Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2157571rdb; Tue, 3 Oct 2023 12:01:42 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE2TYWtJ1CK2lgXJuam2mlnAug3q9jTKFRlMLkaJcoq0oPByeGukkxZYui43O76PnIEfjFx X-Received: by 2002:a81:5c57:0:b0:561:a123:1041 with SMTP id q84-20020a815c57000000b00561a1231041mr454883ywb.29.1696359702609; Tue, 03 Oct 2023 12:01:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696359702; cv=none; d=google.com; s=arc-20160816; b=0ygZlxGFa/wt/L8dO3TsCa5TUGwuT3ZyGnfHEi5NIWRYHbGzQMHDXdvNsTH1fOW2EI 5xqhRalWBUHIwO2vM8l14jxPQKmZqOnPkOI5RrPQz6E7Ik6ZRcN6UnB97Y9dujXtq9Mm xNk0kiM+kHBPV1Du4FimvPrxLjXnLDKPaRSq05/z3r5fZu1q8oaIeCPNrFt5bTxwdHQF cFsTbBJYLX8w2IX+a0fmJwfq3R5Jk6TeXFWCAUn2oY9s1hU4hRg9j4zqnPnMhgpJxmEu UUeV4xb5+qNDaIHrhi9xBHQ71d2goITGcH+WP+/S1aSZ/Ff3H/lWyLSJH7W3x9AkMt2d nhmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:dkim-signature; bh=48DqYMKFMFla9FW3+MHK47HFTEjCMKs7LX0nuOGaX44=; fh=3GjGQEYTLhE9bqLgATziuMdzViRHxvrsD8/ZUJCk1RI=; b=G+oJyUcy775eshdEypsF4zsKj9CYKwN6tiaWWFJGMOapQE3xygcONsRgHrQN4sAqUi FY2Dqgw61dy8g4I+1WSy8adI6XBr4LMrjIPszm+ygXH1hrWS6qS6c0PHIm9GA24O7Nvp x24dcKi6Htgtwz15ba0i8sArGm18uetJFYmLEy7vT+94QPHnO3NAXwhHOfoKgTg2S9ig QFWjLwsy+utGBuSoldzfNlN6fvvvaNRj3NT2Yvh00Q2JST6kok35IuEcTsSkj/H+IZWc 4th12oWq/XaAJFhHr0Kj+r4BaF42j38jvlW5ODEcyldtfu32awtJbLKBnVdvxF4MLSZt UwJQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="H/FQEnlg"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from lipwig.vger.email (lipwig.vger.email. [2620:137:e000::3:3]) by mx.google.com with ESMTPS id y15-20020a17090264cf00b001c6154cfda9si1934776pli.356.2023.10.03.12.01.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 12:01:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) client-ip=2620:137:e000::3:3; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b="H/FQEnlg"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:3 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by lipwig.vger.email (Postfix) with ESMTP id 5444F819CC14; Tue, 3 Oct 2023 12:01:35 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at lipwig.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240880AbjJCTB3 (ORCPT + 99 others); Tue, 3 Oct 2023 15:01:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49112 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240875AbjJCTB2 (ORCPT ); Tue, 3 Oct 2023 15:01:28 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BF5CCAB for ; Tue, 3 Oct 2023 12:01:24 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-99bdcade7fbso225638166b.1 for ; Tue, 03 Oct 2023 12:01:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696359683; x=1696964483; darn=vger.kernel.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:from:to:cc:subject:date:message-id :reply-to; bh=48DqYMKFMFla9FW3+MHK47HFTEjCMKs7LX0nuOGaX44=; b=H/FQEnlgB7RzPX0GBUtDN2W2qP+5doLsoulIP0yLJ04/22gXkb0xoeDh/CA5WVHLiE NSwicvtERfWvPM3R/xJzwd7JAc5HskNI6JwSWL6uw+bCbHpFmeRU8QqwUnzGkqOiVhZB WEZDorkW7QBAGbySyNZ5c46nBxuGOoPqc/iDdvgwGinRyuuf4pcUouN8BvDprEfsvC77 ieVwzzkFjGPostEIRDCpo10Rtck0uCz6KphoesaQXDqIH2YovB8a2iDsLNOP2Zv6ah8b rJrsLr89Y5lg0hFTiCKZbOjfOOO+tjHl1ODnw24C2cxsdY68i4UPUuEDalbWmnLupGJD N/jQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696359683; x=1696964483; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:sender:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=48DqYMKFMFla9FW3+MHK47HFTEjCMKs7LX0nuOGaX44=; b=NBBgGZqFdMTHDJLFdVHRzeL9CQDcCKgLtSysfXUKSbr1qm3ZT4nUupAHz8f+psG961 cQFHUa4jdLPfvtTSHd5NpwYnHY6FkRSvdXAiPCD8AvlptGzIr648elRDbaz9j8C9DAO8 t1c8Vv3eTAtQI9zSJpWqnaDQmGVU6tcn2uQkQH3ND1Jc6YI4USaaped0WEXOCxbSnSVb zfIs0uvqot6sw+C2+Nu+xgrNO21OOikyEqNjK6o6upX+63c5N5FLIUnGgS+Uyhn8Sf1g YXHQwT+p71tlnZxNHfXx/zzRGG9WicCpP/NOVzgfC96GHUQXA/lKG5QErBbnOrSyYcPe /jqQ== X-Gm-Message-State: AOJu0YxIux4wjlYR6F1EEEycspoyk6NBWaoLk9BBzCFiyz1LWrzCjj2M L8FTmQat4VfO60+tM2UHHKE= X-Received: by 2002:a17:907:2e01:b0:9ae:5a9f:6a9f with SMTP id ig1-20020a1709072e0100b009ae5a9f6a9fmr33614ejc.52.1696359682922; Tue, 03 Oct 2023 12:01:22 -0700 (PDT) Received: from gmail.com (1F2EF530.nat.pool.telekom.hu. [31.46.245.48]) by smtp.gmail.com with ESMTPSA id n16-20020a170906165000b009920e9a3a73sm1502989ejd.115.2023.10.03.12.01.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 12:01:22 -0700 (PDT) Sender: Ingo Molnar Date: Tue, 3 Oct 2023 21:01:20 +0200 From: Ingo Molnar To: Alexey Dobriyan Cc: Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , linux-kernel@vger.kernel.org, "H. Peter Anvin" , x86@kernel.org Subject: Re: [PATCH v2] x86: test that userspace stack is in fact NX Message-ID: References: <4b78a714-5ac3-4783-8256-1dda4673db01@p183> <4cef8266-ad6d-48af-a5f1-fc2b6a8eb422@p183> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4cef8266-ad6d-48af-a5f1-fc2b6a8eb422@p183> X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lipwig.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (lipwig.vger.email [0.0.0.0]); Tue, 03 Oct 2023 12:01:35 -0700 (PDT) * Alexey Dobriyan wrote: > Here is how it works: > > * fault and fill the stack from rsp with int3 down until rlimit allows, > * fill upwards with int3 too, overwrite libc stuff, argv, envp, > * try to exec int3 on each page and catch it in either SIGSEGV or > SIGTRAP handler. > > Note: trying to execute _every_ int3 on a 8 MiB stack takes 30-40 seconds > even on fast machine which is too much for kernel selftesting > (not for LTP!) so only 1 int3 per page is tried. > > Tested on F37 kernel and on a custom kernel which does > > vm_flags |= VM_EXEC; > > to stack VMA. > > Report from the buggy kernel: > > $ ./nx_stack_32 > stack min ff007000 > stack max ff807000 > FAIL executable page on the stack: eip ff806001 > > $ ./nx_stack_64 > stack min 7ffe65bb0000 > stack max 7ffe663b0000 > FAIL executable page on the stack: rip 7ffe663af001 Nice, thanks! Ingo