From: Richard Simpson <rs1002@huskydog.org.uk>
To: Avi Kivity <avi@redhat.com>
Cc: kvm@vger.kernel.org
Subject: Re: Setting nx bit in virtual CPU
Date: Thu, 08 Apr 2010 00:13:28 +0100 [thread overview]
Message-ID: <4BBD1198.6010304@huskydog.org.uk> (raw)
In-Reply-To: <4BBCEFA5.3050900@redhat.com>
>> gordon Code # ./check-nx
>> nx: enabled
>> gordon Code #
>>
>> OK, seems to be enabled just fine. Any other ideas? I am beginning to
>> get that horrible feeling that there isn't a real problem and it is just
>> me being dumb!
>>
> I really hope so, because I am out of ideas... :)
>
> Can you verify check-nx returns disabled on the guest?
> Does /proc/cpuinfo show nx in the guest?
>
OK, time for a summary:
Host: /proc/cpuinfo shows 'nx' and check-nx shows 'enabled'
Guest: /proc/cpuinfo doesn't show nx and check-nx shows 'disabled'
Guest (with -no-kvm option): /proc/cpuinfo shows 'nx', but check-nx
still shows 'disabled'
Below I have included all the listings which I think might be useful,
but if you would like to see anything else then please ask.
HOST:
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 79
model name : AMD Athlon(tm) 64 Processor 3200+
stepping : 2
cpu MHz : 1000.000
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext fxsr_opt
rdtscp lm 3dnowext 3dnow rep_good nopl pni cx16 lahf_lm svm extapic
cr8_legacy
bogomips : 2000.06
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management: ts fid vid ttp tm stc
GUEST with command line - kvm -hda /dev/mapper/vols-andrew -kernel
./bzImage -append root=/dev/hda2 -cpu host -runas xx -net nic -net user
-m 256 -k en-gb -vnc :1 -monitor stdio
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 15
model : 79
model name : AMD Athlon(tm) 64 Processor 3200+
stepping : 2
cpu MHz : 10000.330
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 1
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall mmxext fxsr_opt lm
rep_good pni cx16 lahf_lm
bogomips : 2000.06
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Results of paxtest
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: kiddie
Linux andrew 2.6.28-hardened-r9 #4 Mon Jan 18 22:39:31 GMT 2010 x86_64
AMD Athlon(tm) 64 Processor 3200+ AuthenticAMD GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Killed
Anonymous mapping randomisation test : 33 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 40 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 12 bits (guessed)
Shared library randomisation test : 33 bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy) : *** buffer overflow detected
***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected
***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Killed
Executable shared library data : Killed
GUEST with command line - kvm -hda /dev/mapper/vols-andrew -kernel
./bzImage -append root=/dev/hda2 -no-kvm -runas xx -net nic -net user -m
256 -k en-gb -vnc :1 -monitor stdio
/proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 6
model : 2
model name : QEMU Virtual CPU version 0.12.3
stepping : 3
cpu MHz : 1998.067
cache size : 512 KB
fpu : yes
fpu_exception : yes
cpuid level : 4
wp : yes
flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx lm pni cx16 lahf_lm
svm abm sse4a
bogomips : 3996.13
TLB size : 1024 4K pages
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:
Results of paxtest
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: kiddie
Linux andrew 2.6.28-hardened-r9 #4 Mon Jan 18 22:39:31 GMT 2010 x86_64
QEMU Virtual CPU version 0.12.3 AuthenticAMD GNU/Linux
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomisation test : 33 bits (guessed)
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 40 bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (ET_DYN) : 12 bits (guessed)
Shared library randomisation test : 33 bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy) : *** buffer overflow detected
***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected
***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Killed
Executable shared library data : Killed
next prev parent reply other threads:[~2010-04-07 23:13 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-03-29 22:16 Setting nx bit in virtual CPU Richard Simpson
2010-03-30 2:12 ` Chris Wright
2010-03-30 20:42 ` Richard Simpson
2010-04-01 8:43 ` Avi Kivity
2010-04-02 21:07 ` Richard Simpson
2010-04-05 8:27 ` Avi Kivity
2010-04-06 22:31 ` Richard Simpson
2010-04-07 5:39 ` Avi Kivity
2010-04-07 12:10 ` Richard Simpson
2010-04-07 12:23 ` Avi Kivity
2010-04-07 20:38 ` Richard Simpson
2010-04-07 20:48 ` Avi Kivity
2010-04-07 23:13 ` Richard Simpson [this message]
2010-04-08 7:23 ` Avi Kivity
2010-04-08 23:55 ` Richard Simpson
2010-04-10 19:34 ` Avi Kivity
2010-04-08 8:52 ` Andre Przywara
2010-04-08 21:23 ` Richard Simpson
2010-04-09 23:45 ` Andre Przywara
2010-04-12 21:15 ` Richard Simpson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BBD1198.6010304@huskydog.org.uk \
--to=rs1002@huskydog.org.uk \
--cc=avi@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox