| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 19 Jun 2010 10:21:29 +0200 From: Andi Kleen <andi@...stfloor.org> To: Kees Cook <kees.cook@...onical.com> Cc: x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, Alexander Potashev <aspotashev@...il.com>, Tim Abbott <tabbott@...lice.com>, Sam Ravnborg <sam@...nborg.org>, Jan Beulich <jbeulich@...ell.com>, Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 0/4] x86: clear XD_DISABLED flag on Intel to regain NX Kees Cook <kees.cook@...onical.com> writes: > This will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX cannot > be inappropriately controlled by the BIOS on Intel CPUs. If NX actually > needs to be disabled, "noexec=off" can be used. The patch still seems like a bad idea to me. What happens if the NX bit is broken for some reason and the BIOS is right to disable it? If there's some VM which doesn't ignore unknown MSR writes it could also break early, and at best you get an ugly message and at worst a crash. Do you have evidence for a lot of systems where NX is disabled this way without BIOS option? Really such information should be in the patch description. If you really need to apply it apply it in some place where exception handling is possible at least. -Andi -- ak@...ux.intel.com -- Speaking for myself only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists