[PATCH] nx-emu: clean up nx-emu for ia32-only
by Kees Cook
The NX-emulation should only exist for the 32 bit case, and should not be
visible under any other situation. This removes the exec-shield parameter
when not running on 32-bit x86, standardizes the x86_report_nx strings,
and sets a min/max proc handler for the exec_shield parameter.
Signed-off-by: Kees Cook <kees.cook(a)canonical.com>
---
arch/x86/mm/setup_nx.c | 12 ++++++++++--
include/linux/sched.h | 2 ++
kernel/sysctl.c | 6 +++++-
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c
index e0d9cce..f068676 100644
--- a/arch/x86/mm/setup_nx.c
+++ b/arch/x86/mm/setup_nx.c
@@ -24,7 +24,9 @@ static int __init noexec_setup(char *str)
disable_nx = 0;
} else if (!strncmp(str, "off", 3)) {
disable_nx = 1;
+#ifdef CONFIG_X86_32
exec_shield = 0;
+#endif
}
x86_configure_nx();
return 0;
@@ -42,12 +44,18 @@ void __cpuinit x86_configure_nx(void)
void __init x86_report_nx(void)
{
if (!cpu_has_nx) {
+#ifdef CONFIG_X86_32
if (exec_shield)
- printk(KERN_INFO "Using x86 segment limits to approximate NX protection\n");
+ printk(KERN_INFO "NX (Execute Disable) protection: "
+ "approximated by x86 segment limits\n");
else
-
+ printk(KERN_INFO "NX (Execute Disable) protection: "
+ "approximation disabled by kernel command "
+ "line option\n");
+#else
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
"missing in CPU or disabled in BIOS!\n");
+#endif
} else {
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
if (disable_nx) {
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 2102309..5606aa7 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -101,7 +101,9 @@ struct bio_list;
struct fs_struct;
struct perf_event_context;
+#ifdef CONFIG_X86_32
extern int exec_shield;
+#endif
extern int print_fatal_signals;
/*
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c7f0d4a..68f020f 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -104,6 +104,7 @@ extern int sysctl_nr_open_min, sysctl_nr_open_max;
extern int sysctl_nr_trim_pages;
#endif
+#ifdef CONFIG_X86_32
int exec_shield = 1;
static int __init setup_exec_shield(char *str)
@@ -113,6 +114,7 @@ static int __init setup_exec_shield(char *str)
return 1;
}
__setup("exec-shield=", setup_exec_shield);
+#endif
#ifdef CONFIG_BLOCK
extern int blk_iopoll_enabled;
@@ -447,7 +449,9 @@ static struct ctl_table kern_table[] = {
.data = &exec_shield,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = &proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = &zero,
+ .extra2 = &one,
},
#endif
--
1.7.1
--
Kees Cook
Ubuntu Security Team
13 years, 3 months
[PATCH] exec-randomization: brk away from exec rand area
by Kees Cook
This is a fix for the NX emulation patch to force the brk area well
outside of the exec randomization area to avoid future allocation or brk
growth collisions. Normally this isn't a problem, except when the text
region has been loaded from a PIE binary and the CS limit can't be put
just above bss.
A test-case that will show failures without this patch can be found here:
http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/mast...
Signed-off-by: Kees Cook <kees.cook(a)canonical.com>
---
arch/x86/kernel/process.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletions(-)
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
index 57d1868..29c0c35 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -669,6 +669,16 @@ unsigned long arch_align_stack(unsigned long sp)
unsigned long arch_randomize_brk(struct mm_struct *mm)
{
unsigned long range_end = mm->brk + 0x02000000;
- return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
+ unsigned long bump = 0;
+#ifdef CONFIG_X86_32
+ /* in the case of NX emulation, shove the brk segment way out of the
+ way of the exec randomization area, since it can collide with
+ future allocations if not. */
+ if ( (mm->get_unmapped_exec_area == arch_get_unmapped_exec_area) &&
+ (mm->brk < 0x08000000) ) {
+ bump = (TASK_SIZE/6);
+ }
+#endif
+ return bump + (randomize_range(mm->brk, range_end, 0) ? : mm->brk);
}
--
1.7.1
--
Kees Cook
Ubuntu Security Team
13 years, 3 months
up'ing /proc/sys/fs/inotify/max_user_watches ?
by Rex Dieter
kde packagers received a request to consider shipping systems with a
higher (default) value of
/proc/sys/fs/inotify/max_user_watches
to allow for a better experience for noticing changes (notably when
using nepomuk indexing of content in users' homedir).
The suggested value was something like 524288 (seems the default on f13
is 8192).
A recent kde-sig meeting discussed the topic,
http://fedoraproject.org/wiki/SIGs/KDE/Meetings/2010-07-27
where mjg59 also agreed "It's probably justifiable to increase it".
So, any comments or objections implementing this (for f14)?
-- Rex
13 years, 3 months
kernel problem
by Benitez, Jose
Hello,
I am a Fedora Core 12 user and the kernel recently updated to
2.6.32.19-163.fc12.i686
from the previous kernel:
2.6.32.16-150.fc12.i686
With the new kernel my Dell Inspiron 6000 laptop does not return after Suspending or Hibernating.
Can this be fixed somehow?
Thanks,
Jose
13 years, 3 months
CONFIG_LOCKDEP
by John Hartgraves
I'm trying to rebuild my kernel without debugging, I set the %define
debugbuildsenabled to 1 and in the kernel.spec file before building
with rpmbuild but I am still getting CONFIG_LOCKDEP=y in my kernel
config file in my /boot directory after I install the built kernel.
How do I fully disable this?
-John Hartgraves
13 years, 3 months
Re-compiling kernel-2.6.33.6-147.2.4
by JD
During build of this kernel, I got the following compilation error:
I needed to add another kernel feature (added full preemption)
CONFIG_PREEMPT=y
so....
After make oldconfig, and make xconfig, ran make all
.
.
.
CC [M] drivers/video/console/fbcon.o
drivers/video/console/fbcon.c:3537: error: expected declaration
specifiers or ‘...’ before string constant
drivers/video/console/fbcon.c:3537: error: expected declaration
specifiers or ‘...’ before ‘quiet_logo’
drivers/video/console/fbcon.c:3537: warning: data definition has no type
or storage class
drivers/video/console/fbcon.c:3537: warning: type defaults to ‘int’ in
declaration of ‘early_param’
drivers/video/console/fbcon.c:3537: warning: function declaration isn’t
a prototype
make[3]: *** [drivers/video/console/fbcon.o] Error 1
make[2]: *** [drivers/video/console] Error 2
make[1]: *** [drivers/video] Error 2
make: *** [drivers] Error 2
The folks at kernel.org told me this is not their bug, but fedora's
added code.
Is there a bugzilla for fedora kernel?
13 years, 4 months
private branches under fedpkg/git
by M A Young
I would like to re-establish a private branch that I had under CVS
(private-myoung-dom0-branch) which I used to build pvops enabled kernels
so that the more adventurous could use a Fedora based Domain-0 kernel with
xen.
Are there any policies I should follow? I asked this on the devel list and
Roland McGrath suggested naming convention of
user/<username>/whatever-you-want for rawhide forks and fN/user/... for
release branch forks.
If I follow this pattern I would choose the name f12/user/myoung/xendom0
(I am following f12 at the moment because currently most of the xen
development is on based on the 2.6.32 kernel).
Are there any other opinions before I create this branch?
Michael Young
13 years, 4 months
2.6.35-1 kernel/sched.c:616 invoked rcu_dereference_check() without protection
by Michał Piotrowski
Hi,
I downloaded and build this kernel
http://koji.fedoraproject.org/koji/buildinfo?buildID=187678 on my F13
box. I am getting an error on boot. You might be interested in this
===================================================
[ INFO: suspicious rcu_dereference_check() usage. ]
---------------------------------------------------
kernel/sched.c:616 invoked rcu_dereference_check() without protection!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
3 locks held by swapper/1:
#0: (cpu_add_remove_lock){+.+.+.}, at: [<ffffffff8105292e>]
cpu_maps_update_begin+0x17/0x19
#1: (cpu_hotplug.lock){+.+.+.}, at: [<ffffffff81052973>]
cpu_hotplug_begin+0x2c/0x53
#2: (&rq->lock){-.-...}, at: [<ffffffff814943a9>] init_idle+0x30/0x136
stack backtrace:
Pid: 1, comm: swapper Not tainted 2.6.35-1.fc13.x86_64 #1
Call Trace:
[<ffffffff8107bb7a>] lockdep_rcu_dereference+0xaa/0xb2
[<ffffffff8104012f>] task_group+0x80/0x8f
[<ffffffff814943a9>] ? init_idle+0x30/0x136
[<ffffffff81040155>] set_task_rq+0x17/0x73
[<ffffffff81494468>] init_idle+0xef/0x136
[<ffffffff81494885>] fork_idle+0xbd/0xce
[<ffffffff8107c243>] ? mark_held_locks+0x52/0x70
[<ffffffff81492e6a>] do_fork_idle+0x1c/0x2d
[<ffffffff81492283>] do_boot_cpu+0x145/0xa3b
[<ffffffff811127ec>] ? alloc_page_interleave+0x79/0x86
[<ffffffff81492e4e>] ? do_fork_idle+0x0/0x2d
[<ffffffff81492c74>] native_cpu_up+0xfb/0x1ce
[<ffffffff81494966>] _cpu_up+0xa0/0x115
[<ffffffff81494ab1>] cpu_up+0xd6/0xe8
[<ffffffff81d78695>] kernel_init+0x105/0x2c9
[<ffffffff8100aaa4>] kernel_thread_helper+0x4/0x10
[<ffffffff8149bfd0>] ? restore_args+0x0/0x30
[<ffffffff81d78590>] ? kernel_init+0x0/0x2c9
[<ffffffff8100aaa0>] ? kernel_thread_helper+0x0/0x10
Booting Node 0, Processors #1lockdep: fixing up alternatives.
#2lockdep: fixing up alternatives.
#3 Ok.
Regards,
M
13 years, 4 months