Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1558316rwb; Sun, 2 Oct 2022 03:39:05 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5nDv6JojD5yMvNX+2ZLYeqvUNXUsTvM9sU1UOmVDtbt7XUL1n0BmGavWN6vK2cZcslv2rn X-Received: by 2002:a17:90a:6f84:b0:209:f35d:ad52 with SMTP id e4-20020a17090a6f8400b00209f35dad52mr6961815pjk.144.1664707144762; Sun, 02 Oct 2022 03:39:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1664707144; cv=none; d=google.com; s=arc-20160816; b=rkAfsN4EkLX7Tr94ZZoUSTKr5Ye1H4jU2Or+ICLFqwma53646R5aqrYrq4lvxu/vw3 I0QgTxGpt7VdkULp6xI1FvJqwwuq9icXQTHkbj6qw6nwe1XzmUItBtWcTt+DcgA8gPsx MMYTHz0Rp+dwA98fw+0tF5wBiDdUeKA8hPmznWmXH+5Fj+kSut4vAjwp9zg6sMPN1GTL 6cGV4ae2qD1aW3XrejSRnzKJKaaelEbQzMSi+bviivWyG7iONRj3v3DuG+RridmxUq7H sTyHm2qTws5xqMnHzHZq7e2lob7Y9HMgrtDnlxpeR4R8mo4WnWFyVbF9KeGfzqbKEe3V yv3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=sL//6B25nNw0Y4iq69YQZ+ORINfToWI2jMeD5zLOJ6Y=; b=D7rsGna+mNoOAo+yH7Q5TL+W+EomK/Qa8rzOs14FQCXXQP78cKs/IhWyq7LkT0opiI J3KKNGaRtlUV+YrpbVRk3iiXRcwln/+i3cKXOH3ocz/dvBDoQsrl9Jgq4xw0PNdimBQf hUtQog+b5//W+rcWkgtl9DwZIpW+jSnTNXHVUHfnEEpPWpcZo3QOXrN7w7qC7vRyc3Ct 35zldqoLK3rF1Xs5F7uC+/HoCA3v0xQBCBe6IOFYZ5/9aA1+pWyh2XPIAvVYgWSClKzX 9y6wX+CXS6ZSS7hFK8Yb3fTDyS5PHN2riABdJ5Afmx0ExQUwI4d+iReA/OJGUMKIHhFK keJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b=Wcoxvgrb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i126-20020a626d84000000b0054ec10809f9si6794468pfc.258.2022.10.02.03.38.52; Sun, 02 Oct 2022 03:39:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ucw.cz header.s=gen1 header.b=Wcoxvgrb; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ucw.cz Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229635AbiJBKdy (ORCPT + 99 others); Sun, 2 Oct 2022 06:33:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:47354 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229552AbiJBKdq (ORCPT ); Sun, 2 Oct 2022 06:33:46 -0400 Received: from jabberwock.ucw.cz (jabberwock.ucw.cz [46.255.230.98]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEC623FEC7; Sun, 2 Oct 2022 03:33:30 -0700 (PDT) Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 890431C0016; Sun, 2 Oct 2022 12:33:29 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ucw.cz; s=gen1; t=1664706809; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=sL//6B25nNw0Y4iq69YQZ+ORINfToWI2jMeD5zLOJ6Y=; b=Wcoxvgrb9ADpe5BdcRrI1rChvOFEJAl1KxvnFblPpbRqRbLdivige8kxRdj+rjUmn/jjjU PF+i1AiH3zo0DRkwF3sG3YJ2ZJuFeWRsjeuShZOy2g/wC9uwecGwnji+AV9TaJtBVsWmFM 5SKTJdQJzsz37EDeU86hrFin/sIYfAU= Date: Sun, 2 Oct 2022 12:33:13 +0200 From: Pavel Machek To: Dave Hansen Cc: Guenter Roeck , Peter Zijlstra , x86@kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org, keescook@chromium.org, Sean Christopherson Subject: Re: [PATCH v2] x86/mm: Refuse W^X violations Message-ID: <20221002095516.GA10085@duo.ucw.cz> References: <20220921200726.GA3094503@roeck-us.net> <4dd594ad-490a-68ee-9e32-fbd9f135bd54@intel.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="veXX9dWIonWZEC6h" Content-Disposition: inline In-Reply-To: <4dd594ad-490a-68ee-9e32-fbd9f135bd54@intel.com> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --veXX9dWIonWZEC6h Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed 2022-09-21 13:59:06, Dave Hansen wrote: > On 9/21/22 13:07, Guenter Roeck wrote: > > [ 2.042861] CPA refuse W^X violation: 8000000000000063 -> 0000000000= 000063 range: 0x00000000c00a0000 - 0x00000000c00a0fff PFN a0 > > ILLOPC: cbc65efa: 0f 0b > > [ 2.043267] WARNING: CPU: 0 PID: 1 at arch/x86/mm/pat/set_memory.c:6= 00 __change_page_attr_set_clr+0xdca/0xdd0 > ... > > [ 2.050307] ---[ end trace 0000000000000000 ]--- > > [ 2.050762] PCI: PCI BIOS area is rw and x. Use pci=3Dnobios if you = want it NX. > > [ 2.051115] kernel tried to execute NX-protected page - exploit atte= mpt? (uid: 0) > > [ 2.051115] BUG: unable to handle page fault for address: c00fd2bf >=20 > This _looks_ like it is working as intended. The PCI BIOS code tried to > make a RWX page. The CPA code refused to do it and presumably returned > an error, leaving a RW page, non-executable page. The PCI code didn't > check the set_memory_x() return code and tried to go execute anyway. > That resulted in the oops. >=20 > I was able to reproduce this pretty easily. The workaround from dmesg > is pci=3Dnobios. That seems to do the trick for me, although that advise > was sandwiched between a warning and an oops, so not the easiest to find. >=20 > I'm a bit torn what to do on this one. Breaking the boot is bad, but so > is leaving RWX memory around. Well, the original patch is bad. Boot regressions are not acceptable. We should first add an WARN_ON(), debug and fix the failures, then we can start refusing the transitions. Best regards, Pavel --=20 People of Russia, stop Putin before his war on Ukraine escalates. --veXX9dWIonWZEC6h Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCYzlo6QAKCRAw5/Bqldv6 8vZ3AJ9nEa1qzDyVCUdWg8V5OCDTqCwgrwCggLKJ7UAySYFOkZwYuUunmIYkL8k= =hn0t -----END PGP SIGNATURE----- --veXX9dWIonWZEC6h--