From patchwork Wed Mar 30 22:06:32 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 88985 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 994D8B6EEA for ; Thu, 31 Mar 2011 09:06:48 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Q53XA-00086k-SK; Wed, 30 Mar 2011 22:06:36 +0000 Received: from smtp.outflux.net ([198.145.64.163]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Q53X8-000869-7L for kernel-team@lists.ubuntu.com; Wed, 30 Mar 2011 22:06:34 +0000 Received: from www.outflux.net (serenity-end.outflux.net [10.2.0.2]) by vinyl.outflux.net (8.14.3/8.14.3/Debian-9.1ubuntu1) with ESMTP id p2UM6WYu010987 for ; Wed, 30 Mar 2011 15:06:32 -0700 Date: Wed, 30 Mar 2011 15:06:32 -0700 From: Kees Cook To: kernel-team@lists.ubuntu.com Subject: [PATCH natty] UBUNTU: SAUCE: nx-emu: further clarify dmesg reporting Message-ID: <20110330220632.GA4050@outflux.net> MIME-Version: 1.0 Content-Disposition: inline Organization: Ubuntu X-MIMEDefang-Filter: outflux$Revision: 1.316 $ X-HELO: www.outflux.net X-Scanned-By: MIMEDefang 2.67 on 10.2.0.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com When booting a 32bit non-PAE kernel on a CPU that supports hardware NX, dmesg did not indicate that NX emulation was being used. This changes the dmesg reporting to be more clear. Warnings about lacking hardware NX remain, and the state of NX-emulation is reported when enabled. BugLink: https://launchpad.net/bugs/745181 Signed-off-by: Kees Cook --- arch/x86/mm/setup_nx.c | 28 +++++++++++++++++----------- 1 files changed, 17 insertions(+), 11 deletions(-) diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c index 4323de4..90c9eff 100644 --- a/arch/x86/mm/setup_nx.c +++ b/arch/x86/mm/setup_nx.c @@ -40,19 +40,12 @@ void __cpuinit x86_configure_nx(void) void __init x86_report_nx(void) { + int nx_emulation = 0; + if (!cpu_has_nx) { -#ifdef CONFIG_X86_32 - if (!disable_nx) - printk(KERN_INFO "NX (Execute Disable) protection: " - "approximated by x86 segment limits\n"); - else - printk(KERN_INFO "NX (Execute Disable) protection: " - "approximation disabled by kernel command " - "line option\n"); -#else printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " "missing in CPU!\n"); -#endif + nx_emulation = 1; } else { #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) if (disable_nx) { @@ -65,7 +58,20 @@ void __init x86_report_nx(void) #else /* 32bit non-PAE kernel, NX cannot be used */ printk(KERN_NOTICE "Notice: NX (Execute Disable) protection " - "cannot be enabled: non-PAE kernel!\n"); + "cannot be enabled in hardware: non-PAE kernel!\n"); + nx_emulation = 1; +#endif + } + + if (nx_emulation) { +#ifdef CONFIG_X86_32 + if (!disable_nx) + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximated by x86 segment limits\n"); + else + printk(KERN_INFO "NX (Execute Disable) protection: " + "approximation disabled by kernel command " + "line option\n"); #endif } }