Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3974852imm;
        Mon, 8 Oct 2018 12:37:55 -0700 (PDT)
X-Google-Smtp-Source: ACcGV61W2SC4OVYpUDRMY9RE5qAP9+ai4IpTSkxfKxgiNN7xBOIbOkSNGHpfdTccEWKHq93CFIUc
X-Received: by 2002:a17:902:9:: with SMTP id 9-v6mr13445559pla.293.1539027475796;
        Mon, 08 Oct 2018 12:37:55 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539027475; cv=none;
        d=google.com; s=arc-20160816;
        b=I8dkUnW7kUQyrGAkvgLpW00xFSIQtypcgnQiU6G/7pd3wxDJuCfA3UthacsXdRBw7x
         BfVlTXUNW1+A9vcU/w2uCpimZav82/GVKpuJyPtD6dmT3mxAeCNkQLMGoYV94lOURen3
         uQAl4gA5iFNDtH6ygUTrQt+7Vj/2cwIhUpDS/hx83t34zpZ8pwbwSvVlIIlP4YSMjIgN
         8p8eJz0fK06JQznwH0Rh1Gp1g/uyWN+D8MAflzxw6y/6jE8PMeb1wopksBLgKZ5pPzsV
         8jfVjGNvY7P0Dn2hkVylmtPusMErWWFVgu9TPQPrWa02Vzf4pLKAczKwbPe8x3nc1rK5
         v6mw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date;
        bh=8sJbR6oGySi7SJBQkB2b7q2dX/DsAbK/g+lEJs0NHNM=;
        b=iizwq/NpOEc1Zbz5cklGG/+7hWpaBjs/HFYaEKDAom2DccZEjion+Ejsi5YY1kkESw
         VWUbvYlVq6oc+DzfVJlVdurLbgp9W0MMU1XbVKdvUB/FDDzYoBa26w4z4wVy5E7ULXE6
         Qr7TkyJv+krIewWORyzsnsXSwwMgwBpM+my/N+h6VB9l6qug1KhABhIBCYc6XNkIflDA
         2UERxDBTCSuyNFg+faF2RJ/lfgPDBgxh3LngRyc2efFLXUjOmqrR/45gAmLBAT+IuJgB
         qNMIH4ZP/lUsYYPDfWePDO/RT5jqEOHxVtoFygsun9fpMTe01HYgXemosBMqYiMjuGJ4
         DF3Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id o18-v6si19467162pfj.25.2018.10.08.12.37.32;
        Mon, 08 Oct 2018 12:37:55 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726613AbeJICut (ORCPT <rfc822;jandrusk@gmail.com> + 99 others);
        Mon, 8 Oct 2018 22:50:49 -0400
Received: from Galois.linutronix.de ([146.0.238.70]:41904 "EHLO
        Galois.linutronix.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726441AbeJICus (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Oct 2018 22:50:48 -0400
Received: from p5492fe24.dip0.t-ipconnect.de ([84.146.254.36] helo=nanos)
        by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
        (Exim 4.80)
        (envelope-from <tglx@linutronix.de>)
        id 1g9bLB-0007YQ-NE; Mon, 08 Oct 2018 21:37:18 +0200
Date:   Mon, 8 Oct 2018 21:37:13 +0200 (CEST)
From:   Thomas Gleixner <tglx@linutronix.de>
To:     Paul Menzel <pmenzel@molgen.mpg.de>
cc:     =?ISO-8859-15?Q?J=F6rg_R=F6del?= <joro@8bytes.org>,
        Borislav Petkov <bp@alien8.de>, linux-mm@kvack.org,
        x86@kernel.org, lkml <linux-kernel@vger.kernel.org>,
        Bjorn Helgaas <bhelgaas@google.com>
Subject: Re: x86/mm: Found insecure W+X mapping at address
 (ptrval)/0xc00a0000
In-Reply-To: <74dededa-3754-058b-2291-a349b9f3673e@molgen.mpg.de>
Message-ID: <alpine.DEB.2.21.1810082108570.2455@nanos.tec.linutronix.de>
References: <e75fa739-4bcc-dc30-2606-25d2539d2653@molgen.mpg.de> <alpine.DEB.2.21.1809191004580.1468@nanos.tec.linutronix.de> <0922cc1b-ed51-06e9-df81-57fd5aa8e7de@molgen.mpg.de> <alpine.DEB.2.21.1809210045220.1434@nanos.tec.linutronix.de>
 <c8da5778-3957-2fab-69ea-42f872a5e396@molgen.mpg.de> <alpine.DEB.2.21.1809281653270.2004@nanos.tec.linutronix.de> <20181003212255.GB28361@zn.tnic> <20181004080321.GA3630@8bytes.org> <alpine.DEB.2.21.1810051124320.3960@nanos.tec.linutronix.de>
 <74dededa-3754-058b-2291-a349b9f3673e@molgen.mpg.de>
User-Agent: Alpine 2.21 (DEB 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Linutronix-Spam-Score: -1.0
X-Linutronix-Spam-Level: -
X-Linutronix-Spam-Status: No , -1.0 points, 5.0 required,  ALL_TRUSTED=-1,SHORTCIRCUIT=-0.0001
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Paul,

On Fri, 5 Oct 2018, Paul Menzel wrote:
> On 10/05/18 11:27, Thomas Gleixner wrote:
> > If pcibios is enabled and used, need to look at the gory details of that
> > first, then the W+X check has to exclude that region. We can't do much
> > about that.
> 
> That would also explain, why it only happens with the SeaBIOS payload,
> which sets up legacy BIOS calls. Using GRUB directly as payload, no BIOS
> calls are set up.
> 
> Reading the Kconfig description of the PCI access mode, the BIOS should
> only be used last.

Correct. And looking at the dmesg you provided it is initialized:

[    0.441062] PCI: PCI BIOS area is rw and x. Use pci=nobios if you want it NX.
[    0.441062] PCI: PCI BIOS revision 2.10 entry at 0xffa40, last bus=3

Though I assume it's not really required, but this PCI BIOS thing is not
really well documented and there are some obsure usage sites involved.

Bjorn, do you have any insight or did you flush those memories long ago?

Anyway we need to exclude the BIOS area when the kernel sets the W+X on
purpose. Warning about that is bogus. I'll send out a patch soon.

Thanks,

	tglx