public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: matthieu castet <castet.matthieu@free.fr>
To: Lin Ming <ming.m.lin@intel.com>
Cc: Andi Kleen <andi@firstfloor.org>,
	Peter Zijlstra <peterz@infradead.org>,
	Siarhei Liakh <sliakh.lkml@gmail.com>,
	Xuxian Jiang <jiang@cs.ncsu.edu>, Ingo Molnar <mingo@elte.hu>,
	Arjan van de Ven <arjan@infradead.org>,
	lkml <linux-kernel@vger.kernel.org>, tglx <tglx@linutronix.de>
Subject: Re: -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data)
Date: Fri, 24 Dec 2010 18:26:44 +0100	[thread overview]
Message-ID: <20101224182644.062bdb3f@mat-laptop> (raw)
In-Reply-To: <1291093230.2405.191.camel@minggr.sh.intel.com>

[-- Attachment #1: Type: text/plain, Size: 1659 bytes --]

Hi,

Le Tue, 30 Nov 2010 13:00:30 +0800,
Lin Ming <ming.m.lin@intel.com> a écrit :

> On Sat, 2010-11-27 at 01:31 +0800, mat wrote:
> > Le Tue, 23 Nov 2010 23:55:27 +0100,
> > mat <castet.matthieu@free.fr> a écrit :
> > 
> > > Le Mon, 22 Nov 2010 17:42:47 +0100,
> > > Andi Kleen <andi@firstfloor.org> a écrit :
> > > 
> > > > > That seems to be a S3 specific code path, that won't fix
> > > > > anything. Simply do:
> > > > > 
> > > > > echo 0 > /sys/devices/system/cpu/cpu1/online;
> > > > > echo 1 > /sys/devices/system/cpu/cpu1/online;
> > > > > 
> > > > > and your machine will explode..
> > > > 
> > > > The SMP startup trampoline is copied I believe
> > > > and only executed in real mode without page tables.
> > > > 
> > > > So it's perhaps not the trampoline, but the early startup 
> > > > code that ends up being broken.
> > > yes :
> > > acpi wakeup code and smp trampoline are copied in low memory
> > > (first 1MB).
> > > 
> > > So they can't end up int the kernel data mapping ?
> > > 
> > > So it should something else.
> > > 
> > > I will try to investigate on this.
> > > 
> > Unfortunately on my laptop supporting NX, suspend to ram seems
> > broken (even without this patch) and I got only one core, so I am
> > unable to test it.
> > 
> > Does cpu suspend/resume is broken ? Or it is only S3 ?
> > 
> > If yes, are there any interesting trace if we suspend only one core
> > with sysfs.
> 
> echo 0 > /sys/devices/system/cpu/cpu1/online;
> echo 1 > /sys/devices/system/cpu/cpu1/online;
> 
> then machine just reboots...
> 
Ok,

could you try the attached patch ?

Thanks

Matthieu

[-- Attachment #2: x64_nx_data.diff --]
[-- Type: text/x-patch, Size: 895 bytes --]

diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 71a5929..d86552f 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -790,6 +790,7 @@ void mark_rodata_ro(void)
 	unsigned long end = (unsigned long) &__end_rodata_hpage_align;
 	unsigned long text_end = PAGE_ALIGN((unsigned long) &__stop___ex_table);
 	unsigned long rodata_end = PAGE_ALIGN((unsigned long) &__end_rodata);
+	unsigned long data_end = PAGE_ALIGN((unsigned long) &_edata);
 	unsigned long data_start = (unsigned long) &_sdata;
 
 	printk(KERN_INFO "Write protecting the kernel read-only data: %luk\n",
@@ -802,7 +803,7 @@ void mark_rodata_ro(void)
 	 * The rodata section (but not the kernel text!) should also be
 	 * not-executable.
 	 */
-	set_memory_nx(rodata_start, (end - rodata_start) >> PAGE_SHIFT);
+	set_memory_nx(rodata_start, (data_end - rodata_start) >> PAGE_SHIFT);
 
 	rodata_test();
 

  parent reply	other threads:[~2010-12-24 17:26 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-22  7:23 -tip tree resume fail, bisect to 5bd5a45(x86: Add NX protection for kernel data) Lin Ming
2010-11-22  8:07 ` Ingo Molnar
2010-11-22  9:20   ` Andi Kleen
2010-11-22 10:29     ` castet.matthieu
2010-11-22 10:47       ` Andi Kleen
2010-11-22 13:03 ` Peter Zijlstra
2010-11-22 16:29   ` castet.matthieu
2010-11-22 16:35     ` Peter Zijlstra
2010-11-22 16:42       ` Andi Kleen
2010-11-23 22:55         ` mat
2010-11-26 17:31           ` mat
2010-11-26 23:39             ` Lin Ming
2010-11-30  5:00             ` Lin Ming
2010-11-30 11:27               ` Peter Zijlstra
2010-12-01  0:15                 ` Lin Ming
2011-01-23 19:06                   ` matthieu castet
2011-01-24 22:22                     ` matthieu castet
2011-01-25 12:36                       ` Lin Ming
2011-03-09 23:16                       ` matthieu castet
2011-03-10  2:39                         ` Lin Ming
2010-12-24 17:26               ` matthieu castet [this message]
2010-12-27  2:10                 ` Lin Ming
2011-01-05 18:58                   ` matthieu castet
2010-11-22 13:42 ` [tip:x86/security] x86: Resume trampoline must be executable tip-bot for Lin Ming

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20101224182644.062bdb3f@mat-laptop \
    --to=castet.matthieu@free.fr \
    --cc=andi@firstfloor.org \
    --cc=arjan@infradead.org \
    --cc=jiang@cs.ncsu.edu \
    --cc=linux-kernel@vger.kernel.org \
    --cc=ming.m.lin@intel.com \
    --cc=mingo@elte.hu \
    --cc=peterz@infradead.org \
    --cc=sliakh.lkml@gmail.com \
    --cc=tglx@linutronix.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox