Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Matt Fleming <matt@codeblueprint.co.uk>
To: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
	"x86@kernel.org" <x86@kernel.org>,
	"linux-efi@vger.kernel.org" <linux-efi@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Borislav Petkov <bp@alien8.de>
Subject: Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware
Date: Fri, 4 Dec 2015 16:40:57 +0000	[thread overview]
Message-ID: <20151204164057.GE2514@codeblueprint.co.uk> (raw)
In-Reply-To: <17EC94B0A072C34B8DCF0D30AD16044A0288E2D7@BPXM09GP.gisp.nec.co.jp>

On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote:
> The kernel panics early in boot on a x86_64 server if the eXecute
> Disable (XD) bit is set to disabled in the uEFI firmware.  The message
> in the kernel log buffer looks like below.
> ------------------------------------------------------------------------
> [    0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.0-rc3 #1
> [    0.000000]  0000000000000000 261c6fa13723be1b ffffffff819b7e40 ffffffff8131f320
> [    0.000000]  ffffffffffffffff ffffffff819b7f30 ffffffff81b261b0 000000000000001c
> [    0.000000]  ffffffff81d77a1c 0000000000000010 00000000be35a000 ffffffffff200000
> [    0.000000] Call Trace:
> [    0.000000]  [<ffffffff8131f320>] dump_stack+0x44/0x64
> [    0.000000]  [<ffffffff81b261b0>] early_idt_handler_common+0x90/0xd0
> [    0.000000]  [<ffffffff81b2f1c5>] ? setup_arch+0x1f1/0xce0
> [    0.000000]  [<ffffffff81b2f1c5>] ? setup_arch+0x1f1/0xce0
> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
> [    0.000000]  [<ffffffff81b26d81>] start_kernel+0xe6/0x4f0
> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
> [    0.000000]  [<ffffffff81b26120>] ? early_idt_handler_array+0x120/0x120
> [    0.000000]  [<ffffffff81b265ee>] x86_64_start_reservations+0x2a/0x2c
> [    0.000000]  [<ffffffff81b2673c>] x86_64_start_kernel+0x14c/0x16f
> [    0.000000] RIP 0x80000000be359163
> ------------------------------------------------------------------------
> 
> The panic occurs because __early_set_fixmap() called from
> parse_setup_data() unconditionally sets the PTE with FIXMAP_PAGE_NORMAL,
> which contains _PAGE_NX and causes an exception.
> 
> This patch modifies __early_set_fixmap() to set _PAGE_NX only when the
> hardware supports it.  It also moves the call to x86_configure_nx()
> earlier in setup_arch() before __early_set_fixmap() is first called.
> 
> The above problem occurs after __early_set_fixmap() is called from
> parse_setup_data().  However, since setup_olpc_ofw_pgd() can also call
> __early_set_fixmap(), the patch moves the call to x86_configure_nx()
> before that.
> 
> Signed-off-by: Kosuke Tatsukawa <tatsu@ab.jp.nec.com>
> ---
>  arch/x86/kernel/setup.c |   18 +++++++++---------
>  arch/x86/mm/ioremap.c   |    3 +++
>  2 files changed, 12 insertions(+), 9 deletions(-)

Could you try booting with the commit 04633df0c43d ("x86/cpu: Call
verify_cpu() after having entered long mode too") instead? It's part
of v4.4-rc1.

Allowing NX to be disabled should be avoided.

next prev parent reply	other threads:[~2015-12-04 16:41 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-12-03 23:58 [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware Kosuke Tatsukawa
2015-12-04 16:40 ` Matt Fleming [this message]
2015-12-07 23:10   ` Kosuke Tatsukawa
2015-12-08 12:25     ` Matt Fleming
2015-12-08 14:19       ` Borislav Petkov
2015-12-08 20:30         ` Kees Cook
2015-12-08 20:39           ` H. Peter Anvin
2015-12-08 20:54             ` Borislav Petkov
2015-12-15  0:07             ` Andy Lutomirski
2015-12-08 20:56           ` Borislav Petkov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151204164057.GE2514@codeblueprint.co.uk \
    --to=matt@codeblueprint.co.uk \
    --cc=bp@alien8.de \
    --cc=hpa@zytor.com \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tatsu@ab.jp.nec.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox