From: matthieu castet <castet.matthieu@free.fr>
To: Linux Kernel list <linux-kernel@vger.kernel.org>
Cc: Ingo Molnar <mingo@elte.hu>,
linux-security-module@vger.kernel.org,
Matthias Hopf <mhopf@suse.de>,
rjw@sisk.pl, Andrew Morton <akpm@linux-foundation.org>,
"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH] NX protection for kernel data : fix xen boot
Date: Tue, 01 Feb 2011 00:01:51 +0100 [thread overview]
Message-ID: <4D473F5F.1020308@free.fr> (raw)
[-- Attachment #1: Type: text/plain, Size: 141 bytes --]
I think it should be applied before 2.6.38 release, because without
this patch S3 suspend doesn't work on x86_32 with CONFIG_DEBUG_RODATA.
[-- Attachment #2: 0001-NX-protection-for-kernel-data-fix-32-bits-wakeup.patch --]
[-- Type: text/x-diff, Size: 1907 bytes --]
>From 8e4bdefe9649a89c972974d94510f0c2bd2d0ea4 Mon Sep 17 00:00:00 2001
From: Matthieu CASTET <castet.matthieu@free.fr>
Date: Thu, 27 Jan 2011 21:36:07 +0100
Subject: [PATCH] NX protection for kernel data : fix 32 bits wakeup
32 bits wakeup realmode trampoline enable paging, while still
in low memory.
We should make this memory !NX in order it works.
Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Tested-by: Matthias Hopf <mhopf@suse.de>
---
arch/x86/mm/init_32.c | 8 ++++++++
arch/x86/mm/pageattr.c | 7 +++++++
2 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index c821074..0048738 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -227,6 +227,14 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
static inline int is_kernel_text(unsigned long addr)
{
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+ /*
+ * We need to make the wakeup trampoline in first 1MB !NX
+ */
+ if (addr >= PAGE_OFFSET && addr <= (PAGE_OFFSET + (1<<20)))
+ return 1;
+#endif
+
if (addr >= (unsigned long)_text && addr <= (unsigned long)__init_end)
return 1;
return 0;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index d343b3c..f1d6cf5 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -265,6 +265,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
pgprot_val(forbidden) |= _PAGE_NX;
#endif
+ /*
+ * We need to make the wakeup trampoline in first 1MB !NX
+ */
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+ if (within(address, PAGE_OFFSET, PAGE_OFFSET + (1<<20)))
+ pgprot_val(forbidden) |= _PAGE_NX;
+#endif
/*
* The kernel text needs to be executable for obvious reasons
--
1.7.2.3
next reply other threads:[~2011-01-31 23:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-01-31 23:01 matthieu castet [this message]
-- strict thread matches above, loose matches on Subject: below --
2011-01-27 22:09 [PATCH] NX protection for kernel data : fix xen boot matthieu castet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D473F5F.1020308@free.fr \
--to=castet.matthieu@free.fr \
--cc=akpm@linux-foundation.org \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mhopf@suse.de \
--cc=mingo@elte.hu \
--cc=rjw@sisk.pl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.