[PATCH] NX protection for kernel data : fix 32 bits S3 suspend

All of lore.kernel.org
 help / color / mirror / Atom feed

From: matthieu castet <castet.matthieu@free.fr>
To: Linux Kernel list <linux-kernel@vger.kernel.org>
Cc: Ingo Molnar <mingo@elte.hu>,
	linux-security-module@vger.kernel.org,
	Matthias Hopf <mhopf@suse.de>,
	rjw@sisk.pl, Andrew Morton <akpm@linux-foundation.org>,
	"H. Peter Anvin" <hpa@zytor.com>
Subject: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend
Date: Tue, 01 Feb 2011 00:03:49 +0100	[thread overview]
Message-ID: <4D473FD5.1090903@free.fr> (raw)

[-- Attachment #1: Type: text/plain, Size: 141 bytes --]

I think it should be applied before 2.6.38 release, because without
this patch S3 suspend doesn't work on x86_32 with CONFIG_DEBUG_RODATA.



[-- Attachment #2: 0001-NX-protection-for-kernel-data-fix-32-bits-S3-suspend.patch --]
[-- Type: text/x-diff, Size: 1911 bytes --]

>From a8d56e665c9b26c953f355b6e8eeeecafa07efdb Mon Sep 17 00:00:00 2001
From: Matthieu CASTET <castet.matthieu@free.fr>
Date: Thu, 27 Jan 2011 21:36:07 +0100
Subject: [PATCH] NX protection for kernel data : fix 32 bits S3 suspend

32 bits wakeup realmode trampoline enable paging, while still
in low memory.

We should make this memory !NX in order it works.

Signed-off-by: Matthieu CASTET <castet.matthieu@free.fr>
Tested-by: Matthias Hopf <mhopf@suse.de>
---
 arch/x86/mm/init_32.c  |    8 ++++++++
 arch/x86/mm/pageattr.c |    7 +++++++
 2 files changed, 15 insertions(+), 0 deletions(-)

diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index c821074..0048738 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -227,6 +227,14 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base)
 
 static inline int is_kernel_text(unsigned long addr)
 {
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+	/*
+	 * We need to make the wakeup trampoline in first 1MB !NX
+	 */
+	if (addr >= PAGE_OFFSET && addr <= (PAGE_OFFSET + (1<<20)))
+		return 1;
+#endif
+
 	if (addr >= (unsigned long)_text && addr <= (unsigned long)__init_end)
 		return 1;
 	return 0;
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
index d343b3c..f1d6cf5 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -265,6 +265,13 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
 	if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
 		pgprot_val(forbidden) |= _PAGE_NX;
 #endif
+	/*
+	 * We need to make the wakeup trampoline in first 1MB !NX
+	 */
+#if defined(CONFIG_X86_32) && defined(CONFIG_ACPI_SLEEP)
+	if (within(address, PAGE_OFFSET, PAGE_OFFSET + (1<<20)))
+		pgprot_val(forbidden) |= _PAGE_NX;
+#endif
 
 	/*
 	 * The kernel text needs to be executable for obvious reasons
-- 
1.7.2.3

next             reply	other threads:[~2011-01-31 23:03 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-31 23:03 matthieu castet [this message]
2011-02-01  8:02 ` [PATCH] NX protection for kernel data : fix 32 bits S3 suspend Ingo Molnar
2011-02-01 13:25   ` castet.matthieu
2011-02-01 16:30     ` H. Peter Anvin
2011-02-02  6:26     ` Ingo Molnar
2011-02-03 22:11       ` H. Peter Anvin
2011-02-05  1:12       ` H. Peter Anvin
2011-02-05 16:46         ` castet.matthieu
2011-02-06 23:41           ` H. Peter Anvin
2011-02-07  7:40             ` Ingo Molnar
2011-02-07 19:59             ` castet.matthieu
2011-02-07 20:04               ` H. Peter Anvin
2011-02-12 16:10                 ` matthieu castet
2011-02-14 20:55                   ` H. Peter Anvin
2011-02-26  3:58                   ` Pavel Machek
2011-02-07 20:07               ` H. Peter Anvin
2011-02-14 21:19               ` H. Peter Anvin
2011-02-14 22:50                 ` Rafael J. Wysocki
2011-02-07  3:56           ` H. Peter Anvin
2011-02-07  5:16           ` H. Peter Anvin
2011-02-07  9:24             ` [tip:x86/urgent] x86, nx: Mark the ACPI resume trampoline code as +x tip-bot for H. Peter Anvin
2011-02-07 14:50               ` [tip:x86/urgent] x86, nx: Mark the ACPI resume trampoline code as +x - fixed Marc Koschewski
2011-02-07 15:04                 ` Ingo Molnar
2011-02-07 13:16             ` [PATCH] NX protection for kernel data : fix 32 bits S3 suspend Matthias Hopf
     [not found] <ghb2G-3tw-7@gated-at.bofh.it>
     [not found] ` <ghjtg-WV-5@gated-at.bofh.it>
     [not found]   ` <ghosV-TN-9@gated-at.bofh.it>
     [not found]     ` <ghEo1-2IF-1@gated-at.bofh.it>
     [not found]       ` <gifGW-7eL-13@gated-at.bofh.it>
2011-02-06 10:30         ` Bodo Eggert
2011-02-06 23:32           ` H. Peter Anvin

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c821074 dfblob:0048738 dfblob:d343b3c dfblob:f1d6cf5 )
 OR (
bs:"NX protection for kernel data : fix 32 bits S3 suspend" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4D473FD5.1090903@free.fr \
    --to=castet.matthieu@free.fr \
    --cc=akpm@linux-foundation.org \
    --cc=hpa@zytor.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mhopf@suse.de \
    --cc=mingo@elte.hu \
    --cc=rjw@sisk.pl \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.