Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753611Ab0FSFuq (ORCPT ); Sat, 19 Jun 2010 01:50:46 -0400 Received: from smtp.outflux.net ([198.145.64.163]:33928 "EHLO smtp.outflux.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753148Ab0FSFup (ORCPT ); Sat, 19 Jun 2010 01:50:45 -0400 Date: Fri, 18 Jun 2010 22:50:10 -0700 From: Kees Cook To: x86@kernel.org Cc: "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , Alexander Potashev , Tim Abbott , Sam Ravnborg , Jan Beulich , Jeremy Fitzhardinge , linux-kernel@vger.kernel.org Subject: [PATCH v2 0/4] x86: clear XD_DISABLED flag on Intel to regain NX Message-ID: <20100619055010.GR24749@outflux.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: Canonical X-HELO: www.outflux.net Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 755 Lines: 19 This will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX cannot be inappropriately controlled by the BIOS on Intel CPUs. If NX actually needs to be disabled, "noexec=off" can be used. Based on feedback from HPA, this was reworked to extend the existing "verify_cpu" routines, and to more tightly confine which CPUs will call MSR_IA32_MISC_ENABLE. Since it includes some re-arrangements of files, I tried to break the patches up into their logical steps. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/