From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner+w=401wt.eu-S1757069AbYKVKVO@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757069AbYKVKVO (ORCPT <rfc822;w@1wt.eu>);
	Sat, 22 Nov 2008 05:21:14 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754022AbYKVKU7
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Sat, 22 Nov 2008 05:20:59 -0500
Received: from cantor2.suse.de ([195.135.220.15]:57442 "EHLO mx2.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1753615AbYKVKU6 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Sat, 22 Nov 2008 05:20:58 -0500
Date: Sat, 22 Nov 2008 11:20:56 +0100
Message-ID: <s5hwsewawon.wl%tiwai@suse.de>
From: Takashi Iwai <tiwai@suse.de>
To: Egbert Eich <eich@suse.de>
Cc: Arjan van de Ven <arjan@infradead.org>, linux-kernel@vger.kernel.org,
       Luc Verhaegen <lverhaegen@suse.de>
Subject: Re: vm86 segfaults with NX bit
In-Reply-To: <18726.62188.197402.569729@hermes.suse.de>
References: <s5hmyfu9zl1.wl%tiwai@suse.de>
	<20081120085844.6f158e08@infradead.org>
	<s5h3ahm9vsb.wl%tiwai@suse.de>
User-Agent: Wanderlust/2.12.0 (Your Wildest Dreams) SEMI/1.14.6 (Maruoka)
 FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/22.3
 (x86_64-suse-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka")
Content-Type: text/plain; charset=US-ASCII
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

At Fri, 21 Nov 2008 18:42:04 +0100,
Egbert Eich wrote:
> 
> Takashi Iwai writes:
>  > At Thu, 20 Nov 2008 08:58:44 -0800,
>  > Arjan van de Ven wrote:
>  > > 
>  > > On Thu, 20 Nov 2008 16:39:06 +0100
>  > > Takashi Iwai <tiwai@suse.de> wrote:
>  > > 
>  > > > Hi,
>  > > > 
>  > > > X guys reported that VESA driver segfaults in vm86 mode with a kernel
>  > > > with CONFIG_X86_PAE, and it turned to be the NX bit.  See Novell
>  > > > bugzilla #443440:
>  > > > 	https://bugzilla.novell.com/show_bug.cgi?id=443440
>  > > > 
>  > > > I can confirm that the latest 2.6.28-rc still causes the same problem,
>  > > > and it disappears when booted with noexec=off option.
>  > > > 
>  > > > Also, when NX bit is reset for the first 1MB (or smaller) in
>  > > > do_sys_vm86(), it also works as expected.  But I have little clue
>  > > > where to restore the bit again.
>  > > > 
>  > > > Any good suggestions / solutions?
>  > > > 
>  > > 
>  > > did the code that mapped this memory setup use PROT_EXEC ?
>  > 
>  > A good question...
>  > Luc, Egbert, how does VESA driver handle it?
> 
> 
> Yes, we set the PROT_EXEC for the VBIOS. But the segfault doesn't happen
> in VBIOS as far as I can tell. It happens on the 'exit instruction', a
> hlt (0xf6) which is trapped by vm86 so it returns to the caller.
> This is done by putting 0xf6 into address 0x600 and putting this address
> on the stack.
> The memory that's mapped at 0x600 in the Xserver's address space is
> allocated thru shmget() and attached to the right place in the processes
> memory space for vm86.
> We should call mprotect() on these ranges to set this memory executable.
> Hey, this code was orginally written almost 10 years ago!
> 
> The patch below fixes the issue.

Good to know that a die-hard bug is fixed now.
Thanks!


Takashi