Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000

From: Paul Menzel
Date: Thu Oct 04 2018 - 04:40:55 EST


Dear Borislav,


On 10/04/18 10:14, Borislav Petkov wrote:
> On Thu, Oct 04, 2018 at 10:03:21AM +0200, Joerg Roedel wrote:
>> I also triggered this when working in the PTI-x32 code. It always
>> happens on a 32-bit PAE kernel for me.
>>
>> Tracking it down I ended up in (iirc) arch/x86/mm/pageattr.c
>> function static_protections():
>>
>> /*
>> * The BIOS area between 640k and 1Mb needs to be executable for
>> * PCI BIOS based config access (CONFIG_PCI_GOBIOS) support.
>> */
>> #ifdef CONFIG_PCI_BIOS
>> if (pcibios_enabled && within(pfn, BIOS_BEGIN >> PAGE_SHIFT, BIOS_END >> PAGE_SHIFT))
>> pgprot_val(forbidden) |= _PAGE_NX;
>> #endif
>>
>> I think that is the reason we are seeing this in that configuration.
>
> So looking at this, BIOS_BEGIN and BIOS_END is the same range as the ISA
> range:
>
> #define ISA_START_ADDRESS 0x000a0000
> #define ISA_END_ADDRESS 0x00100000
>
> #define BIOS_BEGIN 0x000a0000
> #define BIOS_END 0x00100000
>
> and I did try marking the ISA range RO in mark_rodata_ro() but the
> machine wouldn't boot after. So I'm guessing BIOS needs to write
> there some crap.

Do you have a commit, I could test. My board is supported by coreboot,
and maybe it boots, so I can check, if the warning is gone.


Kind regards,

Paul

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature