Re: [RFC] stack and heap are executable on x86_64

From: H. Peter Anvin
Date: Fri Dec 21 2012 - 12:02:03 EST

Next message: Doug Anderson: "Re: [PATCH v3] usb: phy: samsung: Add support to set pmu isolation"
Previous message: Mike Galbraith: "Re: [ANNOUNCE] 3.6.11-rt24 (apocalypse release)c"
In reply to: Yinghai Lu: "Re: [RFC] stack and heap are executable on x86_64"
Next in thread: Yinghai Lu: "Re: [RFC] stack and heap are executable on x86_64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12/20/2012 10:27 PM, Yinghai Lu wrote:

after for-x86-boot we will have
---[ Low Kernel Mapping ]---
0xffff880000000000-0xffff880000099000 612K RW GLB NX pte
0xffff880000099000-0xffff88000009a000 4K ro GLB NX pte
0xffff88000009a000-0xffff88000009b000 4K ro GLB x pte
0xffff88000009b000-0xffff880000200000 1428K RW GLB NX pte
0xffff880000200000-0xffff8800dfe00000 3580M RW PSE GLB NX pmd
0xffff8800dfe00000-0xffff8800dfffe000 2040K RW GLB NX pte
0xffff8800dfffe000-0xffff8800e0000000 8K pte
0xffff8800e0000000-0xffff880100000000 512M pmd
0xffff880100000000-0xffff8801a0000000 2560M RW PSE GLB NX pmd
---[ High Kernel Mapping ]---
0xffffffff80000000-0xffffffff81000000 16M pmd
0xffffffff81000000-0xffffffff82a00000 26M RW PSE GLB x pmd
0xffffffff82a00000-0xffffffff82b21000 1156K RW GLB x pte
0xffffffff82b21000-0xffffffff82c00000 892K RW GLB NX pte
0xffffffff82c00000-0xffffffff82e00000 2M RW PSE GLB NX pmd
0xffffffff82e00000-0xffffffff82e92000 584K RW GLB NX pte
0xffffffff82e92000-0xffffffff83000000 1464K RW GLB x pte
0xffffffff83000000-0xffffffff83c00000 12M RW PSE GLB x pmd
0xffffffff83c00000-0xffffffffa0000000 452M pmd

so low mapping will only have trampoline get x set.
is that expected ?

Yes.

Do we need to set low mapping corresponding to kernel range to x?

No; we probably should never have the low mappings set to X, which comes down to what I said earlier... we should mark the low mapping NX at the PGD/PML4 level.

However, this isn't good enough. You still have a large number of pages which are RWX, and we should *never* have RWX pages, period, full stop, and your map above sill have megabytes of them.

Furthermore, just saying "we applied this patchset and it seems to go away" isn't good enough... we need an understanding of *why* it makes things go away and how that makes it safe.

-hpa

--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Doug Anderson: "Re: [PATCH v3] usb: phy: samsung: Add support to set pmu isolation"
Previous message: Mike Galbraith: "Re: [ANNOUNCE] 3.6.11-rt24 (apocalypse release)c"
In reply to: Yinghai Lu: "Re: [RFC] stack and heap are executable on x86_64"
Next in thread: Yinghai Lu: "Re: [RFC] stack and heap are executable on x86_64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]