lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1810051124320.3960@nanos.tec.linutronix.de>
Date:   Fri, 5 Oct 2018 11:27:21 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Joerg Roedel <joro@...tes.org>
cc:     Borislav Petkov <bp@...en8.de>,
        Paul Menzel <pmenzel@...gen.mpg.de>, linux-mm@...ck.org,
        x86@...nel.org, lkml <linux-kernel@...r.kernel.org>
Subject: Re: x86/mm: Found insecure W+X mapping at address
 (ptrval)/0xc00a0000

On Thu, 4 Oct 2018, Joerg Roedel wrote:

> On Wed, Oct 03, 2018 at 11:22:55PM +0200, Borislav Petkov wrote:
> > On Fri, Sep 28, 2018 at 04:55:19PM +0200, Thomas Gleixner wrote:
> > > Sorry for the delay and thanks for the data. A quick diff did not reveal
> > > anything obvious. I'll have a closer look and we probably need more (other)
> > > information to nail that down.
> 
> I also triggered this when working in the PTI-x32 code. It always
> happens on a 32-bit PAE kernel for me.
> 
> Tracking it down I ended up in (iirc) arch/x86/mm/pageattr.c
> 	function static_protections():
> 
> 		/*
> 		 * The BIOS area between 640k and 1Mb needs to be executable for
> 		 * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support.
> 		 */
> 	#ifdef CONFIG_PCI_BIOS
> 		if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
> 			pgprot_val(forbidden) |= _PAGE_NX;
> 	#endif
> 
> I think that is the reason we are seeing this in that configuration.

Uurgh. Yes.

If pcibios is enabled and used, need to look at the gory details of that
first, then the W+X check has to exclude that region. We can't do much
about that.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ