Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp700625imm; Thu, 4 Oct 2018 01:43:49 -0700 (PDT) X-Google-Smtp-Source: ACcGV63Dkh64GD/xPGs1jSae/dtUj2S46l6E0Pbt1ZxiahrrmSUJZTfMTbVTnDKT2c2poucUqQAh X-Received: by 2002:a17:902:286a:: with SMTP id e97-v6mr5587792plb.340.1538642629786; Thu, 04 Oct 2018 01:43:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538642629; cv=none; d=google.com; s=arc-20160816; b=y+BAB0rT7v0w3J4E9gC6n/n1Zs7YUSwRf4JqTYNkifIYnoBKabExgUYE6uHn8u71QV 1JUmLQco1zMAVWVuLPZpVDZ96UFj3CQLqPYo9F5v1KxJmZKgofNBQ7pLBK2XH2XLiSH/ DNUq8XeCYjYoTsq/Q6Nul2XCXKfJBKp/8EuDrIaAy0fMzEyobdT8pzXR/AT0Ez3M4FNV RHV7kEa/hF4LMzOL6riUP1LErvyvKsdWVuM6SwdcAqhnNXBDgR3Ui5xmsxlLj/PrFpsN wS755msFmiQty8yZqAyEJmXyEyWjyLsKlLCq6M5OCMlpP4Dc9haxdi74WFNVQDVqwrL2 NtJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=jF0CyRLWvnrgSjGLo7z3EXgVgjCPqmgApjqp+r/RazE=; b=Oq6FQvCiZ0y2ZlvJcGcs1HsYDbM7mCIDGCUT8HFPJKADsxEQ0wTiRhibUwOlyARKLR OcVmxA2Olcy2yCkPApASeRjQZeJFfsvy8dGlR2MMhg6UKrA//mVbIZKmrgKxUfrzssoC kHO3EhjAbuJMxohGhs0zpFiAFcQQ1zK0adcetkcjtq8RZQT7ezTMknGaUJDYhQTQPOKm DULWu7mlIecqOB1pxh287jnWd8tItZltk6Fgo6Q21U36zRXCDCkF4wxjN0P6Xvv+IQO0 F6R/So7seZmeZfHtArEKCeOK/vb5c24z3ngtgD7dyqWk8gc0hWzZo1nNXXSpWRCnoIi0 Pg0A== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=Nn22gchn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i23-v6si4542540pfj.269.2018.10.04.01.43.34; Thu, 04 Oct 2018 01:43:49 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail (test mode) header.i=@8bytes.org header.s=mail-1 header.b=Nn22gchn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=8bytes.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727500AbeJDPfa (ORCPT + 99 others); Thu, 4 Oct 2018 11:35:30 -0400 Received: from 8bytes.org ([81.169.241.247]:33924 "EHLO theia.8bytes.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726857AbeJDPfa (ORCPT ); Thu, 4 Oct 2018 11:35:30 -0400 Received: by theia.8bytes.org (Postfix, from userid 1000) id B2E1E345; Thu, 4 Oct 2018 10:43:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=8bytes.org; s=mail-1; t=1538642598; bh=Dzfuf26mksisVVIFmA4NBA/y4HXmc3fmhZ+czV6QpNY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Nn22gchnUhc8lyRznvtNoXj5vHJAQFJ6YZ2kUmA09ht8JFV/ySM83GgvPiXvZcM5b 5OQ5g+rpSIY0snAeyRaaDTNtIPx7wmmUjLCg/003rEgINDoKkJOcUOooz0cb3dIdas s+6hRQzASnOl1654km8RRxQaZmAPs62jM2SeXUkAp/j0MnhGatu/5tq8JM9u5M3FBg ZRnVc2s6lo9yXcUKq7JOWAjjCIod0uJJ/N6jVYCFUBgW3iFasrdoRmRTnO+MzFRdHH toT9MPwSyp6Zafr7ZzqYZElfEoa0eVIhWFKAE9nxw3Ns6fWgH337YKq0qH0euWf59H ch/ZFmHOLOzbA== Date: Thu, 4 Oct 2018 10:43:18 +0200 From: Joerg Roedel To: Borislav Petkov Cc: Thomas Gleixner , Paul Menzel , linux-mm@kvack.org, x86@kernel.org, lkml Subject: Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000 Message-ID: <20181004084318.GB3630@8bytes.org> References: <0922cc1b-ed51-06e9-df81-57fd5aa8e7de@molgen.mpg.de> <20181003212255.GB28361@zn.tnic> <20181004080321.GA3630@8bytes.org> <20181004081429.GB1864@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181004081429.GB1864@zn.tnic> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 04, 2018 at 10:14:38AM +0200, Borislav Petkov wrote: > So looking at this, BIOS_BEGIN and BIOS_END is the same range as the ISA > range: > > #define ISA_START_ADDRESS 0x000a0000 > #define ISA_END_ADDRESS 0x00100000 > > #define BIOS_BEGIN 0x000a0000 > #define BIOS_END 0x00100000 > > > and I did try marking the ISA range RO in mark_rodata_ro() but the > machine wouldn't boot after. So I'm guessing BIOS needs to write there > some crap. Yeah, that's what I also found out back then, the region needs to be WX. So we can either leave with the warning, as we know it is harmless and where it comes from or implement an exception in the checking code for that region. Regards, Joerg