lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.21.1810082108570.2455@nanos.tec.linutronix.de>
Date:   Mon, 8 Oct 2018 21:37:13 +0200 (CEST)
From:   Thomas Gleixner <tglx@...utronix.de>
To:     Paul Menzel <pmenzel@...gen.mpg.de>
cc:     Jörg Rödel <joro@...tes.org>,
        Borislav Petkov <bp@...en8.de>, linux-mm@...ck.org,
        x86@...nel.org, lkml <linux-kernel@...r.kernel.org>,
        Bjorn Helgaas <bhelgaas@...gle.com>
Subject: Re: x86/mm: Found insecure W+X mapping at address
 (ptrval)/0xc00a0000

Paul,

On Fri, 5 Oct 2018, Paul Menzel wrote:
> On 10/05/18 11:27, Thomas Gleixner wrote:
> > If pcibios is enabled and used, need to look at the gory details of that
> > first, then the W+X check has to exclude that region. We can't do much
> > about that.
> 
> That would also explain, why it only happens with the SeaBIOS payload,
> which sets up legacy BIOS calls. Using GRUB directly as payload, no BIOS
> calls are set up.
> 
> Reading the Kconfig description of the PCI access mode, the BIOS should
> only be used last.

Correct. And looking at the dmesg you provided it is initialized:

[    0.441062] PCI: PCI BIOS area is rw and x. Use pci=nobios if you want it NX.
[    0.441062] PCI: PCI BIOS revision 2.10 entry at 0xffa40, last bus=3

Though I assume it's not really required, but this PCI BIOS thing is not
really well documented and there are some obsure usage sites involved.

Bjorn, do you have any insight or did you flush those memories long ago?

Anyway we need to exclude the BIOS area when the kernel sets the W+X on
purpose. Warning about that is bogus. I'll send out a patch soon.

Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ