lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20066a63-4d7e-c0e9-23fa-4653d1dae8df@gmail.com> Date: Tue, 16 Apr 2019 00:57:06 +0200 From: Xose Vazquez Perez <xose.vazquez@...il.com> To: Thomas Gleixner <tglx@...utronix.de> Cc: LKML <linux-kernel@...r.kernel.org>, x86 team <x86@...nel.org> Subject: Re: [PATCH] x86/mm: Prevent bogus warnings with "noexec=off" On 4/15/19 10:46 AM, Thomas Gleixner wrote: > Xose reported warnings when NX is disabled on the kernel command line. Thank you for doing the dirty work. > > __early_set_fixmap() triggers: > > attempted to set unsupported pgprot: 8000000000000163 > bits: 8000000000000000 > supported: 7fffffffffffffff > > WARNING: CPU: 0 PID: 0 at arch/x86/include/asm/pgtable.h:537 > __early_set_fixmap+0xa2/0xff > > because it uses __default_kernel_pte_mask to mask out unsupported bits. > > Use __supported_pte_mask instead. > > Disabling NX on the command line also triggers the NX warning in the page > table mapping check: > > WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:262 note_page+0x2ae/0x650 > .... > > Make the warning depend on NX set in __supported_pte_mask. > > Reported-by: Xose Vazquez Perez <xose.vazquez@...il.com> And Tested-by: Xose Vazquez Perez <xose.vazquez@...il.com> > Signed-off-by: Thomas Gleixner <tglx@...utronix.de> > --- > arch/x86/mm/dump_pagetables.c | 3 ++- > arch/x86/mm/ioremap.c | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) > > --- a/arch/x86/mm/dump_pagetables.c > +++ b/arch/x86/mm/dump_pagetables.c > @@ -259,7 +259,8 @@ static void note_wx(struct pg_state *st) > #endif > /* Account the WX pages */ > st->wx_pages += npages; > - WARN_ONCE(1, "x86/mm: Found insecure W+X mapping at address %pS\n", > + WARN_ONCE(__supported_pte_mask & _PAGE_NX, > + "x86/mm: Found insecure W+X mapping at address %pS\n", > (void *)st->start_address); > } > > --- a/arch/x86/mm/ioremap.c > +++ b/arch/x86/mm/ioremap.c > @@ -825,7 +825,7 @@ void __init __early_set_fixmap(enum fixe > pte = early_ioremap_pte(addr); > > /* Sanitize 'prot' against any unsupported bits: */ > - pgprot_val(flags) &= __default_kernel_pte_mask; > + pgprot_val(flags) &= __supported_pte_mask; > > if (pgprot_val(flags)) > set_pte(pte, pfn_pte(phys >> PAGE_SHIFT, flags)); >
Powered by blists - more mailing lists