From: Richard Simpson <rs1002@huskydog.org.uk>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org
Subject: Re: Setting nx bit in virtual CPU
Date: Thu, 08 Apr 2010 00:13:28 +0100 [thread overview]
Message-ID: <4BBD1198.6010304@huskydog.org.uk> (raw)
In-Reply-To: <4BBCEFA5.3050900@redhat.com>
>> gordon Code # ./check-nx
>> nx: enabled
>> gordon Code #
>>
>> OK, seems to be enabled just fine. Any other ideas? I am beginning to
>> get that horrible feeling that there isn't a real problem and it is just
>> me being dumb!
>>
> I really hope so, because I am out of ideas... :)
>
> Can you verify check-nx returns disabled on the guest?
> Does /proc/cpuinfo show nx in the guest?
>
OK, time for a summary:
Host: /proc/cpuinfo shows 'nx' and check-nx shows 'enabled'
Guest: /proc/cpuinfo doesn't show nx and check-nx shows 'disabled'
Guest (with -no-kvm option): /proc/cpuinfo shows 'nx', but check-nx
still shows 'disabled'
Below I have included all the listings which I think might be useful,
but if you would like to see anything else then please ask.
HOST:
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 79
model name : AMD Athlon(tm) 64 Processor 3200+
stepping : 2
cpu MHz : 1000.000
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt
rdtscp lm 3dnowext 3dnow rep_good nopl pni cx16 lahf_lm svm extapic
cr8_legacy
bogomips : 2000.06
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
GUEST with command line - kvm -hda /dev/mapper/vols-andrew -kernel
./bzImage -append root=/dev/hda2 -cpu host -runas xx -net nic -net user
-m 256 -k en-gb -vnc :1 -monitor stdio
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 79
model name : AMD Athlon(tm) 64 Processor 3200+
stepping : 2
cpu MHz : 10000.330
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall mmxext fxsr_opt lm
rep_good pni cx16 lahf_lm
bogomips : 2000.06
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Results of paxtest
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: kiddie
Linux andrew 2.6.28-hardened-r9 #4 Mon Jan 18 22:39:31 GMT 2010 x86_64
AMD Athlon(tm) 64 Processor 3200+ AuthenticAMD GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Killed
Anonymous mapping randomisation test : 33 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 40 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 12 bits (guessed)
Shared library randomisation test : 33 bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy) : *** buffer overflow detected
***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected
***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Killed
Executable shared library data : Killed
GUEST with command line - kvm -hda /dev/mapper/vols-andrew -kernel
./bzImage -append root=/dev/hda2 -no-kvm -runas xx -net nic -net user -m
256 -k en-gb -vnc :1 -monitor stdio
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 2
model name : QEMU Virtual CPU version 0.12.3
stepping : 3
cpu MHz : 1998.067
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 lahf_lm
svm abm sse4a
bogomips : 3996.13
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Results of paxtest
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: kiddie
Linux andrew 2.6.28-hardened-r9 #4 Mon Jan 18 22:39:31 GMT 2010 x86_64
QEMU Virtual CPU version 0.12.3 AuthenticAMD GNU/Linux
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomisation test : 33 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 40 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 12 bits (guessed)
Shared library randomisation test : 33 bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy) : *** buffer overflow detected
***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected
***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Killed
Executable shared library data : Killed
next prev parent reply other threads:[~2010-04-07 23:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-29 22:16 Setting nx bit in virtual CPU Richard Simpson
2010-03-30 2:12 ` Chris Wright
2010-03-30 20:42 ` Richard Simpson
2010-04-01 8:43 ` Avi Kivity
2010-04-02 21:07 ` Richard Simpson
2010-04-05 8:27 ` Avi Kivity
2010-04-06 22:31 ` Richard Simpson
2010-04-07 5:39 ` Avi Kivity
2010-04-07 12:10 ` Richard Simpson
2010-04-07 12:23 ` Avi Kivity
2010-04-07 20:38 ` Richard Simpson
2010-04-07 20:48 ` Avi Kivity
2010-04-07 23:13 ` Richard Simpson [this message]
2010-04-08 7:23 ` Avi Kivity
2010-04-08 23:55 ` Richard Simpson
2010-04-10 19:34 ` Avi Kivity
2010-04-08 8:52 ` Andre Przywara
2010-04-08 21:23 ` Richard Simpson
2010-04-09 23:45 ` Andre Przywara
2010-04-12 21:15 ` Richard Simpson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BBD1198.6010304@huskydog.org.uk \
--to=rs1002@huskydog.org.uk \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.