-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm running on an Athlon 64 in 32-bit mode, running 32-bit Ubuntu with
kernel 2.6.19 (Ubuntu version 2.6.19-7-generic for the curious;
compiled for 586). Apparently, 'noexec=on' on the kernel command line
does nothing; the NX bit seems to not work.
Chunk of my /proc/cpuinfo:
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge
mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx mmxext lm
3dnowext 3dnow up ts fid vid ttp
Attached to the relevant Ubuntu bug is a test program that attempts to
disable PROT_EXEC for a page of memory containing (I believe) the entry
point of a function. It's compiled as such:
$ gcc -O2 -shared -fpic test_so.c -o test_so.so
$ gcc -O2 test.c -o test -ldl
Running it on AMD64-ubuntu gives the following output:
$ ./test
Test function run successfully!
Segmentation fault
This is good; I tried to execute non-executable memory, it segfaulted.
However, 32-bit Ubuntu on the Athlon64 gives the following:
$ ./test
Test function run successfully!
Test function run successfully!
Apparently noexec is not being honored.
I have filed this as a distro bug with Ubuntu; it may be their issue, I
haven't dug deep enough to find out. I am posting this here to disperse
the information breadth-first instead of depth-first, which will shorten
the bug's life cycle if it turns out to be an upstream bug.
This also appears to happen on 2.6.15.
Ubuntu bug:
https://bugs.launchpad.net/distros/ubuntu/+source/linux-source-2.6.19/+bug/75157
- --
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRXsP1gs1xW0HCTEFAQLAsQ//XUdfVAK6Fp225mUXv+ApLUqnZFyfca4z
n0e1WFVYGQcplKQpdn+MGxzoEXc4xo4GnC2n0qfbyp6l7GN9uLvZS3myLOB6nfMH
AFUeDmpc44Q40Nq94UKxrMmMvyfs0lEOBIRjQzvzWonYjNXFQuIAWS8xsFducjaF
IK7E79cvC9d/mlSOQMgcFSt8hW35MqAI0/Au3iViReE+Qm/qUw2PWw9lUpRTgVZf
SrKqQq8HNM5SCJDFyu/zVltEwAPqTvn6g0p9BlCMZhugiBIaoaeAvO8ZYhxr+0JG
DxIEoaA4Ij/AnL7u2LT1lz/oDKhH4RImko+z2NubmFNiBJiODmX6RLsciWy3mgtx
ulYuESmIRjb1hOwTlFqvpOMNncCyCGjZwCw8/O7SxosDFx4Gvd9IqPFJ6dKoj2fp
oXESE5uIWbJGtbPyB2jsaz5t3PZ9DGrzX/P9ykPLhGmwiM23Nrc36DW/BH9/+ESZ
Uv1SbIgIWV8tz2cO+YJgbrrSD+wuvizkzv4Va31tyPyPx3QfkFeLxOm7nxK1Yo6M
XmckCqXMNOUAMnENMf5N5tnYkIZSnEYrNTTWuIPRS8Xzo37HOfDJL1uyEJPPmxoR
K3/wH+LkecVIaWaP3+UH9VlieKnrC4+guFj4QdnXFzAqNQ55vEpDQs/sbFvjO0n9
IKTdKQKnsgs=
=0wST
-----END PGP SIGNATURE-----
On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote:
> I have filed this as a distro bug with Ubuntu; it may be their issue, I
> haven't dug deep enough to find out. I am posting this here to disperse
> the information breadth-first instead of depth-first, which will shorten
> the bug's life cycle if it turns out to be an upstream bug.
>
NX requires the 64-bit page table entries (ie, PAE) which requires
CONFIG_HIGHMEM64G.
Why are you posting to linux-kernel@ without even checking the upstream
kernel, anyway?
plonk.
Kyle M.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kyle McMartin wrote:
> On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote:
>> I have filed this as a distro bug with Ubuntu; it may be their issue, I
>> haven't dug deep enough to find out. I am posting this here to disperse
>> the information breadth-first instead of depth-first, which will shorten
>> the bug's life cycle if it turns out to be an upstream bug.
>>
>
> NX requires the 64-bit page table entries (ie, PAE) which requires
> CONFIG_HIGHMEM64G.
>
Thanks.
> Why are you posting to linux-kernel@ without even checking the upstream
> kernel, anyway?
>
Because I had no real clue how to do that and didn't have enough
information to fill in why it wouldn't work. It also showed up on
Gentoo so I took that as close enough. :)
Sorry. :)
> plonk.
>
> Kyle M.
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
- --
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRXsYGgs1xW0HCTEFAQKiqQ/+Ksb3v2gptqaYbCDIJgG723e2DT/Waz26
MtlvxJVPhkHB7JcFFsCojeLNj5rkvaZhuf1VOUfWjiRh9qi9PgrfGWcdBVUacdnK
gAmdoRTlxobID+HajrWT6kGx5P64XkccZJxMVD59yXbxLzAp8NAus21UbeYcdHsF
hCDCNjj6CcUF02hl/Nm1y1I3/rmh4T6hfR0AW/NpkR9Z01GgRkUDvGmsZESNRovA
kXmfjN7i7b/qH48619o+NivHXEUQK0orHAqV8EOoeF4D5TAewoJBNxUffGdWt20E
diOY21awg66gTxEqWA/Owd2DasrHmZ2WcI+73bade1wr2NR7thTtQNoCvqR/0AZK
l+2GE7E9Hreiay8aMLtZNW8DxIE0PpMA+PJPgwVZFbKLOb1x2VqXljSg1djUGjkJ
O2WtSdNNIL04LQkh8ffJTq7eozZfNjT8e/ctKYk/OvaBso8GQbpJVxr/GVYGmQzW
EOA9uAVaJeRBm7KHud/ExOI0PDxQbJfVF/zo5NdY/kV8mJPhSuR97s11+3XUOwrK
uqlRwA6k3cEoPP3tmi6nZ70oq9lTWMl+v05dESAu3r1J6FBSMMXfU6OUHjIKDwkY
MM5762xuNTsfuePtA9LrXzCMruU31rHIFxcWu1b8M/elJ/D4puBkp2SBxu7AIvdZ
ara7KkuWPJE=
=OplU
-----END PGP SIGNATURE-----
12/09/2006 09:03 PM, Kyle McMartin wrote/a écrit:
> On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote:
>> I have filed this as a distro bug with Ubuntu; it may be their issue, I
>> haven't dug deep enough to find out. I am posting this here to disperse
>> the information breadth-first instead of depth-first, which will shorten
>> the bug's life cycle if it turns out to be an upstream bug.
>>
>
> NX requires the 64-bit page table entries (ie, PAE) which requires
> CONFIG_HIGHMEM64G.
Somehow there is a problem: a user can explicitly put "noexec=on" and it
will be silently ignored if the kernel doesn't have PAE support. I guess
that currently no message is written because "noexec=on" is the
_default_. Still, it would be fair to the user who added "noexec=on" on
its command line that if it is not respected, either because the
hardware doesn't support it or because the kernel doesn't support it, we
display a warning saying it's hopeless.
I'll send a patch if it seems meaningful to you,
c u
Eric
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Eric Piel wrote:
> 12/09/2006 09:03 PM, Kyle McMartin wrote/a écrit:
>> On Sat, Dec 09, 2006 at 02:34:47PM -0500, John Richard Moser wrote:
>>> I have filed this as a distro bug with Ubuntu; it may be their issue, I
>>> haven't dug deep enough to find out. I am posting this here to disperse
>>> the information breadth-first instead of depth-first, which will shorten
>>> the bug's life cycle if it turns out to be an upstream bug.
>>>
>>
>> NX requires the 64-bit page table entries (ie, PAE) which requires
>> CONFIG_HIGHMEM64G.
>
> Somehow there is a problem: a user can explicitly put "noexec=on" and it
> will be silently ignored if the kernel doesn't have PAE support. I guess
> that currently no message is written because "noexec=on" is the
> _default_. Still, it would be fair to the user who added "noexec=on" on
> its command line that if it is not respected, either because the
> hardware doesn't support it or because the kernel doesn't support it, we
> display a warning saying it's hopeless.
>
Would have saved me and others a lot of trouble if this happened, yes; I
wouldn't have written a test case and wtf'd at it for 5 days. :)
> I'll send a patch if it seems meaningful to you,
Telling may be better than letting the user think; then again any
knowledgeable user should know based on his config (yes I know, by this
logic I should have known about the HIGHMEM64G thing).
> c u
> Eric
>
>
>
>
- --
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIVAwUBRX3VJgs1xW0HCTEFAQLmaRAAj1e55b6if2lLTEbFNtylIn2aikAuPC87
wCqzvmdp/NBxUcIgXESdQeCDPxPuNK6OUCT6dtPTNCMu15wn7bfq3QUsXCR6z4za
lI7nBzIhU1ZH6HaGMm2d2MAuXfOg1I+SFEokOzXwh8db6HXGvH8DjP0mDLtKVxKP
yYjUXd8ZK3RPwU7eHUPN/V9s1v0ekc/1uFIlBBQHmzA0la/D32NcwhuCVsTEA8Ne
iix3QqBTn3p3UnD7LhnqaIKfBQEDTKfRnuWeGsf6L764cbyMaoga/6E6S7E8P2Jw
X+D940tAylrG8uH0CnmCDVzEGEPmozvN8Kk+UmSSwzgiFMQ3RlJaBbYEX9VsvqBZ
uIC77KVRHsKc+/nRYfYnDWoXRapWJTqVJfC+Ouuj1pm3NNptaHjSgpsgtHde6MuJ
ZZvvFhjN1iedDSCzRRYP4OLKTvomdiIQ9XrKPdfkqUvSgJZS7/zvCn+q6mZZDlqc
SthGcf9wCTSplGNwXzeIwMA14DGN6zZabA4ZTHNeyrLMAjzCrzd4/T8DSNGTyT0d
EotN0paFP5p7rgY37o7D+smm7m2V+zfGMn8iQr64E/xUDlySbEJKuea7VANzTj/1
FtLSb4rQRgA0yNaeCFuNQkvaCtn0U0/Ot/E7GQM53Hjr43mq2Pienc6+U/1KHFje
cmZt2/ZbzeM=
=pgCd
-----END PGP SIGNATURE-----
John Richard Moser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm running on an Athlon 64 in 32-bit mode, running 32-bit Ubuntu with
> kernel 2.6.19 (Ubuntu version 2.6.19-7-generic for the curious;
> compiled for 586). Apparently, 'noexec=on' on the kernel command line
> does nothing; the NX bit seems to not work.
Straining my memories of i586, I don't think that it even COULD do
noexec... I don't have any here to try at the moment. In any case an
option which isn't known or isn't implemented should generate a warning.
--
bill davidsen <[email protected]>
CTO TMR Associates, Inc
Doing interesting things with small computers since 1979