All of lore.kernel.org
 help / color / mirror / Atom feed
From: castet.matthieu@free.fr
To: "H. Peter Anvin" <hpa@zytor.com>
Cc: castet.matthieu@free.fr, Ingo Molnar <mingo@elte.hu>,
	Linux Kernel list <linux-kernel@vger.kernel.org>,
	linux-security-module@vger.kernel.org,
	Matthias Hopf <mhopf@suse.de>,
	rjw@sisk.pl, Andrew Morton <akpm@linux-foundation.org>,
	Suresh Siddha <suresh.b.siddha@intel.com>
Subject: Re: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend
Date: Mon, 07 Feb 2011 20:59:14 +0100	[thread overview]
Message-ID: <1297108754.4d504f1281802@imp.free.fr> (raw)
In-Reply-To: <4D4F31BC.3000709@zytor.com>

Thanks for cleaning the patch.

Selon "H. Peter Anvin" <hpa@zytor.com>:
> On 02/05/2011 08:46 AM, castet.matthieu@free.fr wrote:
>
> No, the problem is that the code is braindamaged and don't take into
> account reserved areas or have a mechanism for marking the reserved
> areas so that kernel_physical_mapping_init can do the right thing... and
> then it's hacked around instead of done properly.
>
> We obviously need to reserve this memory very early in order to make
> sure it exists, and init_memory_mapping() ->
> kernel_physical_mapping_init() really should be able to deal with that
> (for example by walking the list of reserved memory regions and look
> which ones of them should have specific protection bits -- not just NX
> -- set appropriately.)
>
> The trampoline unification patch could have made this less broken, but
> that code is certainly not ready for .38.
>
For .39 I hope we could remove most of the RWX rights after init (This means
make low memory trampoline NX or !RW).
This should be possible on :
- 32 bit if wakeup use trampoline_32 [1] that doesn't enable paging in low
memory (can be NX)
- trampoline_64 need fix to support NX on data section. It tries to read data
section before enabling NX. A possible fix is to use its own page table [2]. And
the kernel one can be NX.


Matthieu


[1]
http://marc.info/?l=linux-acpi&m=129616540303575&w=2

[2]
http://marc.info/?l=linux-kernel&m=129590778414274&w=2

  parent reply	other threads:[~2011-02-07 19:59 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-31 23:03 [PATCH] NX protection for kernel data : fix 32 bits S3 suspend matthieu castet
2011-02-01  8:02 ` Ingo Molnar
2011-02-01 13:25   ` castet.matthieu
2011-02-01 16:30     ` H. Peter Anvin
2011-02-02  6:26     ` Ingo Molnar
2011-02-03 22:11       ` H. Peter Anvin
2011-02-05  1:12       ` H. Peter Anvin
2011-02-05 16:46         ` castet.matthieu
2011-02-06 23:41           ` H. Peter Anvin
2011-02-07  7:40             ` Ingo Molnar
2011-02-07 19:59             ` castet.matthieu [this message]
2011-02-07 20:04               ` H. Peter Anvin
2011-02-12 16:10                 ` matthieu castet
2011-02-14 20:55                   ` H. Peter Anvin
2011-02-26  3:58                   ` Pavel Machek
2011-02-07 20:07               ` H. Peter Anvin
2011-02-14 21:19               ` H. Peter Anvin
2011-02-14 22:50                 ` Rafael J. Wysocki
2011-02-07  3:56           ` H. Peter Anvin
2011-02-07  5:16           ` H. Peter Anvin
2011-02-07  9:24             ` [tip:x86/urgent] x86, nx: Mark the ACPI resume trampoline code as +x tip-bot for H. Peter Anvin
2011-02-07 14:50               ` [tip:x86/urgent] x86, nx: Mark the ACPI resume trampoline code as +x - fixed Marc Koschewski
2011-02-07 15:04                 ` Ingo Molnar
2011-02-07 13:16             ` [PATCH] NX protection for kernel data : fix 32 bits S3 suspend Matthias Hopf
     [not found] <ghb2G-3tw-7@gated-at.bofh.it>
     [not found] ` <ghjtg-WV-5@gated-at.bofh.it>
     [not found]   ` <ghosV-TN-9@gated-at.bofh.it>
     [not found]     ` <ghEo1-2IF-1@gated-at.bofh.it>
     [not found]       ` <gifGW-7eL-13@gated-at.bofh.it>
2011-02-06 10:30         ` Bodo Eggert
2011-02-06 23:32           ` H. Peter Anvin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1297108754.4d504f1281802@imp.free.fr \
    --to=castet.matthieu@free.fr \
    --cc=akpm@linux-foundation.org \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mhopf@suse.de \
    --cc=mingo@elte.hu \
    --cc=rjw@sisk.pl \
    --cc=suresh.b.siddha@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.