappropriately controlled by the BIOS on Intel CPUs.  If NX actually
> > needs to be disabled, "noexec=off" can be used.
> 
> The patch still seems like a bad idea to me. What happens if 
> the NX bit is broken for some reason and the BIOS is right
> to disable it?

I would think this would be the exception; such broken systems should be
worked around when they are discovered.

> If there's some VM which doesn't ignore unknown MSR writes
> it could also break early, and at best you get an ugly
> message and at worst a crash.

That would be a bug in the VM, but since intel_early_init() already does
the MSR call, such a problem would already exist (and this patch wouldn't
make it worse).

> Do you have evidence for a lot of systems where NX is disabled
> this way without BIOS option? Really such information
> should be in the patch description.

All Dell systems shipping Ubuntu (and RedHat before then) until maybe
mid-2009 had XD_DISABLE set, and several bare boards with AMI BIOSes
have shipped with it too.  It is an unfortunately common scenario from
what I've seen.  Note that both have an option, but most users don't know
or care about it.  Since Linux handles NX fine, it should clear the bit.

> If you really need to apply it apply it in some place where
> exception handling is possible at least.

I think this needs to happen before the EFER gets set, which happens very
early.  If this can be moved somewhere else, I would be very happy to put
it there; I'd like to avoid any possible glitches (though clearing an MSR
bit seems safe, and using that MSR is already known to be safe).

-Kees

-- 
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ