Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp704546imm; Thu, 4 Oct 2018 01:49:04 -0700 (PDT) X-Google-Smtp-Source: ACcGV613b5Dyuki37A/VjTa1vRI4jMs0VOaykhI9Rsy7NP1TkuhDHuSP+83XTiZd5gqj/2Mp6qcD X-Received: by 2002:a17:902:b03:: with SMTP id 3-v6mr5597172plq.156.1538642944157; Thu, 04 Oct 2018 01:49:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538642944; cv=none; d=google.com; s=arc-20160816; b=ojiWSQjfMmE4EawwqNB48LHSB6W7eBz5J0vaiLbT276OMBFjaJrgoXSCnA1fiC9Vdn /X5h45IfhVpMV3XDmJd2JktGzBHNqfD5bjW1aqagKgjAOs6kYnBkrBPEYQmUP4+45jQF HZoROSmX9VLhd3R9BEYZV+nr/GQXkkpDP0SSKcG3AgSKoUHPKJwv9PvfO0Onff/nm2EI f9Xid9i8Xo04QG8ssQEiAb7otq3jI8ZL7XeoY5/4fT9OYMloLlQQI6jNVqkj3S2OacYQ V2nept5E6F9aQjN6bXpJ7fIRzs5L7ZojxMEZ8/4+Sx3Ci2AZtD3orjhGhNNNoEDMDIBB waSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=EOrwXjE1mX925nhNhR7l2LW5q9+HpXNqlLhr34+DSS0=; b=J5nfSKUULNAXckgWfjQVHiv1Qp7OX3vD8HCmidEabXHo8qY/tC4w84CpvX/lAwoNdN X7lgl3RfD4xHW9f+PPqUW0xJM0ZkKlTKnaNgjpeCiJ2cEZWJQe9820xD+9zOTjBQIRlS JONjwTMv643tAVPA6u8/Kq+NB639eQaSHUdPtkCMIByrM1roDeZdbVLaePRsmXMqEGn4 1Z2vQHKZkL2hgxVnheoWurg64wIxC8Wu5+EFcVpc91XlnK2R9tQTKAsNJMyNOvS6t8G7 BuX6yp7SFXyDsEOqkyXOPiGh+ghzobBCSqObgbTNGTHs05n/c890jgFQYg0SldlHLwX2 IrRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z31-v6si3517429pgl.123.2018.10.04.01.48.48; Thu, 04 Oct 2018 01:49:04 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727675AbeJDPk2 (ORCPT + 99 others); Thu, 4 Oct 2018 11:40:28 -0400 Received: from mail.skyhub.de ([5.9.137.197]:59598 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726998AbeJDPk1 (ORCPT ); Thu, 4 Oct 2018 11:40:27 -0400 X-Virus-Scanned: Nedap ESD1 at mail.skyhub.de Received: from mail.skyhub.de ([127.0.0.1]) by localhost (blast.alien8.de [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id iXEpg-BHx6Zo; Thu, 4 Oct 2018 10:48:14 +0200 (CEST) Received: from zn.tnic (p200300EC2BCA7500329C23FFFEA6A903.dip0.t-ipconnect.de [IPv6:2003:ec:2bca:7500:329c:23ff:fea6:a903]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 85B4C1EC02D1; Thu, 4 Oct 2018 10:48:14 +0200 (CEST) Date: Thu, 4 Oct 2018 10:48:06 +0200 From: Borislav Petkov To: Joerg Roedel Cc: Thomas Gleixner , Paul Menzel , linux-mm@kvack.org, x86@kernel.org, lkml Subject: Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000 Message-ID: <20181004084806.GC1864@zn.tnic> References: <0922cc1b-ed51-06e9-df81-57fd5aa8e7de@molgen.mpg.de> <20181003212255.GB28361@zn.tnic> <20181004080321.GA3630@8bytes.org> <20181004081429.GB1864@zn.tnic> <20181004084318.GB3630@8bytes.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20181004084318.GB3630@8bytes.org> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 04, 2018 at 10:43:18AM +0200, Joerg Roedel wrote: > Yeah, that's what I also found out back then, the region needs to be WX. > So we can either leave with the warning, as we know it is harmless and > where it comes from or implement an exception in the checking code for > that region. The second thing is what I'm thinking too. Or, a 3rd: not direct-map that first range at all. Commenting out the ISA range mapping didn't have any adverse effects on my system here, for example. But then those other mappings appeared: https://lkml.kernel.org/r/20181003212255.GB28361@zn.tnic for which I have no explanation yet how they came about. This needs to be understood fully before we do anything. But it is 32-bit so it gets preempted by more important things all the time :) -- Regards/Gruss, Boris. Good mailing practices for 400: avoid top-posting and trim the reply.