lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <874ogzph4m.fsf@basil.nowhere.org>
Date:	Sat, 19 Jun 2010 10:21:29 +0200
From:	Andi Kleen <andi@...stfloor.org>
To:	Kees Cook <kees.cook@...onical.com>
Cc:	x86@...nel.org, "H. Peter Anvin" <hpa@...or.com>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	Alexander Potashev <aspotashev@...il.com>,
	Tim Abbott <tabbott@...lice.com>,
	Sam Ravnborg <sam@...nborg.org>,
	Jan Beulich <jbeulich@...ell.com>,
	Jeremy Fitzhardinge <jeremy.fitzhardinge@...rix.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 0/4] x86: clear XD_DISABLED flag on Intel to regain NX

Kees Cook <kees.cook@...onical.com> writes:

> This will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX cannot
> be inappropriately controlled by the BIOS on Intel CPUs.  If NX actually
> needs to be disabled, "noexec=off" can be used.

The patch still seems like a bad idea to me. What happens if 
the NX bit is broken for some reason and the BIOS is right
to disable it?

If there's some VM which doesn't ignore unknown MSR writes
it could also break early, and at best you get an ugly
message and at worst a crash.

Do you have evidence for a lot of systems where NX is disabled
this way without BIOS option? Really such information
should be in the patch description.

If you really need to apply it apply it in some place where
exception handling is possible at least.

-Andi

-- 
ak@...ux.intel.com -- Speaking for myself only.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ