Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-14 Thread Andy Lutomirski
On Tue, Dec 8, 2015 at 12:39 PM, H. Peter Anvin wrote: > On December 8, 2015 12:30:06 PM PST, Kees Cook wrote: >>On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: >>> On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote:

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-14 Thread Andy Lutomirski
On Tue, Dec 8, 2015 at 12:39 PM, H. Peter Anvin wrote: > On December 8, 2015 12:30:06 PM PST, Kees Cook wrote: >>On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: >>> On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote:

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:30:06PM -0800, Kees Cook wrote: > If we add this for not-nx, I would like to add it for not-rodata too. The W+X thing? I was under the impression we want to fix all those so that the ptdump check doesn't fire anymore. > I've never seen anyone actually use it. I was

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:39:14PM -0800, H. Peter Anvin wrote: > Actually I think of it much more as a debug option - being able to > mimic NX-unaware hardware and to track down problems in the field. Considering it can be dangerous when exposed to the user, should we hide it behind a "Kernel

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread H. Peter Anvin
On December 8, 2015 12:30:06 PM PST, Kees Cook wrote: >On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: >> On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: >>> On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: >>> > >>> > Thank you pointing that out. >>> > >>> >

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Kees Cook
On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: > On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: >> On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: >> > >> > Thank you pointing that out. >> > >> > linux-4.4-rc3 booted without a problem on a real server even with XD >>

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: > On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: > > > > Thank you pointing that out. > > > > linux-4.4-rc3 booted without a problem on a real server even with XD > > turned off by the firmware. I didn't notice this before

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Matt Fleming
On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: > > Thank you pointing that out. > > linux-4.4-rc3 booted without a problem on a real server even with XD > turned off by the firmware. I didn't notice this before because I was > using an older version of the kernel on the real server, and

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Matt Fleming
On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: > > Thank you pointing that out. > > linux-4.4-rc3 booted without a problem on a real server even with XD > turned off by the firmware. I didn't notice this before because I was > using an older version of the kernel on the real server, and

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: > On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: > > > > Thank you pointing that out. > > > > linux-4.4-rc3 booted without a problem on a real server even with XD > > turned off by the firmware. I didn't notice this before

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Kees Cook
On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: > On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: >> On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: >> > >> > Thank you pointing that out. >> > >> > linux-4.4-rc3 booted without a problem on a real server

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:30:06PM -0800, Kees Cook wrote: > If we add this for not-nx, I would like to add it for not-rodata too. The W+X thing? I was under the impression we want to fix all those so that the ptdump check doesn't fire anymore. > I've never seen anyone actually use it. I was

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread H. Peter Anvin
On December 8, 2015 12:30:06 PM PST, Kees Cook wrote: >On Tue, Dec 8, 2015 at 6:19 AM, Borislav Petkov wrote: >> On Tue, Dec 08, 2015 at 12:25:57PM +, Matt Fleming wrote: >>> On Mon, 07 Dec, at 11:10:43PM, Kosuke Tatsukawa wrote: >>> > >>> > Thank you

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-08 Thread Borislav Petkov
On Tue, Dec 08, 2015 at 12:39:14PM -0800, H. Peter Anvin wrote: > Actually I think of it much more as a debug option - being able to > mimic NX-unaware hardware and to track down problems in the field. Considering it can be dangerous when exposed to the user, should we hide it behind a "Kernel

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-07 Thread Kosuke Tatsukawa
Matt Fleming wrote: > On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote: >> The kernel panics early in boot on a x86_64 server if the eXecute >> Disable (XD) bit is set to disabled in the uEFI firmware. The message >> in the kernel log buffer looks like below. >>

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-07 Thread Kosuke Tatsukawa
Matt Fleming wrote: > On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote: >> The kernel panics early in boot on a x86_64 server if the eXecute >> Disable (XD) bit is set to disabled in the uEFI firmware. The message >> in the kernel log buffer looks like below. >>

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-04 Thread Matt Fleming
On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote: > The kernel panics early in boot on a x86_64 server if the eXecute > Disable (XD) bit is set to disabled in the uEFI firmware. The message > in the kernel log buffer looks like below. >

Re: [PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-04 Thread Matt Fleming
On Thu, 03 Dec, at 11:58:33PM, Kosuke Tatsukawa wrote: > The kernel panics early in boot on a x86_64 server if the eXecute > Disable (XD) bit is set to disabled in the uEFI firmware. The message > in the kernel log buffer looks like below. >

[PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-03 Thread Kosuke Tatsukawa
The kernel panics early in boot on a x86_64 server if the eXecute Disable (XD) bit is set to disabled in the uEFI firmware. The message in the kernel log buffer looks like below. [0.00] CPU: 0 PID: 0 Comm: swapper

[PATCH 1/2] x86: Fix kernel panic when booting with XD disabled in uEFI firmware

2015-12-03 Thread Kosuke Tatsukawa
The kernel panics early in boot on a x86_64 server if the eXecute Disable (XD) bit is set to disabled in the uEFI firmware. The message in the kernel log buffer looks like below. [0.00] CPU: 0 PID: 0 Comm: swapper