Re: [GIT PULL] x86/mm changes for v4.4

On Mon, Nov 9, 2015 at 11:08 PM, Ard Biesheuvel wrote: > On 9 November 2015 at 22:08, Kees Cook wrote: >> On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel >> wrote: >>> On 8 November 2015 at 07:58, Kees Cook wrote: On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel wrote: > On 7

Re: [GIT PULL] x86/mm changes for v4.4

On Mon, Nov 9, 2015 at 11:08 PM, Ard Biesheuvel wrote: > On 9 November 2015 at 22:08, Kees Cook wrote: >> On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel >> wrote: >>> On 8 November 2015 at 07:58, Kees Cook

Re: [GIT PULL] x86/mm changes for v4.4

On 9 November 2015 at 22:08, Kees Cook wrote: > On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel > wrote: >> On 8 November 2015 at 07:58, Kees Cook wrote: >>> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel >>> wrote: On 7 November 2015 at 08:09, Ingo Molnar wrote: > > * Matt

Re: [GIT PULL] x86/mm changes for v4.4

On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel wrote: > On 8 November 2015 at 07:58, Kees Cook wrote: >> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel >> wrote: >>> On 7 November 2015 at 08:09, Ingo Molnar wrote: * Matt Fleming wrote: > On Fri, 06 Nov, at 07:55:50AM,

Re: [GIT PULL] x86/mm changes for v4.4

On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel wrote: > On 8 November 2015 at 07:58, Kees Cook wrote: >> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel >> wrote: >>> On 7 November 2015 at 08:09, Ingo Molnar

Re: [GIT PULL] x86/mm changes for v4.4

On 9 November 2015 at 22:08, Kees Cook wrote: > On Sat, Nov 7, 2015 at 11:55 PM, Ard Biesheuvel > wrote: >> On 8 November 2015 at 07:58, Kees Cook wrote: >>> On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel >>>

Re: [GIT PULL] x86/mm changes for v4.4

On 8 November 2015 at 07:58, Kees Cook wrote: > On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel > wrote: >> On 7 November 2015 at 08:09, Ingo Molnar wrote: >>> >>> * Matt Fleming wrote: >>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > 3) We should fix the EFI

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel wrote: > On 7 November 2015 at 08:09, Ingo Molnar wrote: >> >> * Matt Fleming wrote: >> >>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: >>> > >>> > 3) We should fix the EFI permission problem without relying on the >>> > firmware: it >>> >

Re: [GIT PULL] x86/mm changes for v4.4

On Sat, 07 Nov, at 08:05:54AM, Ingo Molnar wrote: > > * Matt Fleming wrote: > > > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > > > And if this turns out to be due to EFI wanting those permissions, what > > > should > > > we do? People have talked about running the EFI

Re: [GIT PULL] x86/mm changes for v4.4

On Sat, 07 Nov, at 08:05:54AM, Ingo Molnar wrote: > > * Matt Fleming wrote: > > > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > > > And if this turns out to be due to EFI wanting those permissions, what > > > should > > > we do? People have talked

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel wrote: > On 7 November 2015 at 08:09, Ingo Molnar wrote: >> >> * Matt Fleming wrote: >> >>> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: >>> > >>> > 3) We should fix the

Re: [GIT PULL] x86/mm changes for v4.4

On 8 November 2015 at 07:58, Kees Cook wrote: > On Fri, Nov 6, 2015 at 11:39 PM, Ard Biesheuvel > wrote: >> On 7 November 2015 at 08:09, Ingo Molnar wrote: >>> >>> * Matt Fleming wrote: >>> On

Re: [GIT PULL] x86/mm changes for v4.4

On 7 November 2015 at 08:09, Ingo Molnar wrote: > > * Matt Fleming wrote: > >> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: >> > >> > 3) We should fix the EFI permission problem without relying on the >> > firmware: it >> > appears we could just mark everything R-X optimistically, and

Re: [GIT PULL] x86/mm changes for v4.4

* Matt Fleming wrote: > On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > > > 3) We should fix the EFI permission problem without relying on the > > firmware: it > > appears we could just mark everything R-X optimistically, and if a > > write fault > > happens (it's pretty

Re: [GIT PULL] x86/mm changes for v4.4

* Matt Fleming wrote: > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > And if this turns out to be due to EFI wanting those permissions, what > > should > > we do? People have talked about running the EFI callbacks in their own > > private > > page table setup, which sounds

Re: [GIT PULL] x86/mm changes for v4.4

* Andy Lutomirski wrote: > On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote: > > > > * Linus Torvalds wrote: > > > >> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > >> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > >> > > > >> > > I don't have that later debug

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, Nov 06, 2015 at 01:09:48PM +, Matt Fleming wrote: > On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > > > Admittedly, we might need to use a certain amount of care to avoid > > interesting conflicts with the vmap mechanism. We might need to vmap > > all of the EFI stuff, and

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > Admittedly, we might need to use a certain amount of care to avoid > interesting conflicts with the vmap mechanism. We might need to vmap > all of the EFI stuff, and possibly even all the top-level entries that > contain EFI stuff (i.e.

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > 3) We should fix the EFI permission problem without relying on the firmware: > it > appears we could just mark everything R-X optimistically, and if a write > fault > happens (it's pretty rare in fact, only triggers when we write

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > And if this turns out to be due to EFI wanting those permissions, what > should we do? People have talked about running the EFI callbacks in > their own private page table setup, which sounds like the right idea, > but until that actually

Re: [GIT PULL] x86/mm changes for v4.4

* Matt Fleming wrote: > On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > > > 3) We should fix the EFI permission problem without relying on the > > firmware: it > > appears we could just mark everything R-X optimistically, and if a > > write fault > >

Re: [GIT PULL] x86/mm changes for v4.4

On 7 November 2015 at 08:09, Ingo Molnar wrote: > > * Matt Fleming wrote: > >> On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: >> > >> > 3) We should fix the EFI permission problem without relying on the >> > firmware: it >> > appears we could

Re: [GIT PULL] x86/mm changes for v4.4

* Matt Fleming wrote: > On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > > > And if this turns out to be due to EFI wanting those permissions, what > > should > > we do? People have talked about running the EFI callbacks in their own > > private > > page

Re: [GIT PULL] x86/mm changes for v4.4

* Andy Lutomirski wrote: > On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote: > > > > * Linus Torvalds wrote: > > > >> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > >> > On Wed, Nov 04, 2015

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, Nov 06, 2015 at 01:09:48PM +, Matt Fleming wrote: > On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > > > Admittedly, we might need to use a certain amount of care to avoid > > interesting conflicts with the vmap mechanism. We might need to vmap > > all of the EFI stuff, and

Re: [GIT PULL] x86/mm changes for v4.4

On Fri, 06 Nov, at 07:55:50AM, Ingo Molnar wrote: > > 3) We should fix the EFI permission problem without relying on the firmware: > it > appears we could just mark everything R-X optimistically, and if a write > fault > happens (it's pretty rare in fact, only triggers when we write

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, 05 Nov, at 01:33:10PM, Linus Torvalds wrote: > > And if this turns out to be due to EFI wanting those permissions, what > should we do? People have talked about running the EFI callbacks in > their own private page table setup, which sounds like the right idea, > but until that actually

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, 05 Nov, at 11:05:35PM, Andy Lutomirski wrote: > > Admittedly, we might need to use a certain amount of care to avoid > interesting conflicts with the vmap mechanism. We might need to vmap > all of the EFI stuff, and possibly even all the top-level entries that > contain EFI stuff (i.e.

Re: [GIT PULL] x86/mm changes for v4.4

(resent with Matt's email address fixed.) * Ingo Molnar wrote: > > * Linus Torvalds wrote: > > > On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > > > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > > > > > > > > I don't have that later debug output at all. Presumably

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote: > > * Linus Torvalds wrote: > >> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: >> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: >> > > >> > > I don't have that later debug output at all. Presumably some config >> >

Re: [GIT PULL] x86/mm changes for v4.4

* Linus Torvalds wrote: > On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > > > > > > I don't have that later debug output at all. Presumably some config > > difference. > > > > CONFIG_X86_PTDUMP_CORE iirc. > > No, I

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 05, 2015 at 02:04:55PM -0800, Linus Torvalds wrote: > and there's quite a few other pages there that are RW but not marked > NX. I suspect they come from the EFI runtime services because the Yeah, at least the EFI mappings would need a bit more fiddling until they're NX:

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds wrote: > > No, I have that. I suspect CONFIG_EFI_PGT_DUMP instead. Yes, that seems to show the tables, and agrees with the problem address. So for me I have: WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5dc/0x780()

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds wrote: > > I suspect CONFIG_EFI_PGT_DUMP instead. > > Anyway, as it stands now, I think the CONFIG_DEBUG_WX option should > not default to 'y' unless it is made more useful if it actually > triggers. Ingo? Actually, I guess I should have cc'd Steven

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > > > > I don't have that later debug output at all. Presumably some config > difference. > > CONFIG_X86_PTDUMP_CORE iirc. No, I have that. I suspect CONFIG_EFI_PGT_DUMP

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds wrote: > > I suspect CONFIG_EFI_PGT_DUMP instead. > > Anyway, as it stands now, I think the CONFIG_DEBUG_WX option should > not default to 'y' unless it is made more useful if it actually > triggers. Ingo? Actually, I

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 05, 2015 at 02:04:55PM -0800, Linus Torvalds wrote: > and there's quite a few other pages there that are RW but not marked > NX. I suspect they come from the EFI runtime services because the Yeah, at least the EFI mappings would need a bit more fiddling until they're NX:

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > > > > I don't have that later debug output at all. Presumably some config > difference. > > CONFIG_X86_PTDUMP_CORE iirc. No, I have that. I suspect

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 1:27 PM, Linus Torvalds wrote: > > No, I have that. I suspect CONFIG_EFI_PGT_DUMP instead. Yes, that seems to show the tables, and agrees with the problem address. So for me I have: WARNING: CPU: 1 PID: 1 at

Re: [GIT PULL] x86/mm changes for v4.4

* Linus Torvalds wrote: > On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > > > > > > I don't have that later debug output at all. Presumably some config > >

Re: [GIT PULL] x86/mm changes for v4.4

On Thu, Nov 5, 2015 at 10:55 PM, Ingo Molnar wrote: > > * Linus Torvalds wrote: > >> On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: >> > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: >> > > >> > > I

Re: [GIT PULL] x86/mm changes for v4.4

(resent with Matt's email address fixed.) * Ingo Molnar wrote: > > * Linus Torvalds wrote: > > > On Wed, Nov 4, 2015 at 6:17 PM, Dave Jones wrote: > > > On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote:

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote: > > > > FWIW I'm seeing this too. > > > > [0.468368] ---[ Low Kernel Mapping ]--- > > [0.468381] 0x8800-0x8880 8M RW > >

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote: > > FWIW I'm seeing this too. > > [0.468368] ---[ Low Kernel Mapping ]--- > [0.468381] 0x8800-0x8880 8M RW >GLB NX pte > [0.468391] 0x8880-0x8890

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 04, 2015 at 11:26:12AM -0800, Linus Torvalds wrote: > On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote: > > > > The new CONFIG_DEBUG_WX=y warning is marked default-y if > > CONFIG_DEBUG_RODATA=y is > > already eanbled, as a special exception, as these bugs are hard to notice

Re: [GIT PULL] x86/mm changes for v4.4

On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote: > > The new CONFIG_DEBUG_WX=y warning is marked default-y if > CONFIG_DEBUG_RODATA=y is > already eanbled, as a special exception, as these bugs are hard to notice and > this > check already found several live bugs. So this seems to be not

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote: > > FWIW I'm seeing this too. > > [0.468368] ---[ Low Kernel Mapping ]--- > [0.468381] 0x8800-0x8880 8M RW >GLB NX pte > [0.468391]

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 04, 2015 at 11:26:12AM -0800, Linus Torvalds wrote: > On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote: > > > > The new CONFIG_DEBUG_WX=y warning is marked default-y if > > CONFIG_DEBUG_RODATA=y is > > already eanbled, as a special exception, as these bugs are

Re: [GIT PULL] x86/mm changes for v4.4

On Wed, Nov 04, 2015 at 05:31:59PM -0800, Linus Torvalds wrote: > On Wed, Nov 4, 2015 at 3:39 PM, Dave Jones wrote: > > > > FWIW I'm seeing this too. > > > > [0.468368] ---[ Low Kernel Mapping ]--- > > [0.468381] 0x8800-0x8880

Re: [GIT PULL] x86/mm changes for v4.4

On Tue, Nov 3, 2015 at 3:16 AM, Ingo Molnar wrote: > > The new CONFIG_DEBUG_WX=y warning is marked default-y if > CONFIG_DEBUG_RODATA=y is > already eanbled, as a special exception, as these bugs are hard to notice and > this > check already found several live bugs. So this