RE: NonExecutable Bit in 32Bit
> > And this prevents the lowmemory to be secured by NX? > What do you mean, when you say "lowmemory"? I mean EF-Segments. Cause we got a kernel oops as we accidentally used ioremap_nocache on a EF-Segment address. Before that usage the EF-Segments weren't secured, afterwards they were. We use now ioremap which does the high low mem check, but I was a bit confused that NX was not active before. But I can't provide any further informations about the system, cause it was more or less support for a customer. Ciao Thilo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Cestonaro, Thilo (external) <[EMAIL PROTECTED]> wrote: And this prevents the lowmemory to be secured by NX? What do you mean, when you say "lowmemory"? - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
> > > > CONFIG_HIGHMEM64G=y > > > > CONFIG_HIGHMEM=y > > > > CONFIG_X86_PAE=y > > > > > > Ok in highmem it's active, whats about lowmem? > > > x86-64 is NX active for lowmem too AFAIK. > > > > It's more of an issue of having PAE enabled. > > Without PAE you are not able to use the the NX bit. > That's the way the CPU works, not Linux. > > Forgot to add: > from arch/i386/Kconfig: > config X86_PAE > bool > depends on HIGHMEM64G > default y > select RESOURCES_64BIT > > > Hope this helps. > > Just that I get it right, NX just works with PAE enabled, and PAE just works with HIGHMEM64G enabled. And this prevents the lowmemory to be secured by NX? Ciao Thilo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
Cestonaro, Thilo (external) wrote: > Hey, > >> CONFIG_HIGHMEM64G=y >> CONFIG_HIGHMEM=y >> CONFIG_X86_PAE=y > > Ok in highmem it's active, whats about lowmem? It's not highmem vs lowmem, it is that HIGHMEM64G is required for X86_PAE, which is required for NX support. > x86-64 is NX active for lowmem too AFAIK. Good thing, since x86-64 doesn't have highmem (nor does it need it, since it has enough virtual address space to map all physical address space and still have left over, like it *should* be.) -hpa - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Tuncer Ayaz <[EMAIL PROTECTED]> wrote: On 4/25/07, Cestonaro, Thilo (external) <[EMAIL PROTECTED]> wrote: > Hey, > > > CONFIG_HIGHMEM64G=y > > CONFIG_HIGHMEM=y > > CONFIG_X86_PAE=y > > Ok in highmem it's active, whats about lowmem? > x86-64 is NX active for lowmem too AFAIK. It's more of an issue of having PAE enabled. Without PAE you are not able to use the the NX bit. That's the way the CPU works, not Linux. Forgot to add: from arch/i386/Kconfig: config X86_PAE bool depends on HIGHMEM64G default y select RESOURCES_64BIT Hope this helps. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Cestonaro, Thilo (external) <[EMAIL PROTECTED]> wrote: Hey, > CONFIG_HIGHMEM64G=y > CONFIG_HIGHMEM=y > CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. It's more of an issue of having PAE enabled. Without PAE you are not able to use the the NX bit. That's the way the CPU works, not Linux. Hope this helps. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
Hey, > CONFIG_HIGHMEM64G=y > CONFIG_HIGHMEM=y > CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. Ciao Thilo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
Hey, CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. Ciao Thilo - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Cestonaro, Thilo (external) [EMAIL PROTECTED] wrote: Hey, CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. It's more of an issue of having PAE enabled. Without PAE you are not able to use the the NX bit. That's the way the CPU works, not Linux. Hope this helps. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Tuncer Ayaz [EMAIL PROTECTED] wrote: On 4/25/07, Cestonaro, Thilo (external) [EMAIL PROTECTED] wrote: Hey, CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. It's more of an issue of having PAE enabled. Without PAE you are not able to use the the NX bit. That's the way the CPU works, not Linux. Forgot to add: from arch/i386/Kconfig: config X86_PAE bool depends on HIGHMEM64G default y select RESOURCES_64BIT Hope this helps. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
Cestonaro, Thilo (external) wrote: Hey, CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? It's not highmem vs lowmem, it is that HIGHMEM64G is required for X86_PAE, which is required for NX support. x86-64 is NX active for lowmem too AFAIK. Good thing, since x86-64 doesn't have highmem (nor does it need it, since it has enough virtual address space to map all physical address space and still have left over, like it *should* be.) -hpa - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y Ok in highmem it's active, whats about lowmem? x86-64 is NX active for lowmem too AFAIK. It's more of an issue of having PAE enabled. Without PAE you are not able to use the the NX bit. That's the way the CPU works, not Linux. Forgot to add: from arch/i386/Kconfig: config X86_PAE bool depends on HIGHMEM64G default y select RESOURCES_64BIT Hope this helps. Just that I get it right, NX just works with PAE enabled, and PAE just works with HIGHMEM64G enabled. And this prevents the lowmemory to be secured by NX? Ciao Thilo - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/25/07, Cestonaro, Thilo (external) [EMAIL PROTECTED] wrote: And this prevents the lowmemory to be secured by NX? What do you mean, when you say lowmemory? - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
And this prevents the lowmemory to be secured by NX? What do you mean, when you say lowmemory? I mean EF-Segments. Cause we got a kernel oops as we accidentally used ioremap_nocache on a EF-Segment address. Before that usage the EF-Segments weren't secured, afterwards they were. We use now ioremap which does the high low mem check, but I was a bit confused that NX was not active before. But I can't provide any further informations about the system, cause it was more or less support for a customer. Ciao Thilo - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
"Cestonaro, Thilo \(external\)"<[EMAIL PROTECTED]> writes: > is it right, that the NX Bit is not used under i386-Arch but under > x86_64-Arch? It is wrong. -Andi - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/24/07, William Heimbigner <[EMAIL PROTECTED]> wrote: On Tue, 24 Apr 2007, Cestonaro, Thilo (external) wrote: > Hey, > > is it right, that the NX Bit is not used under i386-Arch but > under x86_64-Arch? > When yes, is there a special argument for it not to be used? > > Ciao Thilo I don't think so - some i386 cpus definitely have support for the NX bit. In detail: 1) if your CPU has NX support (some 32bit Xeons do) 2) it is not disabled in the BIOS 3) you see 'nx' in the 'flags' line in /proc/cpuinfo 4) and you have a kernel with the following config options CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y NX should just work. [snip] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: NonExecutable Bit in 32Bit
> I don't think so - some i386 cpus definitely have support for the NX bit. Ok, the cpu's do support it, but the kernel doesn't use it if it is active in the bios. > Would having this be supported in i386 help debugging (and security) > significantly? @William: I don't understand this question :( Ciao Thilo - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On Tue, 24 Apr 2007, Cestonaro, Thilo (external) wrote: Hey, is it right, that the NX Bit is not used under i386-Arch but under x86_64-Arch? When yes, is there a special argument for it not to be used? Ciao Thilo I don't think so - some i386 cpus definitely have support for the NX bit. Would having this be supported in i386 help debugging (and security) significantly? William Heimbigner [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On Tue, 24 Apr 2007, Cestonaro, Thilo (external) wrote: Hey, is it right, that the NX Bit is not used under i386-Arch but under x86_64-Arch? When yes, is there a special argument for it not to be used? Ciao Thilo I don't think so - some i386 cpus definitely have support for the NX bit. Would having this be supported in i386 help debugging (and security) significantly? William Heimbigner [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
On 4/24/07, William Heimbigner [EMAIL PROTECTED] wrote: On Tue, 24 Apr 2007, Cestonaro, Thilo (external) wrote: Hey, is it right, that the NX Bit is not used under i386-Arch but under x86_64-Arch? When yes, is there a special argument for it not to be used? Ciao Thilo I don't think so - some i386 cpus definitely have support for the NX bit. In detail: 1) if your CPU has NX support (some 32bit Xeons do) 2) it is not disabled in the BIOS 3) you see 'nx' in the 'flags' line in /proc/cpuinfo 4) and you have a kernel with the following config options CONFIG_HIGHMEM64G=y CONFIG_HIGHMEM=y CONFIG_X86_PAE=y NX should just work. [snip] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: NonExecutable Bit in 32Bit
Cestonaro, Thilo \(external\)[EMAIL PROTECTED] writes: is it right, that the NX Bit is not used under i386-Arch but under x86_64-Arch? It is wrong. -Andi - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/