| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAErSpo5dSd7=BZFoROowLACmkKHHD0gbbRQWN3VCga3M3GepgQ@mail.gmail.com>
Date: Mon, 8 Oct 2018 15:08:30 -0500
From: Bjorn Helgaas <bhelgaas@...gle.com>
To: Thomas Gleixner <tglx@...utronix.de>
Cc: pmenzel@...gen.mpg.de, Joerg Roedel <joro@...tes.org>,
Borislav Petkov <bp@...en8.de>, linux-mm@...ck.org,
x86@...nel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
On Mon, Oct 8, 2018 at 2:37 PM Thomas Gleixner <tglx@...utronix.de> wrote:
>
> Paul,
>
> On Fri, 5 Oct 2018, Paul Menzel wrote:
> > On 10/05/18 11:27, Thomas Gleixner wrote:
> > > If pcibios is enabled and used, need to look at the gory details of that
> > > first, then the W+X check has to exclude that region. We can't do much
> > > about that.
> >
> > That would also explain, why it only happens with the SeaBIOS payload,
> > which sets up legacy BIOS calls. Using GRUB directly as payload, no BIOS
> > calls are set up.
> >
> > Reading the Kconfig description of the PCI access mode, the BIOS should
> > only be used last.
>
> Correct. And looking at the dmesg you provided it is initialized:
>
> [ 0.441062] PCI: PCI BIOS area is rw and x. Use pci=nobios if you want it NX.
> [ 0.441062] PCI: PCI BIOS revision 2.10 entry at 0xffa40, last bus=3
>
> Though I assume it's not really required, but this PCI BIOS thing is not
> really well documented and there are some obsure usage sites involved.
>
> Bjorn, do you have any insight or did you flush those memories long ago?
No, I don't. I was never really involved with PCIBIOS.
Powered by blists - more mailing lists