On Mon, Nov 9, 2015 at 11:08 PM, Ard Biesheuvel
wrote:
> On 9 November 2015 at 22:08, Kees Cook wrote:
>> On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel
>> wrote:
>>> On 8 November 2015 at 07:58, Kees Cook wrote:
On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel
wrote:
> On 7 Nove
On 9 November 2015 at 22:08, Kees Cook wrote:
> On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel
> wrote:
>> On 8 November 2015 at 07:58, Kees Cook wrote:
>>> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel
>>> wrote:
On 7 November 2015 at 08:09, Ingo Molnar wrote:
>
> * Matt Flemi
On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel
wrote:
> On 8 November 2015 at 07:58, Kees Cook wrote:
>> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel
>> wrote:
>>> On 7 November 2015 at 08:09, Ingo Molnar wrote:
* Matt Fleming wrote:
> On Fri, 06 Nov, at 07:55:50AM, Ingo
On 8 November 2015 at 07:58, Kees Cook wrote:
> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel
> wrote:
>> On 7 November 2015 at 08:09, Ingo Molnar wrote:
>>>
>>> * Matt Fleming wrote:
>>>
On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
>
> 3) We should fix the EFI permission
On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel
wrote:
> On 7 November 2015 at 08:09, Ingo Molnar wrote:
>>
>> * Matt Fleming wrote:
>>
>>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
>>> >
>>> > 3) We should fix the EFI permission problem without relying on the
>>> > firmware: it
>>> >
On Sat, 07 Nov, at 08:05:54AM, Ingo Molnar wrote:
>
> * Matt Fleming wrote:
>
> > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote:
> > >
> > > And if this turns out to be due to EFI wanting those permissions, what
> > > should
> > > we do? People have talked about running the EFI callback
On 7 November 2015 at 08:09, Ingo Molnar wrote:
>
> * Matt Fleming wrote:
>
>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
>> >
>> > 3) We should fix the EFI permission problem without relying on the
>> > firmware: it
>> > appears we could just mark everything R-X optimistically, and
* Matt Fleming wrote:
> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
> >
> > 3) We should fix the EFI permission problem without relying on the
> > firmware: it
> > appears we could just mark everything R-X optimistically, and if a
> > write fault
> > happens (it's pretty rare
* Matt Fleming wrote:
> On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote:
> >
> > And if this turns out to be due to EFI wanting those permissions, what
> > should
> > we do? People have talked about running the EFI callbacks in their own
> > private
> > page table setup, which sounds li
* Andy Lutomirski wrote:
> On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote:
> >
> > * Linus Torvalds wrote:
> >
> >> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote:
> >> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
> >> > >
> >> > > I don't have that later debug ou
On Fri, Nov 06, 2015 at 01:09:48PM +, Matt Fleming wrote:
> On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote:
> >
> > Admittedly, we might need to use a certain amount of care to avoid
> > interesting conflicts with the vmap mechanism. We might need to vmap
> > all of the EFI stuff, and p
On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote:
>
> Admittedly, we might need to use a certain amount of care to avoid
> interesting conflicts with the vmap mechanism. We might need to vmap
> all of the EFI stuff, and possibly even all the top-level entries that
> contain EFI stuff (i.e. ex
On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote:
>
> 3) We should fix the EFI permission problem without relying on the firmware:
> it
> appears we could just mark everything R-X optimistically, and if a write
> fault
> happens (it's pretty rare in fact, only triggers when we write t
On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote:
>
> And if this turns out to be due to EFI wanting those permissions, what
> should we do? People have talked about running the EFI callbacks in
> their own private page table setup, which sounds like the right idea,
> but until that actually *h
(resent with Matt's email address fixed.)
* Ingo Molnar wrote:
>
> * Linus Torvalds wrote:
>
> > On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote:
> > > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
> > > >
> > > > I don't have that later debug output at all. Presumably
On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote:
>
> * Linus Torvalds wrote:
>
>> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote:
>> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
>> > >
>> > > I don't have that later debug output at all. Presumably some config
>> > di
* Linus Torvalds wrote:
> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote:
> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
> > >
> > > I don't have that later debug output at all. Presumably some config
> > difference.
> >
> > CONFIG_X86_PTDUMP_CORE iirc.
>
> No, I have
On Thu, Nov 05, 2015 at 02:04:55PM -0800, Linus Torvalds wrote:
> and there's quite a few other pages there that are RW but not marked
> NX. I suspect they come from the EFI runtime services because the
Yeah, at least the EFI mappings would need a bit more fiddling until
they're NX:
https://lkml.
On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds
wrote:
>
> No, I have that. I suspect CONFIG_EFI_PGT_DUMP instead.
Yes, that seems to show the tables, and agrees with the problem address.
So for me I have:
WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:225
note_page+0x5dc/0x780()
On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds
wrote:
>
> I suspect CONFIG_EFI_PGT_DUMP instead.
>
> Anyway, as it stands now, I think the CONFIG_DEBUG_WX option should
> not default to 'y' unless it is made more useful if it actually
> triggers. Ingo?
Actually, I guess I should have cc'd Steven
On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote:
> On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
> >
> > I don't have that later debug output at all. Presumably some config
> difference.
>
> CONFIG_X86_PTDUMP_CORE iirc.
No, I have that. I suspect CONFIG_EFI_PGT_DUMP instead.
On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:
> On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote:
> >
> > FWIW I'm seeing this too.
> >
> > [0.468368] ---[ Low Kernel Mapping ]---
> > [0.468381] 0x8800-0x8880 8M RW
> >
On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote:
>
> FWIW I'm seeing this too.
>
> [0.468368] ---[ Low Kernel Mapping ]---
> [0.468381] 0x8800-0x8880 8M RW
>GLB NX pte
> [0.468391] 0x8880-0x8890
On Wed, Nov 04, 2015 at 11:26:12AM -0800, Linus Torvalds wrote:
> On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote:
> >
> > The new CONFIG_DEBUG_WX=y warning is marked default-y if
> > CONFIG_DEBUG_RODATA=y is
> > already eanbled, as a special exception, as these bugs are hard to notice
>
On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote:
>
> The new CONFIG_DEBUG_WX=y warning is marked default-y if
> CONFIG_DEBUG_RODATA=y is
> already eanbled, as a special exception, as these bugs are hard to notice and
> this
> check already found several live bugs.
So this seems to be not very
Linus,
Please pull the latest x86-mm-for-linus git tree from:
git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86-mm-for-linus
# HEAD: e1a58320a38dfa72be48a0f1a3a92273663ba6db x86/mm: Warn on W^X mappings
The main changes are: continued PAT work by Toshi Kani, plus a new boot ti
26 matches
Mail list logo
