x86, mm: Set first MB as RW+NX
in [Kernel]
|
Prev: [PATCH] These are my first patches to the kernel
Next: Bug#584846: Detects only 64MB and fails to boot on Intel Green City board if e820 hooked by GRUB2
From: Ingo Molnar on 12 Jun 2010 09:10 FYI, the NX commits in tip:x86/mm have triggered a new boot crash in -tip testing (x86, 32-bit): [ 1.176004] calling pci_arch_init+0x0/0x54 @ 1 [ 1.185812] kernel tried to execute NX-protected page - exploit attempt? (uid: 0) [ 1.188000] BUG: unable to handle kernel paging request at c00fbfcb [ 1.188000] IP: [<c00fbfcb>] 0xc00fbfcb [ 1.188000] *pdpt = 0000000001d99001 *pde = 000000000240a067 *pte = 80000000000fb163 [ 1.188000] Oops: 0011 [#1] SMP [ 1.188000] last sysfs file: [ 1.188000] Modules linked in: [ 1.188000] [ 1.188000] Pid: 1, comm: swapper Not tainted 2.6.35-rc3-tip-00975-gb7201cb-dirty #8395 A8N-E/System Product Name [ 1.188000] EIP: 0060:[<c00fbfcb>] EFLAGS: 00010046 CPU: 1 [ 1.188000] EIP is at 0xc00fbfcb [ 1.188000] EAX: 0000b101 EBX: 000f0000 ECX: f6838000 EDX: 00000001 [ 1.188000] ESI: 000f21d0 EDI: c1ceddd4 EBP: f6821fa8 ESP: f6821f7a [ 1.188000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 [ 1.188000] Process swapper (pid: 1, ti=f6821000 task=f6838000 task.ti=f6821000) [ 1.188000] Stack: [ 1.188000] c00f2411 c00f21e1 c2210006 0060c1d4 3fab0000 0202c10a b1010000 335f0000 [ 1.188000] <0> 00015f32 00000000 00020000 1fb40000 c055f682 5ffcc1d4 1fd04655 103af682 [ 1.188000] <0> c036c100 0000c1d4 f6940000 0002c1d6 00020000 1fe40000 73a1f682 0000c1d1 [ 1.188000] Call Trace: [ 1.188000] Code: ef 66 58 66 5a c3 e8 42 ff cb 00 00 00 00 00 00 66 51 0a ff 75 11 c0 ed 03 80 fd 1f 77 05 80 fd 00 73 04 66 59 f9 c3 66 59 f8 c3 <b1> 05 90 90 c3 b3 28 b7 08 c3 00 00 00 00 00 00 00 00 00 00 00 [ 1.188000] EIP: [<c00fbfcb>] 0xc00fbfcb SS:ESP 0068:f6821f7a [ 1.188000] CR2: 00000000c00fbfcb [ 1.188000] ---[ end trace 5a5d197966b56a2e ]--- Config and full bootlog attached. I've excluded them from tip:master for now. Thanks, Ingo
From: castet.matthieu on 12 Jun 2010 12:40 hi, > Special accommodations have been made for BIOS32/PCI BIOS services: > according to BIOS32 specification > (http://members.datafast.net.au/dft0802/specs/bios32.pdf), at most two > pages per BIOS32 service should be set executable and no pages need to > be writeable. From my understanding only the service directory take 2 pages. The no info for the pci service : - the length field could be used to find the number of page it takes. - could we assume data ro ? Also for easier debugging, set_2_pages_rox should print some info. Matthieu -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: castet.matthieu on 12 Jun 2010 16:10 Selon castet.matthieu(a)free.fr: > hi, > > > Special accommodations have been made for BIOS32/PCI BIOS services: > > according to BIOS32 specification > > (http://members.datafast.net.au/dft0802/specs/bios32.pdf), at most two > > pages per BIOS32 service should be set executable and no pages need to > > be writeable. > From my understanding only the service directory take 2 pages. > > The no info for the pci service : > - the length field could be used to find the number of page it takes. > - could we assume data ro ? > http://members.datafast.net.au/dft0802/specs/bios21.pdf got all info for pci bios [1]. So I was right : we shouldn't assume pci bios routine take only 2 pages, but use the length parameter. Matthieu [1] The 32-bit PCI BIOS functions must be accessed using CALL FAR. The CS and DS descriptors must be setup to encompass the physical addresses specified by the Base and Length parameters returned by the BIOS32 Service Directory. The CS and DS descriptors must have the same base. The calling environment must allow access to IO space and provide at least 1K of stack space. Platform BIOS writers must assume that CS is execute-only and DS is read-only. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Siarhei Liakh on 16 Jun 2010 20:40
>> > Special accommodations have been made for BIOS32/PCI BIOS services: >> > according to BIOS32 specification >> > (http://members.datafast.net.au/dft0802/specs/bios32.pdf), at most two >> > pages per BIOS32 service should be set executable and no pages need to >> > be writeable. >> From my understanding only the service directory take 2 pages. >> >> The no info for the pci service : >> - the length field could be used to find the number of page it takes. >> - could we assume data ro ? >> > > http://members.datafast.net.au/dft0802/specs/bios21.pdf got all info for pci > bios [1]. > So I was right : we shouldn't assume pci bios routine take only 2 pages, but use > the length parameter. Thanks for looking into this. I will be posting another patch shortly. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |