Re: [RFC] stack and heap are executable on x86_64

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: "H. Peter Anvin" <hpa@zytor.com>
To: Yinghai Lu <yinghai@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
	linux-kernel@vger.kernel.org,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	x86@kernel.org, Jim Kukunas <james.t.kukunas@linux.intel.com>,
	Arjan van de Ven <arjan@infradead.org>
Subject: Re: [RFC] stack and heap are executable on x86_64
Date: Fri, 21 Dec 2012 09:01:49 -0800	[thread overview]
Message-ID: <50D495FD.8060103@zytor.com> (raw)
In-Reply-To: <CAE9FiQVNeQqXktmaG0XOJwSxFEVrGKA9j6UDN2N_aDDp-8y_fA@mail.gmail.com>

On 12/20/2012 10:27 PM, Yinghai Lu wrote:
>
> after for-x86-boot we will have
> ---[ Low Kernel Mapping ]---
> 0xffff880000000000-0xffff880000099000         612K     RW             GLB NX pte
> 0xffff880000099000-0xffff88000009a000           4K     ro             GLB NX pte
> 0xffff88000009a000-0xffff88000009b000           4K     ro             GLB x  pte
> 0xffff88000009b000-0xffff880000200000        1428K     RW             GLB NX pte
> 0xffff880000200000-0xffff8800dfe00000        3580M     RW         PSE GLB NX pmd
> 0xffff8800dfe00000-0xffff8800dfffe000        2040K     RW             GLB NX pte
> 0xffff8800dfffe000-0xffff8800e0000000           8K                           pte
> 0xffff8800e0000000-0xffff880100000000         512M                           pmd
> 0xffff880100000000-0xffff8801a0000000        2560M     RW         PSE GLB NX pmd
> ---[ High Kernel Mapping ]---
> 0xffffffff80000000-0xffffffff81000000          16M                           pmd
> 0xffffffff81000000-0xffffffff82a00000          26M     RW         PSE GLB x  pmd
> 0xffffffff82a00000-0xffffffff82b21000        1156K     RW             GLB x  pte
> 0xffffffff82b21000-0xffffffff82c00000         892K     RW             GLB NX pte
> 0xffffffff82c00000-0xffffffff82e00000           2M     RW         PSE GLB NX pmd
> 0xffffffff82e00000-0xffffffff82e92000         584K     RW             GLB NX pte
> 0xffffffff82e92000-0xffffffff83000000        1464K     RW             GLB x  pte
> 0xffffffff83000000-0xffffffff83c00000          12M     RW         PSE GLB x  pmd
> 0xffffffff83c00000-0xffffffffa0000000         452M                           pmd
>
> so low mapping will only have trampoline get x set.
> is that expected ?
>

Yes.

> Do we need to set low mapping corresponding to kernel range to x?

No; we probably should never have the low mappings set to X, which comes 
down to what I said earlier... we should mark the low mapping NX at the 
PGD/PML4 level.

However, this isn't good enough.  You still have a large number of pages 
which are RWX, and we should *never* have RWX pages, period, full stop, 
and your map above sill have megabytes of them.

Furthermore, just saying "we applied this patchset and it seems to go 
away" isn't good enough... we need an understanding of *why* it makes 
things go away and how that makes it safe.

	-hpa

-- 
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel.  I don't speak on their behalf.

next prev parent reply	other threads:[~2012-12-21 17:02 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-12-21  3:00 [RFC] stack and heap are executable on x86_64 Kees Cook
2012-12-21  3:06 ` Kees Cook
2012-12-21  3:30   ` H. Peter Anvin
2012-12-21  4:44 ` H. Peter Anvin
2012-12-21  6:27   ` Yinghai Lu
2012-12-21 17:01     ` H. Peter Anvin [this message]
2012-12-21 17:28       ` Yinghai Lu
2012-12-21 17:36         ` H. Peter Anvin
2012-12-21 21:26           ` Yinghai Lu
2012-12-21 22:22             ` Yinghai Lu
2012-12-21 22:23               ` H. Peter Anvin
2012-12-21 22:26                 ` Yinghai Lu
2012-12-21 22:28                   ` H. Peter Anvin
2012-12-21 22:30                     ` Yinghai Lu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50D495FD.8060103@zytor.com \
    --to=hpa@zytor.com \
    --cc=arjan@infradead.org \
    --cc=james.t.kukunas@linux.intel.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mingo@redhat.com \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    --cc=yinghai@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox