[PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Kees Cook-5
When booting a 32bit non-PAE kernel on a CPU that supports hardware NX,
dmesg did not indicate that NX emulation was being used. This changes
the dmesg reporting to be more clear. Warnings about lacking hardware
NX remain, and the state of NX-emulation is reported when enabled.

(Backported from Natty patch.)

BugLink: https://launchpad.net/bugs/745181

Signed-off-by: Kees Cook <[hidden email]>
---
 arch/x86/mm/setup_nx.c |   28 +++++++++++++++++-----------
 1 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index f068676..64f2d6a 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -43,19 +43,12 @@ void __cpuinit x86_configure_nx(void)
 
 void __init x86_report_nx(void)
 {
+ int nx_emulation = 0;
+
  if (!cpu_has_nx) {
-#ifdef CONFIG_X86_32
- if (exec_shield)
- printk(KERN_INFO "NX (Execute Disable) protection: "
-       "approximated by x86 segment limits\n");
- else
- printk(KERN_INFO "NX (Execute Disable) protection: "
-       "approximation disabled by kernel command "
-       "line option\n");
-#else
  printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
        "missing in CPU or disabled in BIOS!\n");
-#endif
+ nx_emulation = 1;
  } else {
 #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
  if (disable_nx) {
@@ -68,7 +61,20 @@ void __init x86_report_nx(void)
 #else
  /* 32bit non-PAE kernel, NX cannot be used */
  printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
-       "cannot be enabled: non-PAE kernel!\n");
+       "cannot be enabled in hardware: non-PAE kernel!\n");
+ nx_emulation = 1;
+#endif
+ }
+
+ if (nx_emulation) {
+#ifdef CONFIG_X86_32
+ if (exec_shield)
+ printk(KERN_INFO "NX (Execute Disable) protection: "
+       "approximated by x86 segment limits\n");
+ else
+ printk(KERN_INFO "NX (Execute Disable) protection: "
+       "approximation disabled by kernel command "
+       "line option\n");
 #endif
  }
 }
--
1.7.4.1


--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Tim Gardner-2
On 03/30/2011 05:06 PM, Kees Cook wrote:

> When booting a 32bit non-PAE kernel on a CPU that supports hardware NX,
> dmesg did not indicate that NX emulation was being used. This changes
> the dmesg reporting to be more clear. Warnings about lacking hardware
> NX remain, and the state of NX-emulation is reported when enabled.
>
> (Backported from Natty patch.)
>
> BugLink: https://launchpad.net/bugs/745181
>
> Signed-off-by: Kees Cook<[hidden email]>
> ---
>   arch/x86/mm/setup_nx.c |   28 +++++++++++++++++-----------
>   1 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
> index f068676..64f2d6a 100644
> --- a/arch/x86/mm/setup_nx.c
> +++ b/arch/x86/mm/setup_nx.c
> @@ -43,19 +43,12 @@ void __cpuinit x86_configure_nx(void)
>
>   void __init x86_report_nx(void)
>   {
> + int nx_emulation = 0;
> +
>   if (!cpu_has_nx) {
> -#ifdef CONFIG_X86_32
> - if (exec_shield)
> - printk(KERN_INFO "NX (Execute Disable) protection: "
> -       "approximated by x86 segment limits\n");
> - else
> - printk(KERN_INFO "NX (Execute Disable) protection: "
> -       "approximation disabled by kernel command "
> -       "line option\n");
> -#else
>   printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
>         "missing in CPU or disabled in BIOS!\n");
> -#endif
> + nx_emulation = 1;
>   } else {
>   #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
>   if (disable_nx) {
> @@ -68,7 +61,20 @@ void __init x86_report_nx(void)
>   #else
>   /* 32bit non-PAE kernel, NX cannot be used */
>   printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
> -       "cannot be enabled: non-PAE kernel!\n");
> +       "cannot be enabled in hardware: non-PAE kernel!\n");
> + nx_emulation = 1;
> +#endif
> + }
> +
> + if (nx_emulation) {
> +#ifdef CONFIG_X86_32
> + if (exec_shield)
> + printk(KERN_INFO "NX (Execute Disable) protection: "
> +       "approximated by x86 segment limits\n");
> + else
> + printk(KERN_INFO "NX (Execute Disable) protection: "
> +       "approximation disabled by kernel command "
> +       "line option\n");
>   #endif
>   }
>   }

Acked-by: Tim Gardner <[hidden email]>

--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Brad Figg-2
In reply to this post by Kees Cook-5
On 03/30/2011 04:06 PM, Kees Cook wrote:

> When booting a 32bit non-PAE kernel on a CPU that supports hardware NX,
> dmesg did not indicate that NX emulation was being used. This changes
> the dmesg reporting to be more clear. Warnings about lacking hardware
> NX remain, and the state of NX-emulation is reported when enabled.
>
> (Backported from Natty patch.)
>
> BugLink: https://launchpad.net/bugs/745181
>
> Signed-off-by: Kees Cook<[hidden email]>
> ---
>   arch/x86/mm/setup_nx.c |   28 +++++++++++++++++-----------
>   1 files changed, 17 insertions(+), 11 deletions(-)
>
> diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
> index f068676..64f2d6a 100644
> --- a/arch/x86/mm/setup_nx.c
> +++ b/arch/x86/mm/setup_nx.c
> @@ -43,19 +43,12 @@ void __cpuinit x86_configure_nx(void)
>
>   void __init x86_report_nx(void)
>   {
> + int nx_emulation = 0;
> +
>   if (!cpu_has_nx) {
> -#ifdef CONFIG_X86_32
> - if (exec_shield)
> - printk(KERN_INFO "NX (Execute Disable) protection: "
> -       "approximated by x86 segment limits\n");
> - else
> - printk(KERN_INFO "NX (Execute Disable) protection: "
> -       "approximation disabled by kernel command "
> -       "line option\n");
> -#else
>   printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
>         "missing in CPU or disabled in BIOS!\n");
> -#endif
> + nx_emulation = 1;
>   } else {
>   #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
>   if (disable_nx) {
> @@ -68,7 +61,20 @@ void __init x86_report_nx(void)
>   #else
>   /* 32bit non-PAE kernel, NX cannot be used */
>   printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
> -       "cannot be enabled: non-PAE kernel!\n");
> +       "cannot be enabled in hardware: non-PAE kernel!\n");
> + nx_emulation = 1;
> +#endif
> + }
> +
> + if (nx_emulation) {
> +#ifdef CONFIG_X86_32
> + if (exec_shield)
> + printk(KERN_INFO "NX (Execute Disable) protection: "
> +       "approximated by x86 segment limits\n");
> + else
> + printk(KERN_INFO "NX (Execute Disable) protection: "
> +       "approximation disabled by kernel command "
> +       "line option\n");
>   #endif
>   }
>   }

Where's the SRU justification text?

--
Brad Figg [hidden email] http://www.canonical.com

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Tim Gardner-2
In reply to this post by Kees Cook-5
On 03/30/2011 05:06 PM, Kees Cook wrote:

> When booting a 32bit non-PAE kernel on a CPU that supports hardware NX,
> dmesg did not indicate that NX emulation was being used. This changes
> the dmesg reporting to be more clear. Warnings about lacking hardware
> NX remain, and the state of NX-emulation is reported when enabled.
>
> (Backported from Natty patch.)
>
> BugLink: https://launchpad.net/bugs/745181
>
> Signed-off-by: Kees Cook<[hidden email]>
> ---
>   arch/x86/mm/setup_nx.c |   28 +++++++++++++++++-----------
>   1 files changed, 17 insertions(+), 11 deletions(-)
>

Kees - the Maverick portion of the bug still needs the SRU Justification.

applied, pushed.

rtg
--
Tim Gardner [hidden email]

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting

Kees Cook-8
Hi Tim,

On Fri, Apr 01, 2011 at 08:38:34AM -0600, Tim Gardner wrote:
> Kees - the Maverick portion of the bug still needs the SRU Justification.
>
> applied, pushed.

Thanks! I've added justification and a testcase.

-Kees

--
Kees Cook
Ubuntu Security Team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team