lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Oct 2018 15:08:30 -0500 From: Bjorn Helgaas <bhelgaas@...gle.com> To: Thomas Gleixner <tglx@...utronix.de> Cc: pmenzel@...gen.mpg.de, Joerg Roedel <joro@...tes.org>, Borislav Petkov <bp@...en8.de>, linux-mm@...ck.org, x86@...nel.org, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000 On Mon, Oct 8, 2018 at 2:37 PM Thomas Gleixner <tglx@...utronix.de> wrote: > > Paul, > > On Fri, 5 Oct 2018, Paul Menzel wrote: > > On 10/05/18 11:27, Thomas Gleixner wrote: > > > If pcibios is enabled and used, need to look at the gory details of that > > > first, then the W+X check has to exclude that region. We can't do much > > > about that. > > > > That would also explain, why it only happens with the SeaBIOS payload, > > which sets up legacy BIOS calls. Using GRUB directly as payload, no BIOS > > calls are set up. > > > > Reading the Kconfig description of the PCI access mode, the BIOS should > > only be used last. > > Correct. And looking at the dmesg you provided it is initialized: > > [ 0.441062] PCI: PCI BIOS area is rw and x. Use pci=nobios if you want it NX. > [ 0.441062] PCI: PCI BIOS revision 2.10 entry at 0xffa40, last bus=3 > > Though I assume it's not really required, but this PCI BIOS thing is not > really well documented and there are some obsure usage sites involved. > > Bjorn, do you have any insight or did you flush those memories long ago? No, I don't. I was never really involved with PCIBIOS.
Powered by blists - more mailing lists