From patchwork Wed Mar 30 23:06:55 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 88990 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 37A6DB6F2B for ; Thu, 31 Mar 2011 10:07:16 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Q54Tb-0005Pu-VN; Wed, 30 Mar 2011 23:07:00 +0000 Received: from smtp.outflux.net ([198.145.64.163]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Q54TY-0005PU-Ur for kernel-team@lists.ubuntu.com; Wed, 30 Mar 2011 23:06:57 +0000 Received: from www.outflux.net (serenity-end.outflux.net [10.2.0.2]) by vinyl.outflux.net (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p2UN6t0p020926 for ; Wed, 30 Mar 2011 16:06:55 -0700 Date: Wed, 30 Mar 2011 16:06:55 -0700 From: Kees Cook To: kernel-team@lists.ubuntu.com Subject: [PATCH maverick] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting Message-ID: <20110330230654.GB4050@outflux.net> MIME-Version: 1.0 Content-Disposition: inline Organization: Ubuntu X-MIMEDefang-Filter: outflux$Revision: 1.316 $ X-HELO: www.outflux.net X-Scanned-By: MIMEDefang 2.67 on 10.2.0.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com When booting a 32bit non-PAE kernel on a CPU that supports hardware NX, dmesg did not indicate that NX emulation was being used. This changes the dmesg reporting to be more clear. Warnings about lacking hardware NX remain, and the state of NX-emulation is reported when enabled. (Backported from Natty patch.) BugLink: https://launchpad.net/bugs/745181 Signed-off-by: Kees Cook Acked-by: Tim Gardner --- arch/x86/mm/setup_nx.c | 28 +++++++++++++++++----------- 1 files changed, 17 insertions(+), 11 deletions(-) diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c index f068676..64f2d6a 100644 --- a/arch/x86/mm/setup_nx.c +++ b/arch/x86/mm/setup_nx.c @@ -43,19 +43,12 @@ void __cpuinit x86_configure_nx(void) void __init x86_report_nx(void) { + int nx_emulation = 0; + if (!cpu_has_nx) { -#ifdef CONFIG_X86_32 - if (exec_shield) - printk(KERN_INFO "NX (Execute Disable) protection: " - "approximated by x86 segment limits\n"); - else - printk(KERN_INFO "NX (Execute Disable) protection: " - "approximation disabled by kernel command " - "line option\n"); -#else printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " "missing in CPU or disabled in BIOS!\n"); -#endif + nx_emulation = 1; } else { #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) if (disable_nx) { @@ -68,7 +61,20 @@ void __init x86_report_nx(void) #else /* 32bit non-PAE kernel, NX cannot be used */ printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " - "cannot be enabled: non-PAE kernel!\n"); + "cannot be enabled in hardware: non-PAE kernel!\n"); + nx_emulation = 1; +#endif + } + + if (nx_emulation) { +#ifdef CONFIG_X86_32 + if (exec_shield) + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximated by x86 segment limits\n"); + else + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximation disabled by kernel command " + "line option\n"); #endif } }