| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <tip-e16d8a6cbb499c5c8bfe9330d3351b649bded4af@git.kernel.org>
Date: Tue, 26 Apr 2016 10:54:40 -0700
From: tip-bot for Andy Lutomirski <tipbot@...or.com>
To: linux-tip-commits@...r.kernel.org
Cc: dvlasenk@...hat.com, linux-kernel@...r.kernel.org, bp@...en8.de,
peterz@...radead.org, mroos@...ux.ee, hpa@...or.com,
torvalds@...ux-foundation.org, mingo@...nel.org,
tglx@...utronix.de, luto@...nel.org, efault@....de,
luto@...capital.net, brgerst@...il.com
Subject: [tip:x86/urgent] Revert "x86/mm/32: Set NX in __supported_pte_mask
before enabling paging"
Commit-ID: e16d8a6cbb499c5c8bfe9330d3351b649bded4af
Gitweb: http://git.kernel.org/tip/e16d8a6cbb499c5c8bfe9330d3351b649bded4af
Author: Andy Lutomirski <luto@...nel.org>
AuthorDate: Tue, 26 Apr 2016 08:52:44 -0700
Committer: Ingo Molnar <mingo@...nel.org>
CommitDate: Tue, 26 Apr 2016 19:52:57 +0200
Revert "x86/mm/32: Set NX in __supported_pte_mask before enabling paging"
This reverts commit 320d25b6a05f8b73c23fc21025d2906ecdd2d4fc.
This change was problematic for a couple of reasons:
1. It missed a some entry points (Xen things and 64-bit native).
2. The entry it changed can be executed more than once. This isn't
really a problem, but it conflated per-cpu state setup and global
state setup.
3. It broke 64-bit non-NX. 64-bit non-NX worked the other way around from
32-bit -- __supported_pte_mask had NX set initially and was *cleared*
in x86_configure_nx. With the patch applied, it never got cleared.
Reported-and-tested-by: Meelis Roos <mroos@...ux.ee>
Signed-off-by: Andy Lutomirski <luto@...nel.org>
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Mike Galbraith <efault@....de>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Link: http://lkml.kernel.org/r/59bd15f7f4b56b633a611b7f70876c6d2ad01a98.1461685884.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@...nel.org>
---
arch/x86/kernel/head_32.S | 6 ------
arch/x86/mm/setup_nx.c | 5 +++--
2 files changed, 3 insertions(+), 8 deletions(-)
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
index 54cdbd2..af11129 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -389,12 +389,6 @@ default_entry:
/* Make changes effective */
wrmsr
- /*
- * And make sure that all the mappings we set up have NX set from
- * the beginning.
- */
- orl $(1 << (_PAGE_BIT_NX - 32)), pa(__supported_pte_mask + 4)
-
enable_paging:
/*
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index 8bea847..f65a33f 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -32,8 +32,9 @@ early_param("noexec", noexec_setup);
void x86_configure_nx(void)
{
- /* If disable_nx is set, clear NX on all new mappings going forward. */
- if (disable_nx)
+ if (boot_cpu_has(X86_FEATURE_NX) && !disable_nx)
+ __supported_pte_mask |= _PAGE_NX;
+ else
__supported_pte_mask &= ~_PAGE_NX;
}
Powered by blists - more mailing lists