Re: Resume Issues :Exec of NX page, Synaptics Botchup

From: Linus Torvalds
Date: Sun May 22 2011 - 17:57:38 EST

Next message: Daniel Haid: "Question about iommu on x86_64 and radeon driver."
Previous message: t-online.de: "Aktualisieren"
In reply to: Parag Warudkar: "Resume Issues :Exec of NX page, Synaptics Botchup"
Next in thread: Parag Warudkar: "Re: Resume Issues :Exec of NX page, Synaptics Botchup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, May 22, 2011 at 2:36 PM, Parag Warudkar <parag.lkml@xxxxxxxxx> wrote:
>
> So on an otherwise working system, with today's git resume from suspend
> goes awry. Distro kernel 2.6.38-8 has no issues and
> CONFIG_DEBUG_SET_MODULE_RONX=y is set for both kernels.
>
> 1) setup_disablecpuid seems to result in executing a NX page -
> kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
> [ 2762.672126] BUG: unable to handle kernel paging request at
> ffffffff81aaf74d
> [ 2762.672131] IP: [<ffffffff81aaf74d>] setup_disablecpuid+0x40/0x40

Hmm. The "Code: " line is just full of complete garbage, so I think
the real issue is that you really are trying to execute data.

And that in turn seems to be because "setup_disablecpuid()" has
actually been free'd, because it is marked as __init.

Which is fine at the initial bootup, but not so fine at resume time,
since it was free'd long long ago by then.

And it definitely shouldn' t be called at resume time. There's
something wrong there. That call trace is odd:

Call Trace:
[<ffffffff8148a119>] ? identify_cpu+0xd8/0x2d8
[<ffffffff8148a32d>] identify_secondary_cpu+0x14/0x1b
[<ffffffff8148bf0f>] smp_store_cpu_info+0x3c/0x3e
[<ffffffff8148c2ef>] start_secondary+0xf7/0x1d2

because none of those should be calling "setup_disablecpuid()" at all.

Hmm. In fact, RIP is "setup_disablecpuid+0x40/0x40", ie it is one past
the _end_ of setup_disablecpuid.

I suspect that is actually "setup_smep()" that got called, an dthat
there was some garbage data in there that caused it to jump back a
bit.

Does the attached patch fix it?

> 2) Synaptics touchpad which work fine with two fingure gestures etc before
> resume - goes into ps2 mode after resume -
> [ 2783.323947] Synaptics claims to have extended capabilities, but I'm not able to read them.
> [ 2783.774740] Synaptics hardware appears to be different: id(149271-149271), model(114865-114865), caps(d04733-d04733), ext(a40000-0).
> [ 2788.880575] Unable to query Synaptics hardware.

Hmm. I have no idea about this one. Dmitry?

Linus
arch/x86/kernel/cpu/common.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index cbc70a27430c..b93da5d5f5a2 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -262,7 +262,7 @@ static __init int setup_disable_smep(char *arg)
}
__setup("nosmep", setup_disable_smep);

-static __init void setup_smep(struct cpuinfo_x86 *c)
+static __cpuinit void setup_smep(struct cpuinfo_x86 *c)
{
if (cpu_has(c, X86_FEATURE_SMEP)) {
if (unlikely(disable_smep)) {

Next message: Daniel Haid: "Question about iommu on x86_64 and radeon driver."
Previous message: t-online.de: "Aktualisieren"
In reply to: Parag Warudkar: "Resume Issues :Exec of NX page, Synaptics Botchup"
Next in thread: Parag Warudkar: "Re: Resume Issues :Exec of NX page, Synaptics Botchup"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]