| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 08 Dec 2015 12:39:14 -0800 From: "H. Peter Anvin" <hpa@...or.com> To: Kees Cook <keescook@...omium.org>, Borislav Petkov <bp@...en8.de> CC: Matt Fleming <matt@...eblueprint.co.uk>, Kosuke Tatsukawa <tatsu@...jp.nec.com>, Thomas Gleixner <tglx@...utronix.de>, Ingo Molnar <mingo@...hat.com>, "x86@...nel.org" <x86@...nel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware On December 8, 2015 12:30:06 PM PST, Kees Cook <keescook@...omium.org> wrote: >On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov <bp@...en8.de> wrote: >> On Tue, Dec 08, 2015 at 12:25:57PM +0000, Matt Fleming wrote: >>> On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: >>> > >>> > Thank you pointing that out. >>> > >>> > linux-4.4-rc3 booted without a problem on a real server even with >XD >>> > turned off by the firmware. I didn't notice this before because I >was >> >> The aforementioned patch reenables NX. >> >>> Borislav, what do you think about stripping PAGE_NX from >'page_flags' >>> in kernel_map_pages_in_pgd() if NX isn't supported, rather than >>> returning EINVAL? At least that way EFI runtime services would still >>> work. >> >> I guess we can - I mean, I don't see what can go wrong more when >> allowing the kernel to execute even NX UEFI regions. Maybe easier >> generation of "gadgets" in the ROP sense ... >> >> On a related node, I'm very sceptical of the existence of this >"noexec" >> chicken bit, if you ask me. It is a really bad idea, security-wise, >to >> disable NX. Is there even a valid use case to disable NX? >> >> Because if not, I'd vote for removing that chicken bit or at least >> taining the kernel with >> >> add_taint(TAINT_USER_MORON, ... ); > >If we add this for not-nx, I would like to add it for not-rodata too. > >> Kees, has this NX disabling practice come up in the past, per >chance... ? > >I've never seen anyone actually use it. I was asked to include it out >of fear of some kind of rogue imagined CPU configuration that mixed NX >and non-NX capable CPUs in a single machine where the forced NX >re-enablement code would cause problems. As you might imagine, I'm not >aware of this case ever being an issue. ;) > >-Kees Actually I think of it much more as a debug option - being able to mimic NX-unaware hardware and to track down problems in the field. -- Sent from my Android device with K-9 Mail. Please excuse brevity and formatting. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists