lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <17EC94B0A072C34B8DCF0D30AD16044A0288EFC7@BPXM09GP.gisp.nec.co.jp>
Date:	Mon, 7 Dec 2015 23:10:43 +0000
From:	Kosuke Tatsukawa <tatsu@...jp.nec.com>
To:	Matt Fleming <matt@...eblueprint.co.uk>
CC:	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"x86@...nel.org" <x86@...nel.org>,
	"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	"Borislav Petkov" <bp@...en8.de>
Subject: Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled
 in uEFI firmware 

Matt Fleming wrote:
> On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote:
>> The kernel panics early in boot on a x86_64 server if the eXecute
>> Disable (XD) bit is set to disabled in the uEFI firmware.  The message
>> in the kernel log buffer looks like below.
>> ------------------------------------------------------------------------
>> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.0-rc3 #1
>> [    0.000000]  0000000000000000 261c6fa13723be1b ffffffff819b7e40 ffffffff8131f320
>> [    0.000000]  ffffffffffffffff ffffffff819b7f30 ffffffff81b261b0 000000000000001c
>> [    0.000000]  ffffffff81d77a1c 0000000000000010 00000000be35a000 ffffffffff200000
>> [    0.000000] Call Trace:
>> [    0.000000]  [<ffffffff8131f320>] dump_stack+0x44/0x64
>> [    0.000000]  [<ffffffff81b261b0>] early_idt_handler_common+0x90/0xd0
>> [    0.000000]  [<ffffffff81b2f1c5>] ? setup_arch+0x1f1/0xce0
>> [    0.000000]  [<ffffffff81b2f1c5>] ? setup_arch+0x1f1/0xce0
>> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
>> [    0.000000]  [<ffffffff81b26d81>] start_kernel+0xe6/0x4f0
>> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
>> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
>> [    0.000000]  [<ffffffff81b265ee>] x86_64_start_reservations+0x2a/0x2c
>> [    0.000000]  [<ffffffff81b2673c>] x86_64_start_kernel+0x14c/0x16f
>> [    0.000000] RIP 0x80000000be359163
>> ------------------------------------------------------------------------
>> 
>> The panic occurs because __early_set_fixmap() called from
>> parse_setup_data() unconditionally sets the PTE with FIXMAP_PAGE_NORMAL,
>> which contains _PAGE_NX and causes an exception.
>> 
>> This patch modifies __early_set_fixmap() to set _PAGE_NX only when the
>> hardware supports it.  It also moves the call to x86_configure_nx()
>> earlier in setup_arch() before __early_set_fixmap() is first called.
>> 
>> The above problem occurs after __early_set_fixmap() is called from
>> parse_setup_data().  However, since setup_olpc_ofw_pgd() can also call
>> __early_set_fixmap(), the patch moves the call to x86_configure_nx()
>> before that.
>> 
>> Signed-off-by: Kosuke Tatsukawa <tatsu@...jp.nec.com>
>> ---
>>  arch/x86/kernel/setup.c |   18 +++++++++---------
>>  arch/x86/mm/ioremap.c   |    3 +++
>>  2 files changed, 12 insertions(+), 9 deletions(-)
> 
> Could you try booting with the commit 04633df0c43d ("x86/cpu: Call
> verify_cpu() after having entered long mode too") instead? It's part
> of v4.4-rc1.
> 
> Allowing NX to be disabled should be avoided.

Thank you pointing that out.

linux-4.4-rc3 booted without a problem on a real server even with XD
turned off by the firmware.  I didn't notice this before because I was
using an older version of the kernel on the real server, and doing
investigation on a KVM guest.

The "noexec=off" kernel parameter still seems to come up with EFI
runtime service disabled though.  Do you think this should be left alone
as an disadvantage for using a bad option?
---
Kosuke TATSUKAWA  | 3rd IT Platform Department
                  | IT Platform Division, NEC Corporation
                  | tatsu@...jp.nec.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ