[PATCH] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker scripts are adjusted so .text always starts and end on a page boundary
2. Linker scripts are adjusted so .rodata and .data always starts and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
arch/x86/mm/init_32.c with actual functionality: NX is set for all
pages from _etext through _edata
4. mark_nxdata_nx() called from init_post(void) in init/main.c
The patch have been developed for Linux 2.6.30 x86 by Siarhei Liakh
and Xuxian Jiang .
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
diff --git a/arch/x86/include/asm/cacheflush.h
b/arch/x86/include/asm/cacheflush.h
index e55dfc1..cce364e 100644
--- a/arch/x86/include/asm/cacheflush.h
+++ b/arch/x86/include/asm/cacheflush.h
@@ -125,6 +125,7 @@ void clflush_cache_range(void *addr, unsigned int size);
#ifdef CONFIG_DEBUG_RODATA
void mark_rodata_ro(void);
+void mark_nxdata_nx(void);
extern const int rodata_test_data;
void set_kernel_text_rw(void);
void set_kernel_text_ro(void);
diff --git a/arch/x86/kernel/vmlinux_32.lds.S b/arch/x86/kernel/vmlinux_32.lds.S
index 62ad500..4041522 100644
--- a/arch/x86/kernel/vmlinux_32.lds.S
+++ b/arch/x86/kernel/vmlinux_32.lds.S
@@ -47,6 +47,7 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ . = ALIGN(PAGE_SIZE); /* .text should occupy whole number of pages */
_etext = .; /* End of text section */
} :text = 0x9090
@@ -93,6 +94,7 @@ SECTIONS
*(.data.read_mostly)
_edata = .; /* End of data section */
}
+ . = ALIGN(PAGE_SIZE); /* needed so we can set NX for .data */
. = ALIGN(THREAD_SIZE); /* init_task */
.data.init_task : AT(ADDR(.data.init_task) - LOAD_OFFSET) {
diff --git a/arch/x86/kernel/vmlinux_64.lds.S b/arch/x86/kernel/vmlinux_64.lds.S
index c874250..a60ce17 100644
--- a/arch/x86/kernel/vmlinux_64.lds.S
+++ b/arch/x86/kernel/vmlinux_64.lds.S
@@ -42,6 +42,7 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ . = ALIGN(PAGE_SIZE); /* .text should occupy whole number of pages */
_etext = .; /* End of text section */
} :text = 0x9090
@@ -61,6 +62,7 @@ SECTIONS
.data : AT(ADDR(.data) - LOAD_OFFSET) {
DATA_DATA
CONSTRUCTORS
+ . = ALIGN(PAGE_SIZE); /* needed so we can set NX for .data */
_edata = .; /* End of data section */
} :data
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
index 749559e..68163dc 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -1119,6 +1119,16 @@ void mark_rodata_ro(void)
set_pages_ro(virt_to_page(start), size >> PAGE_SHIFT);
#endif
}
+
+void mark_nxdata_nx(void)
+{
+ unsigned long start = PFN_ALIGN(_etext);
+ unsigned long size = PFN_ALIGN(_edata) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
+}
#endif
int __init reserve_bootmem_generic(unsigned long phys, unsigned long len,
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
index 1753e80..5b0843f 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
@@ -793,6 +793,15 @@ void mark_rodata_ro(void)
#endif
}
+void mark_nxdata_nx(void)
+{
+ unsigned long start = PFN_ALIGN(_etext);
+ unsigned long size = PFN_ALIGN(_edata) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
+}
#endif
int __init reserve_bootmem_generic(unsigned long phys, unsigned long len,
diff --git a/init/main.c b/init/main.c
index d721dad..6c0ee8b 100644
--- a/init/main.c
+++ b/init/main.c
@@ -93,6 +93,7 @@ static inline void acpi_early_init(void) { }
#endif
#ifndef CONFIG_DEBUG_RODATA
static inline void mark_rodata_ro(void) { }
+static inline void mark_nxdata_nx(void) { }
#endif
#ifdef CONFIG_TC
@@ -807,6 +808,7 @@ static noinline int init_post(void)
free_initmem();
unlock_kernel();
mark_rodata_ro();
+ mark_nxdata_nx();
system_state = SYSTEM_RUNNING;
numa_default_policy();
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
V4: fixed ifdef, removed credits from CREDITS
V5: fixed an address calculation bug in mark_nxdata_nx()
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 78d185d..83ae734 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -43,14 +43,14 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
- user PT_LOAD FLAGS(7); /* RWE */
- data.init PT_LOAD FLAGS(7); /* RWE */
+ user PT_LOAD FLAGS(6); /* RW_ */
+ data.init PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_SMP
- percpu PT_LOAD FLAGS(7); /* RWE */
+ percpu PT_LOAD FLAGS(6); /* RW_ */
#endif
- data.init2 PT_LOAD FLAGS(7); /* RWE */
+ data.init2 PT_LOAD FLAGS(6); /* RW_ */
#endif
note PT_NOTE FLAGS(0); /* ___ */
}
@@ -89,6 +89,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -151,6 +153,8 @@ SECTIONS
.data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
*(.data.read_mostly)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 0607119..7bfd411 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -423,9 +423,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -440,11 +441,29 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
#endif
}
+void mark_nxdata_nx(void)
+{
+#ifdef CONFIG_DEBUG_RODATA
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PAGE_ALIGN((unsigned long)(&_etext));
+ unsigned long size = PAGE_ALIGN((unsigned long)(&_end)) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_memory_nx(start, size >> PAGE_SHIFT);
+#endif
+}
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker script is adjusted so .text always starts and ends on a page boundary
> 2. Linker script is adjusted so .rodata and .data always start and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> functionality: NX is set for all pages from _etext through _end.
> 4. mark_nxdata_nx() called from free_initmem() (after init has been released)
> 5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
>
> The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
> and Xuxian Jiang .
>
> V1: initial patch for 2.6.30
> V2: patch for 2.6.31-rc7
> V3: moved all code into arch/x86, adjusted credits
> V4: fixed ifdef, removed credits from CREDITS
> V5: fixed an address calculation bug in mark_nxdata_nx()
> ---
>
> Signed-off-by: Siarhei Liakh
> Signed-off-by: Xuxian Jiang
That seems to fix the problem, thanks.
Acked-by: David Howells
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
> At this point I need some help and guidance on how to track down what
> exactly happens there, as I am not very familiar with what goes into
> .data and why are we trying to execute it.
Can't you add debug printk in the fault handler before any exception processing
Something like that.
Matthieu
[tip:x86/mm] x86, mm: NX protection for kernel data
>> At this point I need some help and guidance on how to track down what
>> exactly happens there, as I am not very familiar with what goes into
>> .data and why are we trying to execute it.
> Can't you add debug printk in the fault handler before any exception processing
>
> Something like that.
That does not really give any additional information. The message does
not show up in the output and the stack trace says that we are somehow
ended up in doublefault_fn.
any other ideas?
I really appreciate your help.
===========
...
[ 17.652000] BUG: unable to handle kernel NULL pointer dereference at 00000014
[ 17.652000] IP: [] vprintk+0x12/0x398
[ 17.652000] *pdpt = 00000000018e7001 *pde = 0000000000000000
[ 17.652000] Oops: 0000 [#1] SMP
[ 17.652000] last sysfs file:
[ 17.652000] Modules linked in:
[ 17.652000]
[ 17.652000] Pid: 314, comm: rcu_torture_rea Not tainted 2.6.33-tip+ #15 /
[ 17.652000] EIP: 0060:[] EFLAGS: 00004082 CPU: 0
[ 17.652000] EIP is at vprintk+0x12/0x398
[ 17.652000] EAX: c171dc07 EBX: c2802000 ECX: 00000000 EDX: 00000000
[ 17.652000] ESI: c18f1b90 EDI: 00000000 EBP: c18f1b74 ESP: c18f1b10
[ 17.652000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 17.652000] Process rcu_torture_rea (pid: 314, ti=c18f1000
task=f797c000 task.ti=f791a000)
[ 17.652000] Stack:
[ 17.652000] 00000000 00000000 c171dc07 00000000 00000000 00000000
00000000 00000000
[ 17.652000] <0> 00000000 00000000 00000000 00000000 00000000
00000000 00000000 00000000
[ 17.652000] <0> 00000000 00000000 00000000 00000000 00000000
00000000 c2802000 00000000
[ 17.652000] Call Trace:
[ 17.652000] [] ? printk+0xf/0x16
[ 17.652000] [] ? doublefault_fn+0x2b/0xd8
[ 17.652000] Code: 76 80 c1 e8 4e 8d 01 00 c7 05 f0 34 8f c1 00 00
00 00 e8 66 fc ff ff 5d c3 55 89 e5 57 56 53 83 ec 58 8b 45 08 89 45
a4 8b 75 0c <65> 8b 15 14 00 00 00 89 55 f0 31 d2 a1 a0 75 80 c1 89 45
a8 8b
[ 17.652000] EIP: [] vprintk+0x12/0x398 SS:ESP 0068:c18f1b10
[ 17.652000] CR2: 0000000000000014
[ 17.652000] ---[ end trace 6164e4a9acb59023 ]---
[ 17.656000] BUG: spinlock lockup on CPU#0, rcu_torture_rea/314, c2809800
[ 17.656000] Pid: 314, comm: rcu_torture_rea Tainted: G D
2.6.33-tip+ #15
[ 17.656000] Call Trace:
[ 17.656000] [] ? printk+0xf/0x16
[ 17.656000] [] do_raw_spin_lock+0xfb/0x126
[ 17.656000] [] _raw_spin_lock+0x22/0x2a
[ 17.656000] [] ? scheduler_tick+0x33/0x233
[ 17.656000] [] scheduler_tick+0x33/0x233
[ 17.656000] [] ? raise_softirq+0x43/0x50
[ 17.656000] [] update_process_times+0x3c/0x48
[ 17.656000] [] tick_periodic+0x66/0x72
[ 17.656000] [] tick_handle_periodic+0x19/0x71
[ 17.656000] [] smp_apic_timer_interrupt+0x6a/0x7d
[ 17.656000] [] apic_timer_interrupt+0x36/0x40
[ 17.656000] [] ? acct_collect+0x12e/0x134
[ 17.656000] [] ? _raw_spin_unlock_irq+0x22/0x26
[ 17.656000] [] ? _raw_spin_unlock_irq+0x24/0x26
[ 17.656000] [] acct_collect+0x12e/0x134
[ 17.656000] [] do_exit+0x187/0x625
[ 17.656000] [] ? kmsg_dump+0xff/0x113
[ 17.656000] [] ? oops_exit+0x2a/0x2f
[ 17.656000] [] oops_end+0x92/0x9a
[ 17.656000] [] no_context+0x15f/0x169
[ 17.656000] [] __bad_area_nosemaphore+0x152/0x15a
[ 17.656000] [] bad_area_nosemaphore+0xd/0x10
[ 17.656000] [] do_page_fault+0x199/0x30a
[ 17.656000] [] ? do_page_fault+0x0/0x30a
[ 17.656000] [] error_code+0x78/0x80
[ 17.656000] [] ? vprintk+0x12/0x398
[ 17.656000] [] printk+0xf/0x16
[ 17.656000] [] doublefault_fn+0x2b/0xd8
[ 17.656000] sending NMI to all CPUs:
[ 17.656000] NMI backtrace for cpu 0
[ 17.656000] Modules linked in:
[ 17.656000]
[ 17.656000] Pid: 314, comm: rcu_torture_rea Tainted: G D
2.6.33-tip+ #15 /
[ 17.656000] EIP: 0060:[] EFLAGS: 00000046 CPU: 0
[ 17.656000] EIP is at default_send_IPI_mask_logical+0xc3/0xdb
[ 17.656000] EAX: ffffb300 EBX: 01000000 ECX: c1011239 EDX: 00000c00
[ 17.656000] ESI: 00000002 EDI: 00000002 EBP: c18f1848 ESP: c18f1838
[ 17.656000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 17.656000] Process rcu_torture_rea (pid: 314, ti=c18f1000
task=f797c000 task.ti=f791a000)
[ 17.656000] Stack:
[ 17.656000] 00000800 08453000 00000000 c2809800 c18f1854 c101106a
08453000 c18f1864
[ 17.656000] <0> c1011739 c171c7e2 08453000 c18f189c c12758aa
c175c91e 00000000 f797c318
[ 17.656000] <0> 0000013a c2809800 f797c318 f797c000 08453000
00000001 c2809800 c2809800
[ 17.656000] Call Trace:
[ 17.656000] [] ? default_send_IPI_all+0x22/0x62
[ 17.656000] [] ? arch_trigger_all_cpu_backtrace+0x2b/0x4f
[ 17.656000] [] ? do_raw_spin_lock+0x100/0x126
[ 17.656000] [] ? _raw_spin_lock+0x22/0x2a
[ 17.656000] [] ? scheduler_tick+0x33/0x233
[ 17.656000] [] ? scheduler_tick+0x33/0x233
[ 17.656000] [] ? raise_softirq+0x43/0x50
[ 17.656000] [] ? update_process_times+0x3c/0x48
[ 17.656000] [] ? tick_periodic+0x66/0x72
[ 17.656000] [] ? tick_handle_periodic+0x19/0x71
[ 17.656000] [] ? smp_apic_timer_interrupt+0x6a/0x7d
[ 17.656000] [] ? apic_timer_interrupt+0x36/0x40
[ 17.656000] [] ? acct_collect+0x12e/0x134
[ 17.656000] [] ? _raw_spin_unlock_irq+0x22/0x26
[ 17.656000] [] ? _raw_spin_unlock_irq+0x24/0x26
[ 17.656000] [] ? acct_collect+0x12e/0x134
[ 17.656000] [] ? do_exit+0x187/0x625
[ 17.656000] [] ? kmsg_dump+0xff/0x113
[ 17.656000] [] ? oops_exit+0x2a/0x2f
[ 17.656000] [] ? oops_end+0x92/0x9a
[ 17.656000] [] ? no_context+0x15f/0x169
[ 17.656000] [] ? __bad_area_nosemaphore+0x152/0x15a
[ 17.656000] [] ? bad_area_nosemaphore+0xd/0x10
[ 17.656000] [] ? do_page_fault+0x199/0x30a
[ 17.656000] [] ? do_page_fault+0x0/0x30a
[ 17.656000] [] ? error_code+0x78/0x80
[ 17.656000] [] ? vprintk+0x12/0x398
[ 17.656000] [] ? printk+0xf/0x16
[ 17.656000] [] ? doublefault_fn+0x2b/0xd8
[ 17.656000] Code: 00 89 da 89 10 83 fe 02 74 07 8b 55 f0 09 f2 eb
06 8b 55 f0 80 ce 04 a1 2c 6c 80 c1 2d 00 3d 00 00 89 10 f7 c7 00 02
00 00 75 09 <57> 9d e8 0c 0c 04 00 eb 07 e8 9e 1a 04 00 57 9d 8d 65 f4
5b 5e
[ 17.656000] Call Trace:
[ 17.656000] [] default_send_IPI_all+0x22/0x62
[ 17.656000] [] arch_trigger_all_cpu_backtrace+0x2b/0x4f
[ 17.656000] [] do_raw_spin_lock+0x100/0x126
[ 17.656000] [] _raw_spin_lock+0x22/0x2a
[ 17.656000] [] ? scheduler_tick+0x33/0x233
[ 17.656000] [] scheduler_tick+0x33/0x233
[ 17.656000] [] ? raise_softirq+0x43/0x50
[ 17.656000] [] update_process_times+0x3c/0x48
[ 17.656000] [] tick_periodic+0x66/0x72
[ 17.656000] [] tick_handle_periodic+0x19/0x71
[ 17.656000] [] smp_apic_timer_interrupt+0x6a/0x7d
[ 17.656000] [] apic_timer_interrupt+0x36/0x40
[ 17.656000] [] ? acct_collect+0x12e/0x134
[ 17.656000] [] ? _raw_spin_unlock_irq+0x22/0x26
[ 17.656000] [] ? _raw_spin_unlock_irq+0x24/0x26
[ 17.656000] [] acct_collect+0x12e/0x134
[ 17.656000] [] do_exit+0x187/0x625
[ 17.656000] [] ? kmsg_dump+0xff/0x113
[ 17.656000] [] ? oops_exit+0x2a/0x2f
[ 17.656000] [] oops_end+0x92/0x9a
[ 17.656000] [] no_context+0x15f/0x169
[ 17.656000] [] __bad_area_nosemaphore+0x152/0x15a
[ 17.656000] [] bad_area_nosemaphore+0xd/0x10
[ 17.656000] [] do_page_fault+0x199/0x30a
[ 17.656000] [] ? do_page_fault+0x0/0x30a
[ 17.656000] [] error_code+0x78/0x80
[ 17.656000] [] ? vprintk+0x12/0x398
[ 17.656000] [] printk+0xf/0x16
[ 17.656000] [] doublefault_fn+0x2b/0xd8
[ 17.656000] Pid: 314, comm: rcu_torture_rea Tainted: G D
2.6.33-tip+ #15
[ 17.656000] Call Trace:
[ 17.656000] [] ? show_regs+0x1a/0x20
[ 17.656000] [] nmi_watchdog_tick+0xa3/0x181
[ 17.656000] [] do_nmi+0xc6/0x2d1
[ 17.656000] [] nmi_stack_correct+0x2f/0x34
[ 17.656000] [] ? default_send_IPI_mask_logical+0x46/0xdb
[ 17.656000] [] ? default_send_IPI_mask_logical+0xc3/0xdb
[ 17.656000] [] default_send_IPI_all+0x22/0x62
[ 17.656000] [] arch_trigger_all_cpu_backtrace+0x2b/0x4f
[ 17.656000] [] do_raw_spin_lock+0x100/0x126
[ 17.656000] [] _raw_spin_lock+0x22/0x2a
[ 17.656000] [] ? scheduler_tick+0x33/0x233
[ 17.656000] [] scheduler_tick+0x33/0x233
[ 17.656000] [] ? raise_softirq+0x43/0x50
[ 17.656000] [] update_process_times+0x3c/0x48
[ 17.656000] [] tick_periodic+0x66/0x72
[ 17.656000] [] tick_handle_periodic+0x19/0x71
[ 17.656000] [] smp_apic_timer_interrupt+0x6a/0x7d
[ 17.656000] [] apic_timer_interrupt+0x36/0x40
[ 17.656000] [] ? acct_collect+0x12e/0x134
[ 17.656000] [] ? _raw_spin_unlock_irq+0x22/0x26
[ 17.656000] [] ? _raw_spin_unlock_irq+0x24/0x26
[ 17.656000] [] acct_collect+0x12e/0x134
[ 17.656000] [] do_exit+0x187/0x625
[ 17.656000] [] ? kmsg_dump+0xff/0x113
[ 17.656000] [] ? oops_exit+0x2a/0x2f
[ 17.656000] [] oops_end+0x92/0x9a
[ 17.656000] [] no_context+0x15f/0x169
[ 17.656000] [] __bad_area_nosemaphore+0x152/0x15a
[ 17.656000] [] bad_area_nosemaphore+0xd/0x10
[ 17.656000] [] do_page_fault+0x199/0x30a
[ 17.656000] [] ? do_page_fault+0x0/0x30a
[ 17.656000] [] error_code+0x78/0x80
[ 17.656000] [] ? vprintk+0x12/0x398
[ 17.656000] [] printk+0xf/0x16
[ 17.656000] [] doublefault_fn+0x2b/0xd8
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
On Tue, Mar 2, 2010 at 12:51 PM, Siarhei Liakh wrote:
>>> At this point I need some help and guidance on how to track down what
>>> exactly happens there, as I am not very familiar with what goes into
>>> .data and why are we trying to execute it.
>> Can't you add debug printk in the fault handler before any exception processing
>>
>> Something like that.
>
> That does not really give any additional information. The message does
> not show up in the output and the stack trace says that we are somehow
> ended up in doublefault_fn.
Forgot to add one more thing: it looks like fault on instruction
prefetch is already taken care of in fault handlers and should
generate an appropriate message. The way I interpret the fact that
doublefault_fn is the one that prints out a message, is that main
fault handler is somehow dependent on .data being executable.... (but
this is pure speculation on my part at this point)...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
Siarhei Liakh wrote:
> @@ -440,11 +441,29 @@ void free_init_pages(char *what, unsigned long
> begin, unsigned long end)
Your mail client is word wrapping your patches.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
On Mon, 12 Oct 2009 21:03:17 -0400
Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker script is adjusted so .text always starts and ends on a
> page boundary 2. Linker script is adjusted so .rodata and .data
> always start and end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> functionality: NX is set for all pages from _etext through _end.
> 4. mark_nxdata_nx() called from free_initmem() (after init has been
> released) 5. free_init_pages() sets released memory NX in
> arch/x86/mm/init.c
>
> The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei
> Liakh and Xuxian Jiang .
>
I like doing this, but... maybe it is useful to have a diff of the
pagetable dump (PT_DUMP config option) to show the effect, in the
changelog. That'd be like the proof on the pudding...
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
* Arjan van de Ven wrote:
> On Mon, 12 Oct 2009 21:03:17 -0400
> Siarhei Liakh wrote:
>
> > This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> > (static) kernel data area as NX.
> > The following steps are taken to achieve this:
> > 1. Linker script is adjusted so .text always starts and ends on a
> > page boundary 2. Linker script is adjusted so .rodata and .data
> > always start and end on a page boundary
> > 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> > functionality: NX is set for all pages from _etext through _end.
> > 4. mark_nxdata_nx() called from free_initmem() (after init has been
> > released) 5. free_init_pages() sets released memory NX in
> > arch/x86/mm/init.c
> >
> > The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei
> > Liakh and Xuxian Jiang .
> >
>
> I like doing this, but... maybe it is useful to have a diff of the
> pagetable dump (PT_DUMP config option) to show the effect, in the
> changelog. That'd be like the proof on the pudding...
That's a good suggestion. Siarhei Liakh, mind doing that?
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
>> I like doing this, but... maybe it is useful to have a diff of the
>> pagetable dump (PT_DUMP config option) to show the effect, in the
>> changelog. That'd be like the proof on the pudding...
>
> That's a good suggestion. Siarhei Liakh, mind doing that?
Here you go:
===============================================
--- data_nx_pt_before.txt 2009-10-13 07:26:17.000000000 -0400
+++ data_nx_pt_after.txt 2009-10-13 07:26:46.000000000 -0400
@@ -2,12 +2,9 @@
0x00000000-0xc0000000 3G pmd
---[ Kernel Mapping ]---
0xc0000000-0xc0100000 1M RW GLB x pte
-0xc0100000-0xc048d000 3636K ro GLB x pte
-0xc048d000-0xc04d0000 268K RW GLB x pte
-0xc04d0000-0xc04d2000 8K RW GLB NX pte
-0xc04d2000-0xc04d3000 4K RW GLB x pte
-0xc04d3000-0xc0531000 376K RW GLB NX pte
-0xc0531000-0xc0600000 828K RW GLB x pte
+0xc0100000-0xc0381000 2564K ro GLB x pte
+0xc0381000-0xc048d000 1072K ro GLB NX pte
+0xc048d000-0xc0600000 1484K RW GLB NX pte
0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
0xf7800000-0xf79fe000 2040K RW GLB NX pte
0xf79fe000-0xf7a00000 8K pte
===============================================
Would you like me to re-post whole patch with this addition?
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
On Tue, 13 Oct 2009 07:35:28 -0400
Siarhei Liakh wrote:
> ---[ Kernel Mapping ]---
> 0xc0000000-0xc0100000 1M RW GLB x pte
> -0xc0100000-0xc048d000 3636K ro GLB x pte
> -0xc048d000-0xc04d0000 268K RW GLB x pte
> -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> -0xc04d2000-0xc04d3000 4K RW GLB x pte
> -0xc04d3000-0xc0531000 376K RW GLB NX pte
> -0xc0531000-0xc0600000 828K RW GLB x pte
> +0xc0100000-0xc0381000 2564K ro GLB x pte
> +0xc0381000-0xc048d000 1072K ro GLB NX pte
> +0xc048d000-0xc0600000 1484K RW GLB NX pte
> 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> 0xf79fe000-0xf7a00000 8K pte
> ===============================================
>
looks great to me; the result is
* kernel is ro + x
* rodata is ro + NX
* data is RW + NX
(and there is no "RW + x", other than the first megabyte... hmm. maybe
we need to look at that as well at some point)
Acked-by: Arjan van de Ven
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
* Arjan van de Ven wrote:
> On Tue, 13 Oct 2009 07:35:28 -0400
> Siarhei Liakh wrote:
>
> > ---[ Kernel Mapping ]---
> > 0xc0000000-0xc0100000 1M RW GLB x pte
> > -0xc0100000-0xc048d000 3636K ro GLB x pte
> > -0xc048d000-0xc04d0000 268K RW GLB x pte
> > -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> > -0xc04d2000-0xc04d3000 4K RW GLB x pte
> > -0xc04d3000-0xc0531000 376K RW GLB NX pte
> > -0xc0531000-0xc0600000 828K RW GLB x pte
> > +0xc0100000-0xc0381000 2564K ro GLB x pte
> > +0xc0381000-0xc048d000 1072K ro GLB NX pte
> > +0xc048d000-0xc0600000 1484K RW GLB NX pte
> > 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> > 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> > 0xf79fe000-0xf7a00000 8K pte
> > ===============================================
> >
>
> looks great to me; the result is
> * kernel is ro + x
> * rodata is ro + NX
> * data is RW + NX
>
> (and there is no "RW + x", other than the first megabyte... hmm. maybe
> we need to look at that as well at some point)
Could we cover the first megabyte too please via a (default-disabled)
option? Modern Xorg shouldnt mind about that anymore, right?
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
On Tue, 13 Oct 2009 16:15:27 +0200
Ingo Molnar wrote:
>
> * Arjan van de Ven wrote:
>
> > On Tue, 13 Oct 2009 07:35:28 -0400
> > Siarhei Liakh wrote:
> >
> > > ---[ Kernel Mapping ]---
> > > 0xc0000000-0xc0100000 1M RW GLB x pte
> > > -0xc0100000-0xc048d000 3636K ro GLB x pte
> > > -0xc048d000-0xc04d0000 268K RW GLB x pte
> > > -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> > > -0xc04d2000-0xc04d3000 4K RW GLB x pte
> > > -0xc04d3000-0xc0531000 376K RW GLB NX pte
> > > -0xc0531000-0xc0600000 828K RW GLB x pte
> > > +0xc0100000-0xc0381000 2564K ro GLB x pte
> > > +0xc0381000-0xc048d000 1072K ro GLB NX pte
> > > +0xc048d000-0xc0600000 1484K RW GLB NX pte
> > > 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> > > 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> > > 0xf79fe000-0xf7a00000 8K pte
> > > ===============================================
> > >
> >
> > looks great to me; the result is
> > * kernel is ro + x
> > * rodata is ro + NX
> > * data is RW + NX
> >
> > (and there is no "RW + x", other than the first megabyte... hmm.
> > maybe we need to look at that as well at some point)
>
> Could we cover the first megabyte too please via a (default-disabled)
> option? Modern Xorg shouldnt mind about that anymore, right?
just to be clear, for me this 1Mb is a seperate issue, and for a
separate patch.... the current patch is good as is.
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
On Tue, 13 Oct 2009 16:15:27 +0200
Ingo Molnar wrote:
>
> * Arjan van de Ven wrote:
>
> > On Tue, 13 Oct 2009 07:35:28 -0400
> > Siarhei Liakh wrote:
> >
> > > ---[ Kernel Mapping ]---
> > > 0xc0000000-0xc0100000 1M RW GLB x pte
> > > -0xc0100000-0xc048d000 3636K ro GLB x pte
> > > -0xc048d000-0xc04d0000 268K RW GLB x pte
> > > -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> > > -0xc04d2000-0xc04d3000 4K RW GLB x pte
> > > -0xc04d3000-0xc0531000 376K RW GLB NX pte
> > > -0xc0531000-0xc0600000 828K RW GLB x pte
> > > +0xc0100000-0xc0381000 2564K ro GLB x pte
> > > +0xc0381000-0xc048d000 1072K ro GLB NX pte
> > > +0xc048d000-0xc0600000 1484K RW GLB NX pte
> > > 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> > > 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> > > 0xf79fe000-0xf7a00000 8K pte
> > > ===============================================
> > >
> >
> > looks great to me; the result is
> > * kernel is ro + x
> > * rodata is ro + NX
> > * data is RW + NX
> >
> > (and there is no "RW + x", other than the first megabyte... hmm.
> > maybe we need to look at that as well at some point)
>
> Could we cover the first megabyte too please via a (default-disabled)
> option? Modern Xorg shouldnt mind about that anymore, right?
I'd be surprised if anything ever did; this is the *kernel* mapping of
the first megabyte, not some userspace mapping....
--
Arjan van de Ven Intel Open Source Technology Centre
For development, discussion and tips for power savings,
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
> I'd be surprised if anything ever did; this is the *kernel* mapping of
> the first megabyte, not some userspace mapping....
APM, BIOS32, EDD, PnPBIOS ..
However except for APM (which isn't generally needed on NX capable
devices or found on them) none of them are usually on critical paths
because EDD is just grovelling around sort of stuff, and BIOS32 isn't
generally used by the kernel anyway so could probably cope with flipping
the permissions on the low 1 MB each call.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
>> I'd be surprised if anything ever did; this is the *kernel* mapping of
>> the first megabyte, not some userspace mapping....
>
> APM, BIOS32, EDD, PnPBIOS ..
>
> However except for APM (which isn't generally needed on NX capable
> devices or found on them) none of them are usually on critical paths
> because EDD is just grovelling around sort of stuff, and BIOS32 isn't
> generally used by the kernel anyway so could probably cope with flipping
> the permissions on the low 1 MB each call.
Actually, I have posted a patch to fix RW+X problem with BIOS32 some
time ago. See my submission to LKML (and subsequent discussion) on Jul
19 2009 "[PATCH] x86: Reducing footprint of BIOS32 service mappings".
Nevertheless, that 1MB area is on my "to do" list, and I will be
patching it sooner or later (assuming I get my patches tested well
enough to get them accepted).
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V5] x86: NX protection for kernel data
* Siarhei Liakh wrote:
> >> I like doing this, but... maybe it is useful to have a diff of the
> >> pagetable dump (PT_DUMP config option) to show the effect, in the
> >> changelog. That'd be like the proof on the pudding...
> >
> > That's a good suggestion. Siarhei Liakh, mind doing that?
>
> Here you go:
> ===============================================
> --- data_nx_pt_before.txt 2009-10-13 07:26:17.000000000 -0400
> +++ data_nx_pt_after.txt 2009-10-13 07:26:46.000000000 -0400
> @@ -2,12 +2,9 @@
> 0x00000000-0xc0000000 3G pmd
> ---[ Kernel Mapping ]---
> 0xc0000000-0xc0100000 1M RW GLB x pte
> -0xc0100000-0xc048d000 3636K ro GLB x pte
> -0xc048d000-0xc04d0000 268K RW GLB x pte
> -0xc04d0000-0xc04d2000 8K RW GLB NX pte
> -0xc04d2000-0xc04d3000 4K RW GLB x pte
> -0xc04d3000-0xc0531000 376K RW GLB NX pte
> -0xc0531000-0xc0600000 828K RW GLB x pte
> +0xc0100000-0xc0381000 2564K ro GLB x pte
> +0xc0381000-0xc048d000 1072K ro GLB NX pte
> +0xc048d000-0xc0600000 1484K RW GLB NX pte
> 0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
> 0xf7800000-0xf79fe000 2040K RW GLB NX pte
> 0xf79fe000-0xf7a00000 8K pte
> ===============================================
>
> Would you like me to re-post whole patch with this addition?
Yep, v6 with Arjan's ack (once he sends it) would be handy.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
On Sun, 19 Jul 2009, Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker scripts are adjusted so .text always starts and end on a page boundary
> 2. Linker scripts are adjusted so .rodata and .data always starts and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
> arch/x86/mm/init_32.c with actual functionality: NX is set for all
> pages from _etext through _edata
Please avoid adding the identical function to both files.
arch/x86/mm/init.c is the correct place.
Thanks,
tglx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
> Please avoid adding the identical function to both files.
> arch/x86/mm/init.c is the correct place.
Will do.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
On Sun, 19 Jul 2009 15:43:06 -0400
Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker scripts are adjusted so .text always starts and end on a
> page boundary 2. Linker scripts are adjusted so .rodata and .data
> always starts and end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
> arch/x86/mm/init_32.c with actual functionality: NX is set for all
> pages from _etext through _edata
> 4. mark_nxdata_nx() called from init_post(void) in init/main.c
>
> The patch have been developed for Linux 2.6.30 x86 by Siarhei Liakh
> and Xuxian Jiang .
I like the idea, and am happy to see the lack of ifdefs ;)
I wonder if we should have a testcase for this though similar to
how stackprotector and rodata get tested already....
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
On Sun, Jul 19, 2009 at 4:18 PM, Arjan van de Ven wrote:
> On Sun, 19 Jul 2009 15:43:06 -0400
> Siarhei Liakh wrote:
>
>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>> (static) kernel data area as NX.
>> The following steps are taken to achieve this:
>> 1. Linker scripts are adjusted so .text always starts and end on a
>> page boundary 2. Linker scripts are adjusted so .rodata and .data
>> always starts and end on a page boundary
>> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
>> arch/x86/mm/init_32.c with actual functionality: NX is set for all
>> pages from _etext through _edata
>> 4. mark_nxdata_nx() called from init_post(void) in init/main.c
>>
>> The patch have been developed for Linux 2.6.30 x86 by Siarhei Liakh
>> and Xuxian Jiang .
>
> I like the idea, and am happy to see the lack of ifdefs ;)
I was thinking about ifdefs, but could not find a place to put them in ;)
> I wonder if we should have a testcase for this though similar to
> how stackprotector and rodata get tested already....
We probably should. In addition, after looking at the code for a
while, it seems to me that the proper place to enable protection would
be kernel_physical_mapping_init(). This way the kernel could enjoy
protection from the very beginning of init, instead of turning it on
at the end.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V3] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
diff --git a/CREDITS b/CREDITS
index 1a41bf4..a24b669 100644
--- a/CREDITS
+++ b/CREDITS
@@ -1657,6 +1657,13 @@ N: Niels Kristian Bech Jensen
E: nkbj1970@hotmail.com
D: Miscellaneous kernel updates and fixes.
+N: Xuxian Jiang
+E: jiang@cs.ncsu.edu
+D: RO/NX protection for static kernel and LKMs
+S: North Carolina State University
+S: Raleigh, North Carolina
+S: USA
+
N: Michael K. Johnson
E: johnsonm@redhat.com
W: http://www.redhat.com/~johnsonm
@@ -2068,6 +2075,13 @@ S: Post Office Box 371
S: North Little Rock, Arkansas 72115
S: USA
+N: Siarhei Liakh
+E: sliakh.lkml@gmail.com
+D: RO/NX protection for static kernel and LKMs
+S: North Carolina State University
+S: Raleigh, North Carolina
+S: USA
+
N: Stephan Linz
E: linz@mazet.de
E: Stephan.Linz@gmx.de
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 78d185d..1b036e3 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -43,7 +43,7 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
user PT_LOAD FLAGS(7); /* RWE */
data.init PT_LOAD FLAGS(7); /* RWE */
@@ -89,6 +89,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -151,6 +153,8 @@ SECTIONS
.data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
*(.data.read_mostly)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 0607119..9091bc0 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -423,9 +423,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -440,11 +441,31 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
#endif
}
+#ifndef CONFIG_DEBUG_RODATA
+static inline void mark_nxdata_nx(void) { }
+#else
+void mark_nxdata_nx(void)
+{
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PFN_ALIGN(_etext);
+ unsigned long size = PFN_ALIGN(_end) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
+}
+#endif
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V4] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
V4: fixed ifdef, removed credits from CREDITS
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 78d185d..1b036e3 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -43,7 +43,7 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
user PT_LOAD FLAGS(7); /* RWE */
data.init PT_LOAD FLAGS(7); /* RWE */
@@ -89,6 +89,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -151,6 +153,8 @@ SECTIONS
.data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
*(.data.read_mostly)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 0607119..522e81b 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -423,9 +423,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -440,11 +441,29 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
#endif
}
+void mark_nxdata_nx(void)
+{
+#ifdef CONFIG_DEBUG_RODATA
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PFN_ALIGN(_etext);
+ unsigned long size = PFN_ALIGN(_end) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
+#endif
+}
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
Hi,
> > looking for c17ebdb8 in system.map points to a location in pgd_lock:
> > ============================================
> > $grep c17ebd System.map
> > c17ebd68 d bios_check_work
> > c17ebda8 d highmem_pages
> > c17ebdac D pgd_lock
> > c17ebdc8 D pgd_list
> > c17ebdd0 D show_unhandled_signals
> > c17ebdd4 d cpa_lock
> > c17ebdf0 d memtype_lock
> > ============================================
> >
> > I've looked at the lock debugging and could not find any place that
> > would look like an attempt to execute data. This would lead me to
> > think that calling set_memory_nx from kernel_init somehow confuses the
> > lock debugging subsystem, or set_memory_nx does not change page
> > attributes in a safe manner (for example when a lock is stored inside
> > the page whose attributes are being changed).
>
> I've done some extra debugging and it really does look like the crash
> happens when we are setting NX on a large page which has pgd_lock
> inside it.
>
> Here is a trace of printk's that I added to troubleshoot this issue:
> =========================
> [ 3.072003] try_preserve_large_page - enter
> [ 3.073185] try_preserve_large_page - address: 0xc1600000
> [ 3.074513] try_preserve_large_page - 2M page
> [ 3.075606] try_preserve_large_page - about to call static_protections
> [ 3.076000] try_preserve_large_page - back from static_protections
> [ 3.076000] try_preserve_large_page - past loop
> [ 3.076000] try_preserve_large_page - new_prot != old_prot
> [ 3.076000] try_preserve_large_page - the address is aligned and
> the number of pages covers the full range
> [ 3.076000] try_preserve_large_page - about to call __set_pmd_pte
> [ 3.076000] __set_pmd_pte - enter
> [ 3.076000] __set_pmd_pte - address: 0xc1600000
> [ 3.076000] __set_pmd_pte - about to call
> set_pte_atomic(*0xc18c0058(low=0x16001e3, high=0x0), (low=0x16001e1,
> high=0x80000000))
> [lock-up here]
> =========================
>
This may be stupid but :
0xc1600000 2MB page is in 0xc1600000-0xc1800000 range. pgd_lock (0xc17ebdac) seems to be in that range.
You change attribute from (low=0x16001e3, high=0x0) to (low=0x16001e1, high=0x80000000). IE you set
NX bit (bit 63), but you also clear R/W bit (bit 2). So the page become read only, but you are using a lock
inside this page that need RW access. So you got a page fault.
Now I don't know what should be done.
Is that normal we set the page RO ?
Matthieu
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
On Sat, Mar 13, 2010 at 8:12 AM, matthieu castet
wrote:
> Hi,
>
>> > looking for c17ebdb8 in system.map points to a location in pgd_lock:
>> > ============================================
>> > $grep c17ebd System.map
>> > c17ebd68 d bios_check_work
>> > c17ebda8 d highmem_pages
>> > c17ebdac D pgd_lock
>> > c17ebdc8 D pgd_list
>> > c17ebdd0 D show_unhandled_signals
>> > c17ebdd4 d cpa_lock
>> > c17ebdf0 d memtype_lock
>> > ============================================
>> >
>> > I've looked at the lock debugging and could not find any place that
>> > would look like an attempt to execute data. This would lead me to
>> > think that calling set_memory_nx from kernel_init somehow confuses the
>> > lock debugging subsystem, or set_memory_nx does not change page
>> > attributes in a safe manner (for example when a lock is stored inside
>> > the page whose attributes are being changed).
>>
>> I've done some extra debugging and it really does look like the crash
>> happens when we are setting NX on a large page which has pgd_lock
>> inside it.
>>
>> Here is a trace of printk's that I added to troubleshoot this issue:
>> =========================
>> [ 3.072003] try_preserve_large_page - enter
>> [ 3.073185] try_preserve_large_page - address: 0xc1600000
>> [ 3.074513] try_preserve_large_page - 2M page
>> [ 3.075606] try_preserve_large_page - about to call static_protections
>> [ 3.076000] try_preserve_large_page - back from static_protections
>> [ 3.076000] try_preserve_large_page - past loop
>> [ 3.076000] try_preserve_large_page - new_prot != old_prot
>> [ 3.076000] try_preserve_large_page - the address is aligned and
>> the number of pages covers the full range
>> [ 3.076000] try_preserve_large_page - about to call __set_pmd_pte
>> [ 3.076000] __set_pmd_pte - enter
>> [ 3.076000] __set_pmd_pte - address: 0xc1600000
>> [ 3.076000] __set_pmd_pte - about to call
>> set_pte_atomic(*0xc18c0058(low=0x16001e3, high=0x0), (low=0x16001e1,
>> high=0x80000000))
>> [lock-up here]
>> =========================
>>
[...]
> 0xc1600000 2MB page is in 0xc1600000-0xc1800000 range. pgd_lock
> (0xc17ebdac) seems to be in that range.
That's what I was thinking...
> You change attribute from (low=0x16001e3, high=0x0) to (low=0x16001e1,
> high=0x80000000). IE you set
> NX bit (bit 63), but you also clear R/W bit (bit 2). So the page become read
> only, but you are using a lock
> inside this page that need RW access. So you got a page fault.
Yes, that would do it.
> Now I don't know what should be done.
> Is that normal we set the page RO ?
No, this page should not be RO, as it contains kernel's RW data.
The interesting part is that the call that initiates the change is
set_memory_nx(), so it should not be clearing RW bit... The
interesting part is that the kernel does not crash with lock debugging
disabled.
Thanks for your help.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
On Mon, Mar 15, 2010 at 2:20 PM, Siarhei Liakh wrote:
> On Sat, Mar 13, 2010 at 8:12 AM, matthieu castet
> wrote:
>> Hi,
>>
>>> > looking for c17ebdb8 in system.map points to a location in pgd_lock:
>>> > ============================================
>>> > $grep c17ebd System.map
>>> > c17ebd68 d bios_check_work
>>> > c17ebda8 d highmem_pages
>>> > c17ebdac D pgd_lock
>>> > c17ebdc8 D pgd_list
>>> > c17ebdd0 D show_unhandled_signals
>>> > c17ebdd4 d cpa_lock
>>> > c17ebdf0 d memtype_lock
>>> > ============================================
[ . . . ]
>>> Here is a trace of printk's that I added to troubleshoot this issue:
>>> =========================
>>> [ 3.072003] try_preserve_large_page - enter
>>> [ 3.073185] try_preserve_large_page - address: 0xc1600000
>>> [ 3.074513] try_preserve_large_page - 2M page
>>> [ 3.075606] try_preserve_large_page - about to call static_protections
>>> [ 3.076000] try_preserve_large_page - back from static_protections
>>> [ 3.076000] try_preserve_large_page - past loop
>>> [ 3.076000] try_preserve_large_page - new_prot != old_prot
>>> [ 3.076000] try_preserve_large_page - the address is aligned and
>>> the number of pages covers the full range
>>> [ 3.076000] try_preserve_large_page - about to call __set_pmd_pte
>>> [ 3.076000] __set_pmd_pte - enter
>>> [ 3.076000] __set_pmd_pte - address: 0xc1600000
>>> [ 3.076000] __set_pmd_pte - about to call
>>> set_pte_atomic(*0xc18c0058(low=0x16001e3, high=0x0), (low=0x16001e1,
>>> high=0x80000000))
>>> [lock-up here]
>>> =========================
>>>
[...]
>> 0xc1600000 2MB page is in 0xc1600000-0xc1800000 range. pgd_lock
>> (0xc17ebdac) seems to be in that range.
[ . . . ]
>> You change attribute from (low=0x16001e3, high=0x0) to (low=0x16001e1,
>> high=0x80000000). IE you set
>> NX bit (bit 63), but you also clear R/W bit (bit 2). So the page become read
>> only, but you are using a lock
>> inside this page that need RW access. So you got a page fault.
[ . . . ]
>> Now I don't know what should be done.
>> Is that normal we set the page RO ?
>
> No, this page should not be RO, as it contains kernel's RW data.
> The interesting part is that the call that initiates the change is
> set_memory_nx(), so it should not be clearing RW bit... The
> interesting part is that the kernel does not crash with lock debugging
> disabled.
Turns out that address is indeed within .rodata range, so
static_protections() flips RW bit to 0:
[ 0.000000] Memory: 889320k/914776k available (5836k kernel code,
25064k reserved, 2564k data, 540k init, 0k highmem)
[ 0.000000] virtual kernel memory layout:
[ 0.000000] fixmap : 0xffd58000 - 0xfffff000 (2716 kB)
[ 0.000000] vmalloc : 0xf8556000 - 0xffd56000 ( 120 MB)
[ 0.000000] lowmem : 0xc0000000 - 0xf7d56000 ( 893 MB)
[ 0.000000] .init : 0xc1834000 - 0xc18bb000 ( 540 kB)
[ 0.000000] .data : 0xc15b3000 - 0xc1834000 (2564 kB)
[ 0.000000] .rodata : 0xc15b4000 - 0xc17e3000 (2236 kB)
[ 0.000000] .text : 0xc1000000 - 0xc15b3000 (5836 kB)
[ 0.000000] pgd_lock address: 0xc17ebdac
[...]
[ 3.496969] try_preserve_large_page - enter
[ 3.500004] try_preserve_large_page - address: 0xc1600000
[ 3.501730] try_preserve_large_page - 2M page
[ 3.503100] try_preserve_large_page - NX:1 RW:1
[ 3.504000] try_preserve_large_page - about to call static_protections
[ 3.504000] static_protections - .rodata PFN:0x1600 VA:0xc1600000
[ 3.504000] try_preserve_large_page - back from static_protections
[ 3.504000] try_preserve_large_page - NX:1 RW:0
So, her is what we have:
1. RO-data is at 0xc15b4000 - 0xc17e3000
2. pgd_lock is at 0xc17ebdac
3. single large page maps tail end of RO-data, and a head of RW-data,
including pgd_lock
4. static_protections says that 0xc1600000 - 0xc17e2000 should be
read-only, and that is true
5. However, try_preserve_large_page assumes that whole large page is
RO since whole requested RO-range fits within the page (0xc1600000 -
0xc1800000) -- FALSE. The problem is that try_preserve_large_page()
never checks static_protections() for the remainder of the page, which
is wrong.
The bug seems to be in the following piece of code (arch/x86/mm/pageattr.c:434):
================================================
/*
* We need to check the full range, whether
* static_protection() requires a different pgprot for one of
* the pages in the range we try to preserve:
*/
addr = address + PAGE_SIZE;
pfn++;
for (i = 1; i < cpa->numpages; i++, addr += PAGE_SIZE, pfn++) {
pgprot_t chk_prot = static_protections(new_prot, addr, pfn);
if (pgprot_val(chk_prot) != pgprot_val(new_prot))
goto out_unlock;
}
================================================
It seems to me that the for loop needs to run for EACH small page
within large page, instead of just from addr through cpa->numpages:
================================================
- addr = address + PAGE_SIZE;
- pfn++;
- for (i = 1; i < cpa->numpages; i++, addr += PAGE_SIZE, pfn++) {
+ addr = address & pmask;
+ pfn = pte_pfn(old_pte);
+ for ( i = 0; i < (psize >> PAGE_SHIFT); i++, addr +=
PAGE_SIZE, pfn++) {
pgprot_t chk_prot = static_protections(new_prot, addr, pfn);
if (pgprot_val(chk_prot) != pgprot_val(new_prot))
goto out_unlock;
}
================================================
Further, I do not think that the conditions for "whole-pageness" are
correct (arch/x86/mm/pageattr.c:457)
================================================
/*
* We need to change the attributes. Check, whether we can
* change the large page in one go. We request a split, when
* the address is not aligned and the number of pages is
* smaller than the number of pages in the large page. Note
* that we limited the number of possible pages already to
* the number of pages in the large page.
*/
- if (address == (nextpage_addr - psize) && cpa->numpages == numpages) {
+ if (address == (address & pmask) && cpa->numpages == (psize
>> PAGE_SHIFT)) {
/*
* The address is aligned and the number of pages
* covers the full page.
*/
new_pte = pfn_pte(pte_pfn(old_pte), canon_pgprot(new_prot));
__set_pmd_pte(kpte, address, new_pte);
cpa->flags |= CPA_FLUSHTLB;
do_split = 0;
}
================================================
Please let me know if this makes any sense, and I will submit a proper patch.
Thank you.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V4] x86: NX protection for kernel data
Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker script is adjusted so .text always starts and ends on a page boundary
> 2. Linker script is adjusted so .rodata and .data always start and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> functionality: NX is set for all pages from _etext through _end.
> 4. mark_nxdata_nx() called from free_initmem() (after init has been released)
> 5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
>
> The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
> and Xuxian Jiang .
>
> V1: initial patch for 2.6.30
> V2: patch for 2.6.31-rc7
> V3: moved all code into arch/x86, adjusted credits
> V4: fixed ifdef, removed credits from CREDITS
This patch makes my test box throw a BUG when applied to Linus's latest tree
(2.6.32-rc1 by GIT tag, if not by Makefile) and also to 2.6.31. I've included
the kernel config below the kernel log output.
David
---
BUG: unable to handle kernel paging request at ffff880001543000
IP: [] clear_page_c+0x7/0x10
PGD 1002063 PUD 1006063 PMD 80000000014001e1
Oops: 0003 [#2] SMP
last sysfs file: /sys/block/sdb/dev
CPU 1
Modules linked in:
Pid: 991, comm: sh Tainted: G D 2.6.31-cachefs #12
RIP: 0010:[] [] clear_page_c+0x7/0x10
RSP: 0000:ffff88003e1e5cc0 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000200
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880001543000
RBP: ffff88003e1e5d88 R08: 0000000000000000 R09: 0000000000000040
R10: 00000000000004d1 R11: 000000000003882d R12: ffffea000004a6a8
R13: 000000000004a6a8 R14: ffff880000000000 R15: 0000000000000000
FS: 00007f02105b66f0(0000) GS:ffff880001da1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff880001543000 CR3: 000000003cffa000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sh (pid: 991, threadinfo ffff88003e1e4000, task ffff88003cffc040)
Stack:
ffffffff81084b16 0000000000000000 00000000000200da 0000000000000001
<0> 0000000100000000 0000000000000001 00000000ffffffff 0000000000000002
<0> 0000000300000246 0000000000000000 ffffffff814e11c8 ffffffff814dff00
Call Trace:
[] ? get_page_from_freelist+0x3e1/0x4ae
[] ? find_get_page+0x0/0xc7
[] __alloc_pages_nodemask+0x11e/0x584
[] ? _spin_unlock+0x26/0x2b
[] handle_mm_fault+0x1cd/0x643
[] ? do_page_fault+0xd0/0x1f8
[] ? down_read_trylock+0x3f/0x4b
[] ? do_page_fault+0xd0/0x1f8
[] do_page_fault+0x1e3/0x1f8
[] page_fault+0x1f/0x30
Code: 11 48 ff c7 e8 77 ff ff ff 85 c0 75 0a 48 f7 1b eb 05 e8 69 ff ff ff 5b c9 c3 90 90 90 90 90 90 90 90 90 90 b9 00 02 00 00 31 c0 48 ab c3 0f 1f 44 00 00 eb ee 0f 1f 84 00 00 00 00 00 0f 1f
RIP [] clear_page_c+0x7/0x10
RSP
CR2: ffff880001543000
---[ end trace b12ab63f5ac61c59 ]---
note: sh[991] exited with preempt_count 1
/bin/sh: line 2: 991 Killed /etc/rc.d/rc.sysinit
init: rcS main process (989) terminated with status 137
BUG: unable to handle kernel paging request at ffff880001536000
IP: [] copy_page_c+0x5/0x10
PGD 1002063 PUD 1006063 PMD 80000000014001e1
Oops: 0003 [#3] SMP
last sysfs file: /sys/block/sdb/dev
CPU 0
Modules linked in:
Pid: 992, comm: sh Tainted: G D 2.6.31-cachefs #12
RIP: 0010:[] [] copy_page_c+0x5/0x10
RSP: 0000:ffff88003e1e5de0 EFLAGS: 00010286
RAX: ffff880000000000 RBX: ffff88003e22cb08 RCX: 0000000000000200
RDX: 6db6db6db6db6db7 RSI: ffff88003c715000 RDI: ffff880001536000
RBP: ffff88003e1e5e68 R08: 0000000000000010 R09: 0000000000000000
R10: ffffffff814dff00 R11: ffffffff814dff50 R12: ffffea0000d38c98
R13: ffff88003e20f9a8 R14: ffffea000004a3d0 R15: ffff88003cd29018
FS: 00007feaed80f6f0(0000) GS:ffff880001d89000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff880001536000 CR3: 000000003cd3f000 CR4: 00000000000006f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sh (pid: 992, threadinfo ffff88003e1e4000, task ffff88003e09b040)
Stack:
ffffffff81091ef4 ffff88003cd68620 ffff880000000000 01000000006c4b48
<0> 800000003c715065 00000000006c4b48 ffff88003cd68620 ffff88003e20fa70
<0> ffff88003cd68620 ffff88003e20f9a8 00000000006c4b48 ffff88003e1e5e68
Call Trace:
[] ? do_wp_page+0x433/0x631
[] handle_mm_fault+0x5eb/0x643
[] ? do_page_fault+0xd0/0x1f8
[] ? do_page_fault+0xd0/0x1f8
[] do_page_fault+0x1e3/0x1f8
[] page_fault+0x1f/0x30
Code: 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 b9 00 02 00 00 48 a5 c3 0f 1f 80 00 00 00 00 eb ee 0f 1f 84 00 00 00 00 00
RIP [] copy_page_c+0x5/0x10
RSP
CR2: ffff880001536000
---[ end trace b12ab63f5ac61c5a ]---
BUG: unable to handle kernel paging request at ffff880001542000
IP: [] copy_page_c+0x5/0x10
PGD 1002063 PUD 1006063 PMD 80000000014001e1
Oops: 0003 [#4] SMP
last sysfs file: /sys/block/sdb/dev
CPU 1
Modules linked in:
Pid: 994, comm: sh Tainted: G D 2.6.31-cachefs #12
RIP: 0010:[] [] copy_page_c+0x5/0x10
RSP: 0000:ffff88003cfa3de0 EFLAGS: 00010286
RAX: ffff880000000000 RBX: ffff88003e27d388 RCX: 0000000000000200
RDX: 6db6db6db6db6db7 RSI: ffff88003c7f2000 RDI: ffff880001542000
RBP: ffff88003cfa3e68 R08: 0000000000000000 R09: 0000000000000040
R10: 00000000000004d1 R11: 0000000000038852 R12: ffffea0000d3bcf0
R13: ffff88003e20e8c8 R14: ffffea000004a670 R15: ffff88003cd85b60
FS: 00007feaed80f6f0(0000) GS:ffff880001da1000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: ffff880001542000 CR3: 000000003cd2e000 CR4: 00000000000006e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
Process sh (pid: 994, threadinfo ffff88003cfa2000, task ffff88003cffc040)
Stack:
ffffffff81091ef4 ffff88003cd34080 ffff880000000000 01007feaed810315
<0> 800000003c7f2065 00007feaed810315 ffff88003cd34080 ffff88003e20e990
<0> ffff88003cd34080 ffff88003e20e8c8 00007feaed810315 ffff88003cfa3e68
Call Trace:
[] ? do_wp_page+0x433/0x631
[] handle_mm_fault+0x5eb/0x643
[] ? do_page_fault+0xd0/0x1f8
[] ? do_page_fault+0xd0/0x1f8
[] do_page_fault+0x1e3/0x1f8
[] page_fault+0x1f/0x30
Code: 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00 00 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 b9 00 02 00 00 48 a5 c3 0f 1f 80 00 00 00 00 eb ee 0f 1f 84 00 00 00 00 00
RIP [] copy_page_c+0x5/0x10
RSP
CR2: ffff880001542000
---[ end trace b12ab63f5ac61c5b ]---
note: sh[994] exited with preempt_count 2
BUG: scheduling while atomic: sh/994/0x10000002
INFO: lockdep is turned off.
Modules linked in:
Pid: 994, comm: sh Tainted: G D 2.6.31-cachefs #12
Call Trace:
[] ? __debug_show_held_locks+0x1b/0x24
[] __schedule_bug+0x6d/0x72
[] schedule+0xcd/0x86a
[] ? kfree_debugcheck+0x11/0x2c
[] __cond_resched+0x2d/0x56
[] _cond_resched+0x27/0x32
[] put_files_struct+0x6a/0xb3
[] exit_files+0x46/0x4f
[] do_exit+0x1de/0x679
[] oops_end+0x89/0x8e
[] no_context+0x1f1/0x200
[] __bad_area_nosemaphore+0x1a6/0x1cc
[] ? trace_hardirqs_on+0xd/0xf
[] bad_area_nosemaphore+0xe/0x10
[] do_page_fault+0xf9/0x1f8
[] page_fault+0x1f/0x30
[] ? copy_page_c+0x5/0x10
[] ? do_wp_page+0x433/0x631
[] handle_mm_fault+0x5eb/0x643
[] ? do_page_fault+0xd0/0x1f8
[] ? do_page_fault+0xd0/0x1f8
[] do_page_fault+0x1e3/0x1f8
[] page_fault+0x1f/0x30
note: sh[992] exited with preempt_count 2
init: rcS post-stop process (992) killed by KILL signal
---
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.32-rc2
# Wed Sep 30 08:51:30 2009
#
CONFIG_64BIT=y
# CONFIG_X86_32 is not set
CONFIG_X86_64=y
CONFIG_X86=y
CONFIG_OUTPUT_FORMAT="elf64-x86-64"
CONFIG_ARCH_DEFCONFIG="arch/x86/configs/x86_64_defconfig"
CONFIG_GENERIC_TIME=y
CONFIG_GENERIC_CMOS_UPDATE=y
CONFIG_CLOCKSOURCE_WATCHDOG=y
CONFIG_GENERIC_CLOCKEVENTS=y
CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
CONFIG_LOCKDEP_SUPPORT=y
CONFIG_STACKTRACE_SUPPORT=y
CONFIG_HAVE_LATENCYTOP_SUPPORT=y
CONFIG_FAST_CMPXCHG_LOCAL=y
CONFIG_MMU=y
CONFIG_ZONE_DMA=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_IOMAP=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_GENERIC_SPINLOCK=y
# CONFIG_RWSEM_XCHGADD_ALGORITHM is not set
CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_GENERIC_TIME_VSYSCALL=y
CONFIG_ARCH_HAS_CPU_RELAX=y
CONFIG_ARCH_HAS_DEFAULT_IDLE=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y
CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y
CONFIG_HAVE_CPUMASK_OF_CPU_MAP=y
CONFIG_ARCH_HIBERNATION_POSSIBLE=y
CONFIG_ARCH_SUSPEND_POSSIBLE=y
CONFIG_ZONE_DMA32=y
CONFIG_ARCH_POPULATES_NODE_MAP=y
CONFIG_AUDIT_ARCH=y
CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y
CONFIG_HAVE_INTEL_TXT=y
CONFIG_GENERIC_HARDIRQS=y
CONFIG_GENERIC_HARDIRQS_NO__DO_IRQ=y
CONFIG_GENERIC_IRQ_PROBE=y
CONFIG_GENERIC_PENDING_IRQ=y
CONFIG_USE_GENERIC_SMP_HELPERS=y
CONFIG_X86_64_SMP=y
CONFIG_X86_HT=y
CONFIG_X86_TRAMPOLINE=y
# CONFIG_KTIME_SCALAR is not set
CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
CONFIG_CONSTRUCTORS=y
#
# General setup
#
CONFIG_EXPERIMENTAL=y
CONFIG_LOCK_KERNEL=y
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_LOCALVERSION="-cachefs"
# CONFIG_LOCALVERSION_AUTO is not set
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
CONFIG_HAVE_KERNEL_LZMA=y
CONFIG_KERNEL_GZIP=y
# CONFIG_KERNEL_BZIP2 is not set
# CONFIG_KERNEL_LZMA is not set
CONFIG_SWAP=y
CONFIG_SYSVIPC=y
CONFIG_SYSVIPC_SYSCTL=y
CONFIG_POSIX_MQUEUE=y
CONFIG_POSIX_MQUEUE_SYSCTL=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_TASKSTATS=y
CONFIG_TASK_DELAY_ACCT=y
CONFIG_TASK_XACCT=y
CONFIG_TASK_IO_ACCOUNTING=y
CONFIG_AUDIT=y
CONFIG_AUDITSYSCALL=y
CONFIG_AUDIT_TREE=y
#
# RCU Subsystem
#
CONFIG_TREE_RCU=y
# CONFIG_TREE_PREEMPT_RCU is not set
# CONFIG_RCU_TRACE is not set
CONFIG_RCU_FANOUT=64
# CONFIG_RCU_FANOUT_EXACT is not set
# CONFIG_TREE_RCU_TRACE is not set
# CONFIG_IKCONFIG is not set
CONFIG_LOG_BUF_SHIFT=15
CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
CONFIG_GROUP_SCHED=y
CONFIG_FAIR_GROUP_SCHED=y
# CONFIG_RT_GROUP_SCHED is not set
CONFIG_USER_SCHED=y
# CONFIG_CGROUP_SCHED is not set
CONFIG_CGROUPS=y
CONFIG_CGROUP_DEBUG=y
CONFIG_CGROUP_NS=y
# CONFIG_CGROUP_FREEZER is not set
CONFIG_CGROUP_DEVICE=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
# CONFIG_CGROUP_CPUACCT is not set
# CONFIG_RESOURCE_COUNTERS is not set
CONFIG_SYSFS_DEPRECATED=y
CONFIG_SYSFS_DEPRECATED_V2=y
# CONFIG_RELAY is not set
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
# CONFIG_IPC_NS is not set
CONFIG_USER_NS=y
# CONFIG_PID_NS is not set
# CONFIG_NET_NS is not set
CONFIG_BLK_DEV_INITRD=y
CONFIG_INITRAMFS_SOURCE=""
CONFIG_RD_GZIP=y
CONFIG_RD_BZIP2=y
CONFIG_RD_LZMA=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
# CONFIG_EMBEDDED is not set
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
# CONFIG_KALLSYMS_EXTRA_PASS is not set
CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
CONFIG_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
CONFIG_SIGNALFD=y
CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
CONFIG_HAVE_PERF_EVENTS=y
#
# Kernel Performance Events And Counters
#
# CONFIG_PERF_EVENTS is not set
# CONFIG_PERF_COUNTERS is not set
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_PCI_QUIRKS=y
CONFIG_COMPAT_BRK=y
CONFIG_SLAB=y
# CONFIG_SLUB is not set
# CONFIG_SLOB is not set
# CONFIG_PROFILING is not set
CONFIG_HAVE_OPROFILE=y
# CONFIG_KPROBES is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
CONFIG_HAVE_ARCH_TRACEHOOK=y
CONFIG_HAVE_DMA_ATTRS=y
CONFIG_HAVE_DMA_API_DEBUG=y
#
# GCOV-based kernel profiling
#
# CONFIG_GCOV_KERNEL is not set
CONFIG_SLOW_WORK=y
# CONFIG_HAVE_GENERIC_DMA_COHERENT is not set
CONFIG_SLABINFO=y
CONFIG_RT_MUTEXES=y
CONFIG_BASE_SMALL=0
CONFIG_MODULES=y
# CONFIG_MODULE_FORCE_LOAD is not set
CONFIG_MODULE_UNLOAD=y
# CONFIG_MODULE_FORCE_UNLOAD is not set
# CONFIG_MODVERSIONS is not set
# CONFIG_MODULE_SRCVERSION_ALL is not set
CONFIG_STOP_MACHINE=y
CONFIG_BLOCK=y
CONFIG_BLK_DEV_BSG=y
# CONFIG_BLK_DEV_INTEGRITY is not set
CONFIG_BLOCK_COMPAT=y
#
# IO Schedulers
#
CONFIG_IOSCHED_NOOP=y
CONFIG_IOSCHED_AS=y
CONFIG_IOSCHED_DEADLINE=y
CONFIG_IOSCHED_CFQ=y
CONFIG_DEFAULT_AS=y
# CONFIG_DEFAULT_DEADLINE is not set
# CONFIG_DEFAULT_CFQ is not set
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="anticipatory"
CONFIG_FREEZER=y
#
# Processor type and features
#
# CONFIG_NO_HZ is not set
# CONFIG_HIGH_RES_TIMERS is not set
CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
CONFIG_SMP=y
CONFIG_X86_X2APIC=y
# CONFIG_SPARSE_IRQ is not set
CONFIG_X86_MPPARSE=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
# CONFIG_SCHED_OMIT_FRAME_POINTER is not set
# CONFIG_PARAVIRT_GUEST is not set
# CONFIG_MEMTEST is not set
# CONFIG_M386 is not set
# CONFIG_M486 is not set
# CONFIG_M586 is not set
# CONFIG_M586TSC is not set
# CONFIG_M586MMX is not set
# CONFIG_M686 is not set
# CONFIG_MPENTIUMII is not set
# CONFIG_MPENTIUMIII is not set
# CONFIG_MPENTIUMM is not set
# CONFIG_MPENTIUM4 is not set
# CONFIG_MK6 is not set
# CONFIG_MK7 is not set
# CONFIG_MK8 is not set
# CONFIG_MCRUSOE is not set
# CONFIG_MEFFICEON is not set
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP3D is not set
# CONFIG_MGEODEGX1 is not set
# CONFIG_MGEODE_LX is not set
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_MVIAC7 is not set
# CONFIG_MPSC is not set
CONFIG_MCORE2=y
# CONFIG_MATOM is not set
# CONFIG_GENERIC_CPU is not set
CONFIG_X86_CPU=y
CONFIG_X86_L1_CACHE_BYTES=64
CONFIG_X86_INTERNODE_CACHE_BYTES=64
CONFIG_X86_CMPXCHG=y
CONFIG_X86_L1_CACHE_SHIFT=6
CONFIG_X86_WP_WORKS_OK=y
CONFIG_X86_INTEL_USERCOPY=y
CONFIG_X86_USE_PPRO_CHECKSUM=y
CONFIG_X86_P6_NOP=y
CONFIG_X86_TSC=y
CONFIG_X86_CMPXCHG64=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_CPU_SUP_AMD=y
CONFIG_CPU_SUP_CENTAUR=y
# CONFIG_X86_DS is not set
CONFIG_HPET_TIMER=y
CONFIG_HPET_EMULATE_RTC=y
CONFIG_DMI=y
CONFIG_GART_IOMMU=y
# CONFIG_CALGARY_IOMMU is not set
# CONFIG_AMD_IOMMU is not set
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
CONFIG_IOMMU_API=y
# CONFIG_MAXSMP is not set
CONFIG_NR_CPUS=2
# CONFIG_SCHED_SMT is not set
# CONFIG_SCHED_MC is not set
CONFIG_PREEMPT_NONE=y
# CONFIG_PREEMPT_VOLUNTARY is not set
# CONFIG_PREEMPT is not set
CONFIG_X86_LOCAL_APIC=y
CONFIG_X86_IO_APIC=y
# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
CONFIG_X86_MCE=y
CONFIG_X86_MCE_INTEL=y
# CONFIG_X86_MCE_AMD is not set
CONFIG_X86_MCE_THRESHOLD=y
# CONFIG_X86_MCE_INJECT is not set
CONFIG_X86_THERMAL_VECTOR=y
# CONFIG_I8K is not set
# CONFIG_MICROCODE is not set
CONFIG_X86_MSR=y
CONFIG_X86_CPUID=y
# CONFIG_X86_CPU_DEBUG is not set
CONFIG_ARCH_PHYS_ADDR_T_64BIT=y
CONFIG_DIRECT_GBPAGES=y
# CONFIG_NUMA is not set
CONFIG_ARCH_PROC_KCORE_TEXT=y
CONFIG_ARCH_SPARSEMEM_DEFAULT=y
CONFIG_ARCH_SPARSEMEM_ENABLE=y
CONFIG_ARCH_SELECT_MEMORY_MODEL=y
CONFIG_SELECT_MEMORY_MODEL=y
# CONFIG_FLATMEM_MANUAL is not set
# CONFIG_DISCONTIGMEM_MANUAL is not set
CONFIG_SPARSEMEM_MANUAL=y
CONFIG_SPARSEMEM=y
CONFIG_HAVE_MEMORY_PRESENT=y
CONFIG_SPARSEMEM_EXTREME=y
CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y
CONFIG_SPARSEMEM_VMEMMAP=y
#
# Memory hotplug is currently incompatible with Software Suspend
#
CONFIG_PAGEFLAGS_EXTENDED=y
CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
CONFIG_HAVE_MLOCK=y
CONFIG_HAVE_MLOCKED_PAGE_BIT=y
# CONFIG_KSM is not set
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
# CONFIG_MEMORY_FAILURE is not set
# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
# CONFIG_X86_RESERVE_LOW_64K is not set
CONFIG_MTRR=y
# CONFIG_MTRR_SANITIZER is not set
CONFIG_X86_PAT=y
CONFIG_ARCH_USES_PG_UNCACHED=y
# CONFIG_EFI is not set
CONFIG_SECCOMP=y
# CONFIG_CC_STACKPROTECTOR is not set
# CONFIG_HZ_100 is not set
CONFIG_HZ_250=y
# CONFIG_HZ_300 is not set
# CONFIG_HZ_1000 is not set
CONFIG_HZ=250
# CONFIG_SCHED_HRTICK is not set
# CONFIG_KEXEC is not set
# CONFIG_CRASH_DUMP is not set
CONFIG_PHYSICAL_START=0x1000000
# CONFIG_RELOCATABLE is not set
CONFIG_PHYSICAL_ALIGN=0x1000000
CONFIG_HOTPLUG_CPU=y
CONFIG_COMPAT_VDSO=y
# CONFIG_CMDLINE_BOOL is not set
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
#
# Power management and ACPI options
#
CONFIG_ARCH_HIBERNATION_HEADER=y
CONFIG_PM=y
# CONFIG_PM_DEBUG is not set
CONFIG_PM_SLEEP_SMP=y
CONFIG_PM_SLEEP=y
CONFIG_SUSPEND=y
CONFIG_SUSPEND_FREEZER=y
CONFIG_HIBERNATION_NVS=y
CONFIG_HIBERNATION=y
CONFIG_PM_STD_PARTITION=""
# CONFIG_PM_RUNTIME is not set
CONFIG_ACPI=y
CONFIG_ACPI_SLEEP=y
# CONFIG_ACPI_PROCFS is not set
CONFIG_ACPI_PROCFS_POWER=y
CONFIG_ACPI_POWER_METER=y
CONFIG_ACPI_SYSFS_POWER=y
# CONFIG_ACPI_PROC_EVENT is not set
CONFIG_ACPI_AC=y
# CONFIG_ACPI_BATTERY is not set
CONFIG_ACPI_BUTTON=y
# CONFIG_ACPI_FAN is not set
CONFIG_ACPI_DOCK=y
CONFIG_ACPI_PROCESSOR=y
CONFIG_ACPI_HOTPLUG_CPU=y
CONFIG_ACPI_THERMAL=y
# CONFIG_ACPI_CUSTOM_DSDT is not set
CONFIG_ACPI_BLACKLIST_YEAR=0
CONFIG_ACPI_DEBUG=y
# CONFIG_ACPI_DEBUG_FUNC_TRACE is not set
# CONFIG_ACPI_PCI_SLOT is not set
CONFIG_X86_PM_TIMER=y
CONFIG_ACPI_CONTAINER=y
# CONFIG_ACPI_SBS is not set
# CONFIG_SFI is not set
#
# CPU Frequency scaling
#
CONFIG_CPU_FREQ=y
CONFIG_CPU_FREQ_TABLE=y
# CONFIG_CPU_FREQ_DEBUG is not set
CONFIG_CPU_FREQ_STAT=y
# CONFIG_CPU_FREQ_STAT_DETAILS is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_GOV_USERSPACE is not set
# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set
#
# CPUFreq processor drivers
#
# CONFIG_X86_ACPI_CPUFREQ is not set
# CONFIG_X86_POWERNOW_K8 is not set
CONFIG_X86_SPEEDSTEP_CENTRINO=y
# CONFIG_X86_P4_CLOCKMOD is not set
#
# shared options
#
# CONFIG_X86_SPEEDSTEP_LIB is not set
CONFIG_CPU_IDLE=y
CONFIG_CPU_IDLE_GOV_LADDER=y
#
# Memory power savings
#
# CONFIG_I7300_IDLE is not set
#
# Bus options (PCI etc.)
#
CONFIG_PCI=y
CONFIG_PCI_DIRECT=y
CONFIG_PCI_MMCONFIG=y
CONFIG_PCI_DOMAINS=y
CONFIG_DMAR=y
CONFIG_DMAR_DEFAULT_ON=y
CONFIG_DMAR_FLOPPY_WA=y
CONFIG_INTR_REMAP=y
CONFIG_PCIEPORTBUS=y
CONFIG_PCIEAER=y
# CONFIG_PCIE_ECRC is not set
# CONFIG_PCIEAER_INJECT is not set
# CONFIG_PCIEASPM is not set
CONFIG_ARCH_SUPPORTS_MSI=y
CONFIG_PCI_MSI=y
CONFIG_PCI_LEGACY=y
# CONFIG_PCI_DEBUG is not set
# CONFIG_PCI_STUB is not set
# CONFIG_HT_IRQ is not set
# CONFIG_PCI_IOV is not set
CONFIG_ISA_DMA_API=y
CONFIG_K8_NB=y
# CONFIG_PCCARD is not set
# CONFIG_HOTPLUG_PCI is not set
#
# Executable file formats / Emulations
#
CONFIG_BINFMT_ELF=y
CONFIG_COMPAT_BINFMT_ELF=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
# CONFIG_HAVE_AOUT is not set
CONFIG_BINFMT_MISC=y
CONFIG_IA32_EMULATION=y
# CONFIG_IA32_AOUT is not set
CONFIG_COMPAT=y
CONFIG_COMPAT_FOR_U64_ALIGNMENT=y
CONFIG_SYSVIPC_COMPAT=y
CONFIG_NET=y
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_UNIX=y
CONFIG_XFRM=y
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_XFRM_STATISTICS=y
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_NET_IPIP is not set
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
# CONFIG_INET_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set
# CONFIG_INET_XFRM_MODE_TUNNEL is not set
# CONFIG_INET_XFRM_MODE_BEET is not set
# CONFIG_INET_LRO is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set
# CONFIG_IPV6 is not set
CONFIG_NETLABEL=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NETFILTER=y
# CONFIG_NETFILTER_DEBUG is not set
CONFIG_NETFILTER_ADVANCED=y
#
# Core Netfilter Configuration
#
# CONFIG_NETFILTER_NETLINK_QUEUE is not set
# CONFIG_NETFILTER_NETLINK_LOG is not set
# CONFIG_NF_CONNTRACK is not set
CONFIG_NETFILTER_XTABLES=y
# CONFIG_NETFILTER_XT_TARGET_CLASSIFY is not set
# CONFIG_NETFILTER_XT_TARGET_MARK is not set
# CONFIG_NETFILTER_XT_TARGET_NFLOG is not set
# CONFIG_NETFILTER_XT_TARGET_NFQUEUE is not set
# CONFIG_NETFILTER_XT_TARGET_RATEEST is not set
# CONFIG_NETFILTER_XT_TARGET_SECMARK is not set
# CONFIG_NETFILTER_XT_TARGET_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_COMMENT is not set
# CONFIG_NETFILTER_XT_MATCH_DCCP is not set
# CONFIG_NETFILTER_XT_MATCH_DSCP is not set
# CONFIG_NETFILTER_XT_MATCH_ESP is not set
# CONFIG_NETFILTER_XT_MATCH_HASHLIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_HL is not set
# CONFIG_NETFILTER_XT_MATCH_IPRANGE is not set
# CONFIG_NETFILTER_XT_MATCH_LENGTH is not set
# CONFIG_NETFILTER_XT_MATCH_LIMIT is not set
# CONFIG_NETFILTER_XT_MATCH_MAC is not set
# CONFIG_NETFILTER_XT_MATCH_MARK is not set
# CONFIG_NETFILTER_XT_MATCH_MULTIPORT is not set
# CONFIG_NETFILTER_XT_MATCH_OWNER is not set
# CONFIG_NETFILTER_XT_MATCH_POLICY is not set
# CONFIG_NETFILTER_XT_MATCH_PKTTYPE is not set
# CONFIG_NETFILTER_XT_MATCH_QUOTA is not set
# CONFIG_NETFILTER_XT_MATCH_RATEEST is not set
# CONFIG_NETFILTER_XT_MATCH_REALM is not set
# CONFIG_NETFILTER_XT_MATCH_RECENT is not set
# CONFIG_NETFILTER_XT_MATCH_SCTP is not set
# CONFIG_NETFILTER_XT_MATCH_STATISTIC is not set
# CONFIG_NETFILTER_XT_MATCH_STRING is not set
# CONFIG_NETFILTER_XT_MATCH_TCPMSS is not set
# CONFIG_NETFILTER_XT_MATCH_TIME is not set
# CONFIG_NETFILTER_XT_MATCH_U32 is not set
# CONFIG_IP_VS is not set
#
# IP: Netfilter Configuration
#
# CONFIG_NF_DEFRAG_IPV4 is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_ADDRTYPE is not set
# CONFIG_IP_NF_MATCH_AH is not set
# CONFIG_IP_NF_MATCH_ECN is not set
# CONFIG_IP_NF_MATCH_TTL is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_TARGET_TTL is not set
# CONFIG_IP_NF_RAW is not set
# CONFIG_IP_NF_SECURITY is not set
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_RDS is not set
# CONFIG_TIPC is not set
# CONFIG_ATM is not set
# CONFIG_BRIDGE is not set
# CONFIG_NET_DSA is not set
# CONFIG_VLAN_8021Q is not set
# CONFIG_DECNET is not set
# CONFIG_LLC2 is not set
# CONFIG_IPX is not set
# CONFIG_ATALK is not set
# CONFIG_X25 is not set
# CONFIG_LAPB is not set
# CONFIG_ECONET is not set
# CONFIG_WAN_ROUTER is not set
# CONFIG_PHONET is not set
# CONFIG_IEEE802154 is not set
# CONFIG_NET_SCHED is not set
# CONFIG_DCB is not set
#
# Network testing
#
# CONFIG_NET_PKTGEN is not set
# CONFIG_HAMRADIO is not set
# CONFIG_CAN is not set
# CONFIG_IRDA is not set
# CONFIG_BT is not set
CONFIG_AF_RXRPC=m
CONFIG_AF_RXRPC_DEBUG=y
CONFIG_RXKAD=m
# CONFIG_WIRELESS is not set
# CONFIG_WIMAX is not set
# CONFIG_RFKILL is not set
# CONFIG_NET_9P is not set
#
# Device Drivers
#
#
# Generic Driver Options
#
CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
# CONFIG_DEVTMPFS is not set
CONFIG_STANDALONE=y
CONFIG_PREVENT_FIRMWARE_BUILD=y
CONFIG_FW_LOADER=y
# CONFIG_FIRMWARE_IN_KERNEL is not set
CONFIG_EXTRA_FIRMWARE=""
# CONFIG_DEBUG_DRIVER is not set
# CONFIG_DEBUG_DEVRES is not set
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_CONNECTOR is not set
# CONFIG_MTD is not set
# CONFIG_PARPORT is not set
CONFIG_PNP=y
# CONFIG_PNP_DEBUG_MESSAGES is not set
#
# Protocols
#
CONFIG_PNPACPI=y
CONFIG_BLK_DEV=y
# CONFIG_BLK_DEV_FD is not set
# CONFIG_BLK_CPQ_DA is not set
# CONFIG_BLK_CPQ_CISS_DA is not set
# CONFIG_BLK_DEV_DAC960 is not set
# CONFIG_BLK_DEV_UMEM is not set
# CONFIG_BLK_DEV_COW_COMMON is not set
CONFIG_BLK_DEV_LOOP=y
# CONFIG_BLK_DEV_CRYPTOLOOP is not set
# CONFIG_BLK_DEV_NBD is not set
# CONFIG_BLK_DEV_SX8 is not set
# CONFIG_BLK_DEV_UB is not set
# CONFIG_BLK_DEV_RAM is not set
# CONFIG_CDROM_PKTCDVD is not set
# CONFIG_ATA_OVER_ETH is not set
# CONFIG_BLK_DEV_HD is not set
CONFIG_MISC_DEVICES=y
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_SGI_IOC4 is not set
# CONFIG_TIFM_CORE is not set
# CONFIG_ICS932S401 is not set
# CONFIG_ENCLOSURE_SERVICES is not set
# CONFIG_HP_ILO is not set
# CONFIG_ISL29003 is not set
# CONFIG_C2PORT is not set
#
# EEPROM support
#
# CONFIG_EEPROM_AT24 is not set
# CONFIG_EEPROM_LEGACY is not set
# CONFIG_EEPROM_MAX6875 is not set
# CONFIG_EEPROM_93CX6 is not set
# CONFIG_CB710_CORE is not set
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
#
# SCSI device support
#
# CONFIG_RAID_ATTRS is not set
CONFIG_SCSI=y
CONFIG_SCSI_DMA=y
# CONFIG_SCSI_TGT is not set
# CONFIG_SCSI_NETLINK is not set
CONFIG_SCSI_PROC_FS=y
#
# SCSI support type (disk, tape, CD-ROM)
#
CONFIG_BLK_DEV_SD=y
# CONFIG_CHR_DEV_ST is not set
# CONFIG_CHR_DEV_OSST is not set
# CONFIG_BLK_DEV_SR is not set
# CONFIG_CHR_DEV_SG is not set
# CONFIG_CHR_DEV_SCH is not set
# CONFIG_SCSI_MULTI_LUN is not set
CONFIG_SCSI_CONSTANTS=y
# CONFIG_SCSI_LOGGING is not set
# CONFIG_SCSI_SCAN_ASYNC is not set
CONFIG_SCSI_WAIT_SCAN=m
#
# SCSI Transports
#
# CONFIG_SCSI_SPI_ATTRS is not set
# CONFIG_SCSI_FC_ATTRS is not set
# CONFIG_SCSI_ISCSI_ATTRS is not set
# CONFIG_SCSI_SAS_ATTRS is not set
# CONFIG_SCSI_SAS_LIBSAS is not set
# CONFIG_SCSI_SRP_ATTRS is not set
CONFIG_SCSI_LOWLEVEL=y
# CONFIG_ISCSI_TCP is not set
# CONFIG_SCSI_BNX2_ISCSI is not set
# CONFIG_BLK_DEV_3W_XXXX_RAID is not set
# CONFIG_SCSI_3W_9XXX is not set
# CONFIG_SCSI_ACARD is not set
# CONFIG_SCSI_AACRAID is not set
# CONFIG_SCSI_AIC7XXX is not set
# CONFIG_SCSI_AIC7XXX_OLD is not set
# CONFIG_SCSI_AIC79XX is not set
# CONFIG_SCSI_AIC94XX is not set
# CONFIG_SCSI_MVSAS is not set
# CONFIG_SCSI_DPT_I2O is not set
# CONFIG_SCSI_ADVANSYS is not set
# CONFIG_SCSI_ARCMSR is not set
# CONFIG_MEGARAID_NEWGEN is not set
# CONFIG_MEGARAID_LEGACY is not set
# CONFIG_MEGARAID_SAS is not set
# CONFIG_SCSI_MPT2SAS is not set
# CONFIG_SCSI_HPTIOP is not set
# CONFIG_SCSI_BUSLOGIC is not set
# CONFIG_LIBFC is not set
# CONFIG_LIBFCOE is not set
# CONFIG_FCOE is not set
# CONFIG_FCOE_FNIC is not set
# CONFIG_SCSI_DMX3191D is not set
# CONFIG_SCSI_EATA is not set
# CONFIG_SCSI_FUTURE_DOMAIN is not set
# CONFIG_SCSI_GDTH is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_SCSI_INITIO is not set
# CONFIG_SCSI_INIA100 is not set
# CONFIG_SCSI_STEX is not set
# CONFIG_SCSI_SYM53C8XX_2 is not set
# CONFIG_SCSI_IPR is not set
# CONFIG_SCSI_QLOGIC_1280 is not set
# CONFIG_SCSI_QLA_FC is not set
# CONFIG_SCSI_QLA_ISCSI is not set
# CONFIG_SCSI_LPFC is not set
# CONFIG_SCSI_DC395x is not set
# CONFIG_SCSI_DC390T is not set
# CONFIG_SCSI_DEBUG is not set
# CONFIG_SCSI_PMCRAID is not set
# CONFIG_SCSI_SRP is not set
# CONFIG_SCSI_DH is not set
# CONFIG_SCSI_OSD_INITIATOR is not set
CONFIG_ATA=y
# CONFIG_ATA_NONSTANDARD is not set
CONFIG_ATA_VERBOSE_ERROR=y
CONFIG_ATA_ACPI=y
# CONFIG_SATA_PMP is not set
CONFIG_SATA_AHCI=y
# CONFIG_SATA_SIL24 is not set
# CONFIG_ATA_SFF is not set
# CONFIG_MD is not set
# CONFIG_FUSION is not set
#
# IEEE 1394 (FireWire) support
#
#
# You can enable one or both FireWire driver stacks.
#
#
# See the help texts for more information.
#
# CONFIG_FIREWIRE is not set
# CONFIG_IEEE1394 is not set
# CONFIG_I2O is not set
# CONFIG_MACINTOSH_DRIVERS is not set
CONFIG_NETDEVICES=y
# CONFIG_DUMMY is not set
# CONFIG_BONDING is not set
# CONFIG_MACVLAN is not set
# CONFIG_EQUALIZER is not set
# CONFIG_TUN is not set
# CONFIG_VETH is not set
# CONFIG_NET_SB1000 is not set
# CONFIG_ARCNET is not set
# CONFIG_NET_ETHERNET is not set
CONFIG_NETDEV_1000=y
# CONFIG_ACENIC is not set
# CONFIG_DL2K is not set
# CONFIG_E1000 is not set
CONFIG_E1000E=y
# CONFIG_IP1000 is not set
# CONFIG_IGB is not set
# CONFIG_IGBVF is not set
# CONFIG_NS83820 is not set
# CONFIG_HAMACHI is not set
# CONFIG_YELLOWFIN is not set
# CONFIG_R8169 is not set
# CONFIG_SIS190 is not set
# CONFIG_SKGE is not set
# CONFIG_SKY2 is not set
# CONFIG_VIA_VELOCITY is not set
# CONFIG_TIGON3 is not set
# CONFIG_BNX2 is not set
# CONFIG_CNIC is not set
# CONFIG_QLA3XXX is not set
# CONFIG_ATL1 is not set
# CONFIG_ATL1E is not set
# CONFIG_ATL1C is not set
# CONFIG_JME is not set
# CONFIG_NETDEV_10000 is not set
# CONFIG_TR is not set
# CONFIG_WLAN is not set
#
# Enable WiMAX (Networking options) to see the WiMAX drivers
#
#
# USB Network Adapters
#
# CONFIG_USB_CATC is not set
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
# CONFIG_USB_USBNET is not set
# CONFIG_WAN is not set
# CONFIG_FDDI is not set
# CONFIG_HIPPI is not set
# CONFIG_PPP is not set
# CONFIG_SLIP is not set
# CONFIG_NET_FC is not set
# CONFIG_NETCONSOLE is not set
# CONFIG_NETPOLL is not set
# CONFIG_NET_POLL_CONTROLLER is not set
# CONFIG_ISDN is not set
# CONFIG_PHONE is not set
#
# Input device support
#
CONFIG_INPUT=y
# CONFIG_INPUT_FF_MEMLESS is not set
# CONFIG_INPUT_POLLDEV is not set
#
# Userland interfaces
#
CONFIG_INPUT_MOUSEDEV=y
CONFIG_INPUT_MOUSEDEV_PSAUX=y
CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
# CONFIG_INPUT_JOYDEV is not set
# CONFIG_INPUT_EVDEV is not set
# CONFIG_INPUT_EVBUG is not set
#
# Input Device Drivers
#
CONFIG_INPUT_KEYBOARD=y
# CONFIG_KEYBOARD_ADP5588 is not set
CONFIG_KEYBOARD_ATKBD=y
# CONFIG_QT2160 is not set
# CONFIG_KEYBOARD_LKKBD is not set
# CONFIG_KEYBOARD_MAX7359 is not set
# CONFIG_KEYBOARD_NEWTON is not set
# CONFIG_KEYBOARD_OPENCORES is not set
# CONFIG_KEYBOARD_STOWAWAY is not set
# CONFIG_KEYBOARD_SUNKBD is not set
# CONFIG_KEYBOARD_XTKBD is not set
CONFIG_INPUT_MOUSE=y
CONFIG_MOUSE_PS2=y
CONFIG_MOUSE_PS2_ALPS=y
CONFIG_MOUSE_PS2_LOGIPS2PP=y
CONFIG_MOUSE_PS2_SYNAPTICS=y
CONFIG_MOUSE_PS2_LIFEBOOK=y
CONFIG_MOUSE_PS2_TRACKPOINT=y
# CONFIG_MOUSE_PS2_ELANTECH is not set
# CONFIG_MOUSE_PS2_SENTELIC is not set
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
# CONFIG_MOUSE_SERIAL is not set
# CONFIG_MOUSE_APPLETOUCH is not set
# CONFIG_MOUSE_BCM5974 is not set
# CONFIG_MOUSE_VSXXXAA is not set
# CONFIG_MOUSE_SYNAPTICS_I2C is not set
# CONFIG_INPUT_JOYSTICK is not set
# CONFIG_INPUT_TABLET is not set
# CONFIG_INPUT_TOUCHSCREEN is not set
# CONFIG_INPUT_MISC is not set
#
# Hardware I/O ports
#
CONFIG_SERIO=y
CONFIG_SERIO_I8042=y
# CONFIG_SERIO_SERPORT is not set
# CONFIG_SERIO_CT82C710 is not set
# CONFIG_SERIO_PCIPS2 is not set
CONFIG_SERIO_LIBPS2=y
# CONFIG_SERIO_RAW is not set
# CONFIG_GAMEPORT is not set
#
# Character devices
#
CONFIG_VT=y
CONFIG_CONSOLE_TRANSLATIONS=y
CONFIG_VT_CONSOLE=y
CONFIG_HW_CONSOLE=y
# CONFIG_VT_HW_CONSOLE_BINDING is not set
CONFIG_DEVKMEM=y
# CONFIG_SERIAL_NONSTANDARD is not set
# CONFIG_NOZOMI is not set
#
# Serial drivers
#
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_PNP=y
CONFIG_SERIAL_8250_NR_UARTS=4
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
CONFIG_SERIAL_8250_EXTENDED=y
# CONFIG_SERIAL_8250_MANY_PORTS is not set
CONFIG_SERIAL_8250_SHARE_IRQ=y
# CONFIG_SERIAL_8250_DETECT_IRQ is not set
# CONFIG_SERIAL_8250_RSA is not set
#
# Non-8250 serial port support
#
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
# CONFIG_SERIAL_JSM is not set
CONFIG_UNIX98_PTYS=y
# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
CONFIG_LEGACY_PTYS=y
CONFIG_LEGACY_PTY_COUNT=256
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HW_RANDOM is not set
# CONFIG_NVRAM is not set
# CONFIG_R3964 is not set
# CONFIG_APPLICOM is not set
# CONFIG_MWAVE is not set
# CONFIG_PC8736x_GPIO is not set
# CONFIG_RAW_DRIVER is not set
# CONFIG_HPET is not set
# CONFIG_HANGCHECK_TIMER is not set
# CONFIG_TCG_TPM is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
CONFIG_I2C=y
CONFIG_I2C_BOARDINFO=y
CONFIG_I2C_COMPAT=y
CONFIG_I2C_CHARDEV=y
CONFIG_I2C_HELPER_AUTO=y
#
# I2C Hardware Bus support
#
#
# PC SMBus host controller drivers
#
# CONFIG_I2C_ALI1535 is not set
# CONFIG_I2C_ALI1563 is not set
# CONFIG_I2C_ALI15X3 is not set
# CONFIG_I2C_AMD756 is not set
# CONFIG_I2C_AMD8111 is not set
CONFIG_I2C_I801=y
# CONFIG_I2C_ISCH is not set
# CONFIG_I2C_PIIX4 is not set
# CONFIG_I2C_NFORCE2 is not set
# CONFIG_I2C_SIS5595 is not set
# CONFIG_I2C_SIS630 is not set
# CONFIG_I2C_SIS96X is not set
# CONFIG_I2C_VIA is not set
# CONFIG_I2C_VIAPRO is not set
#
# ACPI drivers
#
CONFIG_I2C_SCMI=y
#
# I2C system bus drivers (mostly embedded / system-on-chip)
#
# CONFIG_I2C_OCORES is not set
# CONFIG_I2C_SIMTEC is not set
#
# External I2C/SMBus adapter drivers
#
# CONFIG_I2C_PARPORT_LIGHT is not set
# CONFIG_I2C_TAOS_EVM is not set
# CONFIG_I2C_TINY_USB is not set
#
# Graphics adapter I2C/DDC channel drivers
#
# CONFIG_I2C_VOODOO3 is not set
#
# Other I2C/SMBus bus drivers
#
# CONFIG_I2C_PCA_PLATFORM is not set
# CONFIG_I2C_STUB is not set
#
# Miscellaneous I2C Chip support
#
# CONFIG_DS1682 is not set
# CONFIG_SENSORS_TSL2550 is not set
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_I2C_DEBUG_CHIP is not set
# CONFIG_SPI is not set
#
# PPS support
#
# CONFIG_PPS is not set
CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
# CONFIG_GPIOLIB is not set
# CONFIG_W1 is not set
CONFIG_POWER_SUPPLY=y
# CONFIG_POWER_SUPPLY_DEBUG is not set
# CONFIG_PDA_POWER is not set
# CONFIG_BATTERY_DS2760 is not set
# CONFIG_BATTERY_DS2782 is not set
# CONFIG_BATTERY_BQ27x00 is not set
# CONFIG_BATTERY_MAX17040 is not set
CONFIG_HWMON=y
# CONFIG_HWMON_VID is not set
# CONFIG_HWMON_DEBUG_CHIP is not set
#
# Native drivers
#
# CONFIG_SENSORS_ABITUGURU is not set
# CONFIG_SENSORS_ABITUGURU3 is not set
# CONFIG_SENSORS_AD7414 is not set
# CONFIG_SENSORS_AD7418 is not set
# CONFIG_SENSORS_ADM1021 is not set
# CONFIG_SENSORS_ADM1025 is not set
# CONFIG_SENSORS_ADM1026 is not set
# CONFIG_SENSORS_ADM1029 is not set
# CONFIG_SENSORS_ADM1031 is not set
# CONFIG_SENSORS_ADM9240 is not set
# CONFIG_SENSORS_ADT7462 is not set
# CONFIG_SENSORS_ADT7470 is not set
# CONFIG_SENSORS_ADT7473 is not set
# CONFIG_SENSORS_ADT7475 is not set
# CONFIG_SENSORS_K8TEMP is not set
# CONFIG_SENSORS_ASB100 is not set
# CONFIG_SENSORS_ATXP1 is not set
# CONFIG_SENSORS_DS1621 is not set
# CONFIG_SENSORS_I5K_AMB is not set
# CONFIG_SENSORS_F71805F is not set
# CONFIG_SENSORS_F71882FG is not set
# CONFIG_SENSORS_F75375S is not set
# CONFIG_SENSORS_FSCHMD is not set
# CONFIG_SENSORS_G760A is not set
# CONFIG_SENSORS_GL518SM is not set
# CONFIG_SENSORS_GL520SM is not set
CONFIG_SENSORS_CORETEMP=y
# CONFIG_SENSORS_IT87 is not set
# CONFIG_SENSORS_LM63 is not set
# CONFIG_SENSORS_LM75 is not set
# CONFIG_SENSORS_LM77 is not set
# CONFIG_SENSORS_LM78 is not set
# CONFIG_SENSORS_LM80 is not set
# CONFIG_SENSORS_LM83 is not set
# CONFIG_SENSORS_LM85 is not set
# CONFIG_SENSORS_LM87 is not set
# CONFIG_SENSORS_LM90 is not set
# CONFIG_SENSORS_LM92 is not set
# CONFIG_SENSORS_LM93 is not set
# CONFIG_SENSORS_LTC4215 is not set
# CONFIG_SENSORS_LTC4245 is not set
# CONFIG_SENSORS_LM95241 is not set
# CONFIG_SENSORS_MAX1619 is not set
# CONFIG_SENSORS_MAX6650 is not set
# CONFIG_SENSORS_PC87360 is not set
# CONFIG_SENSORS_PC87427 is not set
# CONFIG_SENSORS_PCF8591 is not set
# CONFIG_SENSORS_SIS5595 is not set
# CONFIG_SENSORS_DME1737 is not set
# CONFIG_SENSORS_SMSC47M1 is not set
# CONFIG_SENSORS_SMSC47M192 is not set
# CONFIG_SENSORS_SMSC47B397 is not set
# CONFIG_SENSORS_ADS7828 is not set
# CONFIG_SENSORS_THMC50 is not set
# CONFIG_SENSORS_TMP401 is not set
# CONFIG_SENSORS_TMP421 is not set
# CONFIG_SENSORS_VIA686A is not set
# CONFIG_SENSORS_VT1211 is not set
# CONFIG_SENSORS_VT8231 is not set
# CONFIG_SENSORS_W83781D is not set
# CONFIG_SENSORS_W83791D is not set
# CONFIG_SENSORS_W83792D is not set
# CONFIG_SENSORS_W83793 is not set
# CONFIG_SENSORS_W83L785TS is not set
# CONFIG_SENSORS_W83L786NG is not set
# CONFIG_SENSORS_W83627HF is not set
# CONFIG_SENSORS_W83627EHF is not set
# CONFIG_SENSORS_HDAPS is not set
# CONFIG_SENSORS_APPLESMC is not set
#
# ACPI drivers
#
# CONFIG_SENSORS_ATK0110 is not set
# CONFIG_SENSORS_LIS3LV02D is not set
CONFIG_THERMAL=y
CONFIG_THERMAL_HWMON=y
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
#
# Sonics Silicon Backplane
#
# CONFIG_SSB is not set
#
# Multifunction device drivers
#
# CONFIG_MFD_CORE is not set
# CONFIG_MFD_SM501 is not set
# CONFIG_HTC_PASIC3 is not set
# CONFIG_TWL4030_CORE is not set
# CONFIG_MFD_TMIO is not set
# CONFIG_PMIC_DA903X is not set
# CONFIG_MFD_WM8400 is not set
# CONFIG_MFD_WM831X is not set
# CONFIG_MFD_WM8350_I2C is not set
# CONFIG_MFD_PCF50633 is not set
# CONFIG_AB3100_CORE is not set
# CONFIG_REGULATOR is not set
# CONFIG_MEDIA_SUPPORT is not set
#
# Graphics support
#
CONFIG_AGP=y
CONFIG_AGP_AMD64=y
CONFIG_AGP_INTEL=y
# CONFIG_AGP_SIS is not set
# CONFIG_AGP_VIA is not set
CONFIG_VGA_ARB=y
# CONFIG_DRM is not set
# CONFIG_VGASTATE is not set
CONFIG_VIDEO_OUTPUT_CONTROL=y
CONFIG_FB=y
CONFIG_FIRMWARE_EDID=y
# CONFIG_FB_DDC is not set
# CONFIG_FB_BOOT_VESA_SUPPORT is not set
# CONFIG_FB_CFB_FILLRECT is not set
# CONFIG_FB_CFB_COPYAREA is not set
# CONFIG_FB_CFB_IMAGEBLIT is not set
# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
# CONFIG_FB_SYS_FILLRECT is not set
# CONFIG_FB_SYS_COPYAREA is not set
# CONFIG_FB_SYS_IMAGEBLIT is not set
# CONFIG_FB_FOREIGN_ENDIAN is not set
# CONFIG_FB_SYS_FOPS is not set
# CONFIG_FB_SVGALIB is not set
# CONFIG_FB_MACMODES is not set
# CONFIG_FB_BACKLIGHT is not set
CONFIG_FB_MODE_HELPERS=y
# CONFIG_FB_TILEBLITTING is not set
#
# Frame buffer hardware drivers
#
# CONFIG_FB_CIRRUS is not set
# CONFIG_FB_PM2 is not set
# CONFIG_FB_CYBER2000 is not set
# CONFIG_FB_ARC is not set
# CONFIG_FB_ASILIANT is not set
# CONFIG_FB_IMSTT is not set
# CONFIG_FB_VGA16 is not set
# CONFIG_FB_VESA is not set
# CONFIG_FB_N411 is not set
# CONFIG_FB_HGA is not set
# CONFIG_FB_S1D13XXX is not set
# CONFIG_FB_NVIDIA is not set
# CONFIG_FB_RIVA is not set
# CONFIG_FB_LE80578 is not set
# CONFIG_FB_MATROX is not set
# CONFIG_FB_RADEON is not set
# CONFIG_FB_ATY128 is not set
# CONFIG_FB_ATY is not set
# CONFIG_FB_S3 is not set
# CONFIG_FB_SAVAGE is not set
# CONFIG_FB_SIS is not set
# CONFIG_FB_VIA is not set
# CONFIG_FB_NEOMAGIC is not set
# CONFIG_FB_KYRO is not set
# CONFIG_FB_3DFX is not set
# CONFIG_FB_VOODOO1 is not set
# CONFIG_FB_VT8623 is not set
# CONFIG_FB_TRIDENT is not set
# CONFIG_FB_ARK is not set
# CONFIG_FB_PM3 is not set
# CONFIG_FB_CARMINE is not set
# CONFIG_FB_GEODE is not set
# CONFIG_FB_VIRTUAL is not set
# CONFIG_FB_METRONOME is not set
# CONFIG_FB_MB862XX is not set
# CONFIG_FB_BROADSHEET is not set
# CONFIG_BACKLIGHT_LCD_SUPPORT is not set
#
# Display device support
#
# CONFIG_DISPLAY_SUPPORT is not set
#
# Console display driver support
#
CONFIG_VGA_CONSOLE=y
# CONFIG_VGACON_SOFT_SCROLLBACK is not set
CONFIG_DUMMY_CONSOLE=y
# CONFIG_FRAMEBUFFER_CONSOLE is not set
# CONFIG_LOGO is not set
# CONFIG_SOUND is not set
CONFIG_HID_SUPPORT=y
CONFIG_HID=m
# CONFIG_HIDRAW is not set
#
# USB Input Devices
#
CONFIG_USB_HID=m
# CONFIG_HID_PID is not set
# CONFIG_USB_HIDDEV is not set
#
# Special HID drivers
#
CONFIG_HID_A4TECH=m
CONFIG_HID_APPLE=m
CONFIG_HID_BELKIN=m
CONFIG_HID_CHERRY=m
CONFIG_HID_CHICONY=m
CONFIG_HID_CYPRESS=m
CONFIG_HID_DRAGONRISE=m
# CONFIG_DRAGONRISE_FF is not set
CONFIG_HID_EZKEY=m
CONFIG_HID_KYE=m
CONFIG_HID_GYRATION=m
CONFIG_HID_TWINHAN=m
CONFIG_HID_KENSINGTON=m
CONFIG_HID_LOGITECH=m
# CONFIG_LOGITECH_FF is not set
# CONFIG_LOGIRUMBLEPAD2_FF is not set
CONFIG_HID_MICROSOFT=m
CONFIG_HID_MONTEREY=m
CONFIG_HID_NTRIG=m
CONFIG_HID_PANTHERLORD=m
# CONFIG_PANTHERLORD_FF is not set
CONFIG_HID_PETALYNX=m
CONFIG_HID_SAMSUNG=m
CONFIG_HID_SONY=m
CONFIG_HID_SUNPLUS=m
CONFIG_HID_GREENASIA=m
# CONFIG_GREENASIA_FF is not set
CONFIG_HID_SMARTJOYPLUS=m
# CONFIG_SMARTJOYPLUS_FF is not set
CONFIG_HID_TOPSEED=m
CONFIG_HID_THRUSTMASTER=m
# CONFIG_THRUSTMASTER_FF is not set
CONFIG_HID_ZEROPLUS=m
# CONFIG_ZEROPLUS_FF is not set
CONFIG_USB_SUPPORT=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB_ARCH_HAS_OHCI=y
CONFIG_USB_ARCH_HAS_EHCI=y
CONFIG_USB=m
# CONFIG_USB_DEBUG is not set
# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set
#
# Miscellaneous USB options
#
# CONFIG_USB_DEVICEFS is not set
CONFIG_USB_DEVICE_CLASS=y
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_SUSPEND is not set
# CONFIG_USB_OTG is not set
# CONFIG_USB_MON is not set
# CONFIG_USB_WUSB is not set
# CONFIG_USB_WUSB_CBAF is not set
#
# USB Host Controller Drivers
#
# CONFIG_USB_C67X00_HCD is not set
# CONFIG_USB_XHCI_HCD is not set
# CONFIG_USB_EHCI_HCD is not set
# CONFIG_USB_OXU210HP_HCD is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760_HCD is not set
# CONFIG_USB_ISP1362_HCD is not set
# CONFIG_USB_OHCI_HCD is not set
# CONFIG_USB_UHCI_HCD is not set
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set
# CONFIG_USB_WHCI_HCD is not set
# CONFIG_USB_HWA_HCD is not set
#
# Enable Host or Gadget support to see Inventra options
#
#
# USB Device Class drivers
#
# CONFIG_USB_ACM is not set
# CONFIG_USB_PRINTER is not set
# CONFIG_USB_WDM is not set
# CONFIG_USB_TMC is not set
#
# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
#
#
# also be needed; see USB_STORAGE Help for more info
#
# CONFIG_USB_STORAGE is not set
# CONFIG_USB_LIBUSUAL is not set
#
# USB Imaging devices
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
#
# USB port drivers
#
# CONFIG_USB_SERIAL is not set
#
# USB Miscellaneous drivers
#
# CONFIG_USB_EMI62 is not set
# CONFIG_USB_EMI26 is not set
# CONFIG_USB_ADUTUX is not set
# CONFIG_USB_SEVSEG is not set
# CONFIG_USB_RIO500 is not set
# CONFIG_USB_LEGOTOWER is not set
# CONFIG_USB_LCD is not set
# CONFIG_USB_BERRY_CHARGE is not set
# CONFIG_USB_LED is not set
# CONFIG_USB_CYPRESS_CY7C63 is not set
# CONFIG_USB_CYTHERM is not set
# CONFIG_USB_IDMOUSE is not set
# CONFIG_USB_FTDI_ELAN is not set
# CONFIG_USB_APPLEDISPLAY is not set
# CONFIG_USB_LD is not set
# CONFIG_USB_TRANCEVIBRATOR is not set
# CONFIG_USB_IOWARRIOR is not set
# CONFIG_USB_TEST is not set
# CONFIG_USB_ISIGHTFW is not set
# CONFIG_USB_VST is not set
# CONFIG_USB_GADGET is not set
#
# OTG and related infrastructure
#
# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_MEMSTICK is not set
# CONFIG_NEW_LEDS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
CONFIG_RTC_LIB=y
CONFIG_RTC_CLASS=y
CONFIG_RTC_HCTOSYS=y
CONFIG_RTC_HCTOSYS_DEVICE="rtc0"
# CONFIG_RTC_DEBUG is not set
#
# RTC interfaces
#
CONFIG_RTC_INTF_SYSFS=y
CONFIG_RTC_INTF_PROC=y
CONFIG_RTC_INTF_DEV=y
# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set
# CONFIG_RTC_DRV_TEST is not set
#
# I2C RTC drivers
#
# CONFIG_RTC_DRV_DS1307 is not set
# CONFIG_RTC_DRV_DS1374 is not set
# CONFIG_RTC_DRV_DS1672 is not set
# CONFIG_RTC_DRV_MAX6900 is not set
# CONFIG_RTC_DRV_RS5C372 is not set
# CONFIG_RTC_DRV_ISL1208 is not set
# CONFIG_RTC_DRV_X1205 is not set
# CONFIG_RTC_DRV_PCF8563 is not set
# CONFIG_RTC_DRV_PCF8583 is not set
# CONFIG_RTC_DRV_M41T80 is not set
# CONFIG_RTC_DRV_S35390A is not set
# CONFIG_RTC_DRV_FM3130 is not set
# CONFIG_RTC_DRV_RX8581 is not set
# CONFIG_RTC_DRV_RX8025 is not set
#
# SPI RTC drivers
#
#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=y
# CONFIG_RTC_DRV_DS1286 is not set
# CONFIG_RTC_DRV_DS1511 is not set
# CONFIG_RTC_DRV_DS1553 is not set
# CONFIG_RTC_DRV_DS1742 is not set
# CONFIG_RTC_DRV_STK17TA8 is not set
# CONFIG_RTC_DRV_M48T86 is not set
# CONFIG_RTC_DRV_M48T35 is not set
# CONFIG_RTC_DRV_M48T59 is not set
# CONFIG_RTC_DRV_BQ4802 is not set
# CONFIG_RTC_DRV_V3020 is not set
#
# on-CPU RTC drivers
#
# CONFIG_DMADEVICES is not set
# CONFIG_AUXDISPLAY is not set
# CONFIG_UIO is not set
#
# TI VLYNQ
#
# CONFIG_STAGING is not set
CONFIG_X86_PLATFORM_DEVICES=y
# CONFIG_ACERHDF is not set
# CONFIG_ASUS_LAPTOP is not set
# CONFIG_THINKPAD_ACPI is not set
# CONFIG_INTEL_MENLOW is not set
# CONFIG_ACPI_WMI is not set
# CONFIG_ACPI_ASUS is not set
# CONFIG_TOPSTAR_LAPTOP is not set
# CONFIG_ACPI_TOSHIBA is not set
#
# Firmware Drivers
#
# CONFIG_EDD is not set
CONFIG_FIRMWARE_MEMMAP=y
# CONFIG_DELL_RBU is not set
# CONFIG_DCDBAS is not set
CONFIG_DMIID=y
# CONFIG_ISCSI_IBFT_FIND is not set
#
# File systems
#
# CONFIG_EXT2_FS is not set
CONFIG_EXT3_FS=y
# CONFIG_EXT3_DEFAULTS_TO_ORDERED is not set
CONFIG_EXT3_FS_XATTR=y
CONFIG_EXT3_FS_POSIX_ACL=y
CONFIG_EXT3_FS_SECURITY=y
# CONFIG_EXT4_FS is not set
CONFIG_JBD=y
# CONFIG_JBD_DEBUG is not set
CONFIG_FS_MBCACHE=y
# CONFIG_REISERFS_FS is not set
# CONFIG_JFS_FS is not set
CONFIG_FS_POSIX_ACL=y
CONFIG_XFS_FS=y
# CONFIG_XFS_QUOTA is not set
CONFIG_XFS_POSIX_ACL=y
# CONFIG_XFS_RT is not set
# CONFIG_XFS_DEBUG is not set
# CONFIG_GFS2_FS is not set
# CONFIG_OCFS2_FS is not set
# CONFIG_BTRFS_FS is not set
# CONFIG_NILFS2_FS is not set
CONFIG_FILE_LOCKING=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY=y
CONFIG_INOTIFY_USER=y
CONFIG_QUOTA=y
# CONFIG_QUOTA_NETLINK_INTERFACE is not set
CONFIG_PRINT_QUOTA_WARNING=y
CONFIG_QUOTA_TREE=y
# CONFIG_QFMT_V1 is not set
CONFIG_QFMT_V2=y
CONFIG_QUOTACTL=y
# CONFIG_AUTOFS_FS is not set
# CONFIG_AUTOFS4_FS is not set
# CONFIG_FUSE_FS is not set
CONFIG_GENERIC_ACL=y
#
# Caches
#
CONFIG_FSCACHE=m
CONFIG_FSCACHE_STATS=y
CONFIG_FSCACHE_HISTOGRAM=y
CONFIG_FSCACHE_DEBUG=y
CONFIG_FSCACHE_OBJECT_LIST=y
CONFIG_CACHEFILES=m
CONFIG_CACHEFILES_DEBUG=y
CONFIG_CACHEFILES_HISTOGRAM=y
#
# CD-ROM/DVD Filesystems
#
# CONFIG_ISO9660_FS is not set
# CONFIG_UDF_FS is not set
#
# DOS/FAT/NT Filesystems
#
# CONFIG_MSDOS_FS is not set
# CONFIG_VFAT_FS is not set
# CONFIG_NTFS_FS is not set
#
# Pseudo filesystems
#
CONFIG_PROC_FS=y
CONFIG_PROC_KCORE=y
CONFIG_PROC_SYSCTL=y
CONFIG_PROC_PAGE_MONITOR=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
CONFIG_TMPFS_POSIX_ACL=y
# CONFIG_HUGETLBFS is not set
# CONFIG_HUGETLB_PAGE is not set
CONFIG_CONFIGFS_FS=m
CONFIG_MISC_FILESYSTEMS=y
# CONFIG_ADFS_FS is not set
# CONFIG_AFFS_FS is not set
# CONFIG_ECRYPT_FS is not set
# CONFIG_HFS_FS is not set
# CONFIG_HFSPLUS_FS is not set
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
# CONFIG_CRAMFS is not set
# CONFIG_SQUASHFS is not set
# CONFIG_VXFS_FS is not set
# CONFIG_MINIX_FS is not set
# CONFIG_OMFS_FS is not set
# CONFIG_HPFS_FS is not set
# CONFIG_QNX4FS_FS is not set
# CONFIG_ROMFS_FS is not set
# CONFIG_SYSV_FS is not set
# CONFIG_UFS_FS is not set
CONFIG_NETWORK_FILESYSTEMS=y
CONFIG_NFS_FS=m
CONFIG_NFS_V3=y
CONFIG_NFS_V3_ACL=y
CONFIG_NFS_V4=y
# CONFIG_NFS_V4_1 is not set
CONFIG_NFS_FSCACHE=y
CONFIG_NFSD=m
CONFIG_NFSD_V2_ACL=y
CONFIG_NFSD_V3=y
CONFIG_NFSD_V3_ACL=y
CONFIG_NFSD_V4=y
CONFIG_LOCKD=m
CONFIG_LOCKD_V4=y
CONFIG_EXPORTFS=y
CONFIG_NFS_ACL_SUPPORT=m
CONFIG_NFS_COMMON=y
CONFIG_SUNRPC=m
CONFIG_SUNRPC_GSS=m
CONFIG_RPCSEC_GSS_KRB5=m
CONFIG_RPCSEC_GSS_SPKM3=m
# CONFIG_SMB_FS is not set
# CONFIG_CIFS is not set
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
CONFIG_AFS_FS=m
CONFIG_AFS_DEBUG=y
CONFIG_AFS_FSCACHE=y
#
# Partition Types
#
# CONFIG_PARTITION_ADVANCED is not set
CONFIG_MSDOS_PARTITION=y
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=m
# CONFIG_NLS_CODEPAGE_737 is not set
# CONFIG_NLS_CODEPAGE_775 is not set
# CONFIG_NLS_CODEPAGE_850 is not set
# CONFIG_NLS_CODEPAGE_852 is not set
# CONFIG_NLS_CODEPAGE_855 is not set
# CONFIG_NLS_CODEPAGE_857 is not set
# CONFIG_NLS_CODEPAGE_860 is not set
# CONFIG_NLS_CODEPAGE_861 is not set
# CONFIG_NLS_CODEPAGE_862 is not set
# CONFIG_NLS_CODEPAGE_863 is not set
# CONFIG_NLS_CODEPAGE_864 is not set
# CONFIG_NLS_CODEPAGE_865 is not set
# CONFIG_NLS_CODEPAGE_866 is not set
# CONFIG_NLS_CODEPAGE_869 is not set
# CONFIG_NLS_CODEPAGE_936 is not set
# CONFIG_NLS_CODEPAGE_950 is not set
# CONFIG_NLS_CODEPAGE_932 is not set
# CONFIG_NLS_CODEPAGE_949 is not set
# CONFIG_NLS_CODEPAGE_874 is not set
# CONFIG_NLS_ISO8859_8 is not set
# CONFIG_NLS_CODEPAGE_1250 is not set
# CONFIG_NLS_CODEPAGE_1251 is not set
# CONFIG_NLS_ASCII is not set
CONFIG_NLS_ISO8859_1=m
# CONFIG_NLS_ISO8859_2 is not set
# CONFIG_NLS_ISO8859_3 is not set
# CONFIG_NLS_ISO8859_4 is not set
# CONFIG_NLS_ISO8859_5 is not set
# CONFIG_NLS_ISO8859_6 is not set
# CONFIG_NLS_ISO8859_7 is not set
# CONFIG_NLS_ISO8859_9 is not set
# CONFIG_NLS_ISO8859_13 is not set
# CONFIG_NLS_ISO8859_14 is not set
# CONFIG_NLS_ISO8859_15 is not set
# CONFIG_NLS_KOI8_R is not set
# CONFIG_NLS_KOI8_U is not set
CONFIG_NLS_UTF8=m
# CONFIG_DLM is not set
#
# Kernel hacking
#
CONFIG_TRACE_IRQFLAGS_SUPPORT=y
# CONFIG_PRINTK_TIME is not set
# CONFIG_ENABLE_WARN_DEPRECATED is not set
# CONFIG_ENABLE_MUST_CHECK is not set
CONFIG_FRAME_WARN=2048
CONFIG_MAGIC_SYSRQ=y
# CONFIG_STRIP_ASM_SYMS is not set
CONFIG_UNUSED_SYMBOLS=y
CONFIG_DEBUG_FS=y
# CONFIG_HEADERS_CHECK is not set
CONFIG_DEBUG_KERNEL=y
# CONFIG_DEBUG_SHIRQ is not set
CONFIG_DETECT_SOFTLOCKUP=y
# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set
CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0
CONFIG_DETECT_HUNG_TASK=y
# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set
CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0
# CONFIG_SCHED_DEBUG is not set
# CONFIG_SCHEDSTATS is not set
# CONFIG_TIMER_STATS is not set
# CONFIG_DEBUG_POISONED_PUT is not set
# CONFIG_DEBUG_OBJECTS is not set
CONFIG_DEBUG_SLAB=y
CONFIG_DEBUG_SLAB_LEAK=y
# CONFIG_DEBUG_KMEMLEAK is not set
# CONFIG_DEBUG_RT_MUTEXES is not set
# CONFIG_RT_MUTEX_TESTER is not set
CONFIG_DEBUG_SPINLOCK=y
CONFIG_DEBUG_MUTEXES=y
CONFIG_DEBUG_LOCK_ALLOC=y
CONFIG_PROVE_LOCKING=y
CONFIG_LOCKDEP=y
# CONFIG_LOCK_STAT is not set
# CONFIG_DEBUG_LOCKDEP is not set
CONFIG_TRACE_IRQFLAGS=y
CONFIG_DEBUG_SPINLOCK_SLEEP=y
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
CONFIG_STACKTRACE=y
# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
# CONFIG_DEBUG_INFO is not set
# CONFIG_DEBUG_VM is not set
# CONFIG_DEBUG_VIRTUAL is not set
# CONFIG_DEBUG_WRITECOUNT is not set
CONFIG_DEBUG_MEMORY_INIT=y
# CONFIG_DEBUG_LIST is not set
# CONFIG_DEBUG_SG is not set
# CONFIG_DEBUG_NOTIFIERS is not set
# CONFIG_DEBUG_CREDENTIALS is not set
CONFIG_ARCH_WANT_FRAME_POINTERS=y
CONFIG_FRAME_POINTER=y
# CONFIG_BOOT_PRINTK_DELAY is not set
# CONFIG_RCU_TORTURE_TEST is not set
# CONFIG_RCU_CPU_STALL_DETECTOR is not set
# CONFIG_BACKTRACE_SELF_TEST is not set
# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
# CONFIG_FAULT_INJECTION is not set
# CONFIG_LATENCYTOP is not set
CONFIG_SYSCTL_SYSCALL_CHECK=y
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
CONFIG_HAVE_DYNAMIC_FTRACE=y
CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
CONFIG_HAVE_SYSCALL_TRACEPOINTS=y
CONFIG_TRACING_SUPPORT=y
# CONFIG_FTRACE is not set
# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
# CONFIG_DYNAMIC_DEBUG is not set
# CONFIG_DMA_API_DEBUG is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
# CONFIG_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_DEBUG_STACKOVERFLOW is not set
# CONFIG_DEBUG_STACK_USAGE is not set
# CONFIG_DEBUG_PER_CPU_MAPS is not set
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_RODATA=y
# CONFIG_DEBUG_RODATA_TEST is not set
# CONFIG_DEBUG_NX_TEST is not set
# CONFIG_IOMMU_DEBUG is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
CONFIG_IO_DELAY_TYPE_0X80=0
CONFIG_IO_DELAY_TYPE_0XED=1
CONFIG_IO_DELAY_TYPE_UDELAY=2
CONFIG_IO_DELAY_TYPE_NONE=3
CONFIG_IO_DELAY_0X80=y
# CONFIG_IO_DELAY_0XED is not set
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
# CONFIG_DEBUG_BOOT_PARAMS is not set
# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
#
# Security options
#
CONFIG_KEYS=y
CONFIG_KEYS_DEBUG_PROC_KEYS=y
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
CONFIG_SECURITY_NETWORK_XFRM=y
# CONFIG_SECURITY_PATH is not set
CONFIG_SECURITY_FILE_CAPABILITIES=y
# CONFIG_INTEL_TXT is not set
CONFIG_LSM_MMAP_MIN_ADDR=65536
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
CONFIG_SECURITY_SMACK=y
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_IMA is not set
CONFIG_CRYPTO=y
#
# Crypto core or helper
#
CONFIG_CRYPTO_ALGAPI=y
CONFIG_CRYPTO_ALGAPI2=y
CONFIG_CRYPTO_AEAD2=y
CONFIG_CRYPTO_BLKCIPHER=y
CONFIG_CRYPTO_BLKCIPHER2=y
CONFIG_CRYPTO_HASH=y
CONFIG_CRYPTO_HASH2=y
CONFIG_CRYPTO_RNG2=y
CONFIG_CRYPTO_PCOMP=y
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
# CONFIG_CRYPTO_GF128MUL is not set
# CONFIG_CRYPTO_NULL is not set
CONFIG_CRYPTO_WORKQUEUE=y
# CONFIG_CRYPTO_CRYPTD is not set
# CONFIG_CRYPTO_AUTHENC is not set
# CONFIG_CRYPTO_TEST is not set
#
# Authenticated Encryption with Associated Data
#
# CONFIG_CRYPTO_CCM is not set
# CONFIG_CRYPTO_GCM is not set
# CONFIG_CRYPTO_SEQIV is not set
#
# Block modes
#
CONFIG_CRYPTO_CBC=y
# CONFIG_CRYPTO_CTR is not set
# CONFIG_CRYPTO_CTS is not set
# CONFIG_CRYPTO_ECB is not set
# CONFIG_CRYPTO_LRW is not set
CONFIG_CRYPTO_PCBC=y
# CONFIG_CRYPTO_XTS is not set
#
# Hash modes
#
# CONFIG_CRYPTO_HMAC is not set
# CONFIG_CRYPTO_XCBC is not set
# CONFIG_CRYPTO_VMAC is not set
#
# Digest
#
# CONFIG_CRYPTO_CRC32C is not set
# CONFIG_CRYPTO_CRC32C_INTEL is not set
# CONFIG_CRYPTO_GHASH is not set
# CONFIG_CRYPTO_MD4 is not set
CONFIG_CRYPTO_MD5=y
# CONFIG_CRYPTO_MICHAEL_MIC is not set
# CONFIG_CRYPTO_RMD128 is not set
# CONFIG_CRYPTO_RMD160 is not set
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
# CONFIG_CRYPTO_SHA1 is not set
# CONFIG_CRYPTO_SHA256 is not set
# CONFIG_CRYPTO_SHA512 is not set
# CONFIG_CRYPTO_TGR192 is not set
# CONFIG_CRYPTO_WP512 is not set
#
# Ciphers
#
# CONFIG_CRYPTO_AES is not set
# CONFIG_CRYPTO_AES_X86_64 is not set
# CONFIG_CRYPTO_AES_NI_INTEL is not set
# CONFIG_CRYPTO_ANUBIS is not set
# CONFIG_CRYPTO_ARC4 is not set
# CONFIG_CRYPTO_BLOWFISH is not set
# CONFIG_CRYPTO_CAMELLIA is not set
CONFIG_CRYPTO_CAST5=m
# CONFIG_CRYPTO_CAST6 is not set
CONFIG_CRYPTO_DES=y
CONFIG_CRYPTO_FCRYPT=y
# CONFIG_CRYPTO_KHAZAD is not set
# CONFIG_CRYPTO_SALSA20 is not set
# CONFIG_CRYPTO_SALSA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
# CONFIG_CRYPTO_SERPENT is not set
# CONFIG_CRYPTO_TEA is not set
# CONFIG_CRYPTO_TWOFISH is not set
# CONFIG_CRYPTO_TWOFISH_X86_64 is not set
#
# Compression
#
# CONFIG_CRYPTO_DEFLATE is not set
# CONFIG_CRYPTO_ZLIB is not set
# CONFIG_CRYPTO_LZO is not set
#
# Random Number Generation
#
# CONFIG_CRYPTO_ANSI_CPRNG is not set
# CONFIG_CRYPTO_HW is not set
CONFIG_HAVE_KVM=y
# CONFIG_VIRTUALIZATION is not set
# CONFIG_BINARY_PRINTF is not set
#
# Library routines
#
CONFIG_BITREVERSE=m
CONFIG_GENERIC_FIND_FIRST_BIT=y
CONFIG_GENERIC_FIND_NEXT_BIT=y
CONFIG_GENERIC_FIND_LAST_BIT=y
# CONFIG_CRC_CCITT is not set
CONFIG_CRC16=m
CONFIG_CRC_T10DIF=y
CONFIG_CRC_ITU_T=m
CONFIG_CRC32=m
# CONFIG_CRC7 is not set
# CONFIG_LIBCRC32C is not set
CONFIG_ZLIB_INFLATE=y
CONFIG_DECOMPRESS_GZIP=y
CONFIG_DECOMPRESS_BZIP2=y
CONFIG_DECOMPRESS_LZMA=y
CONFIG_HAS_IOMEM=y
CONFIG_HAS_IOPORT=y
CONFIG_HAS_DMA=y
CONFIG_NLATTR=y
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V3] x86: NX protection for kernel data
On Fri, Sep 4, 2009 at 9:13 AM, Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker script is adjusted so .text always starts and ends on a page boundary
> 2. Linker script is adjusted so .rodata and .data always start and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> functionality: NX is set for all pages from _etext through _end.
> 4. mark_nxdata_nx() called from free_initmem() (after init has been released)
> 5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
>
> The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
> and Xuxian Jiang .
>
> V1: initial patch for 2.6.30
> V2: patch for 2.6.31-rc7
> V3: moved all code into arch/x86, adjusted credits
Looks fine, but I don't think it is necessary to bother "CREDITS",
because now we have git. :)
Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V3] x86: NX protection for kernel data
* Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker script is adjusted so .text always starts and ends on a page boundary
> 2. Linker script is adjusted so .rodata and .data always start and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
> functionality: NX is set for all pages from _etext through _end.
> 4. mark_nxdata_nx() called from free_initmem() (after init has been released)
> 5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
>
> The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
> and Xuxian Jiang .
>
> V1: initial patch for 2.6.30
> V2: patch for 2.6.31-rc7
> V3: moved all code into arch/x86, adjusted credits
ok, i like it.
One small cleanliness detail before we can apply it to the x86 tree:
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -440,11 +441,31 @@ void free_init_pages(char *what, unsigned long
> begin, unsigned long end)
> #endif
> }
>
> +#ifndef CONFIG_DEBUG_RODATA
> +static inline void mark_nxdata_nx(void) { }
> +#else
> +void mark_nxdata_nx(void)
> +{
> + /*
> + * When this called, init has already been executed and released,
> + * so everything past _etext sould be NX.
> + */
> + unsigned long start = PFN_ALIGN(_etext);
> + unsigned long size = PFN_ALIGN(_end) - start;
> +
> + printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
> + start, size >> PAGE_SHIFT);
> + set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
> +}
> +#endif
This #ifdef looks ugly, it starts with an #ifndef which is inverted
logic and mark_nxdata_nx() is a global symbol, needlessly. It should
be written as something like:
static void mark_nxdata_nx(void)
{
#ifdef CONFIG_DEBUG_RODATA
...
#endif
}
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
On Sun, Jul 19, 2009 at 03:43:06PM -0400, Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
> The following steps are taken to achieve this:
> 1. Linker scripts are adjusted so .text always starts and end on a page boundary
> 2. Linker scripts are adjusted so .rodata and .data always starts and
> end on a page boundary
> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
> arch/x86/mm/init_32.c with actual functionality: NX is set for all
> pages from _etext through _edata
> 4. mark_nxdata_nx() called from init_post(void) in init/main.c
>
> The patch have been developed for Linux 2.6.30 x86 by Siarhei Liakh
> and Xuxian Jiang .
The patch no longer applies.
The file vmlinux_32.lds.S and vmlinux_64.lds.S has been unified
into one file.
> --- a/arch/x86/kernel/vmlinux_32.lds.S
> +++ b/arch/x86/kernel/vmlinux_32.lds.S
> @@ -47,6 +47,7 @@ SECTIONS
> IRQENTRY_TEXT
> *(.fixup)
> *(.gnu.warning)
> + . = ALIGN(PAGE_SIZE); /* .text should occupy whole number of pages */
> _etext = .; /* End of text section */
So _etext cover until page boundary - makes sense.
> } :text = 0x9090
>
> @@ -93,6 +94,7 @@ SECTIONS
> *(.data.read_mostly)
> _edata = .; /* End of data section */
> }
> + . = ALIGN(PAGE_SIZE); /* needed so we can set NX for .data */
But here _edata does not cover until page boundary.
And alignmnet is located outside the output section
definition.
It would be better/more consistent to follow the style you use for .text here.
Sam
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to init/main.c with actual
functionality: NX is set for all
pages from _etext through _end.
4. mark_nxdata_nx() called from init_post(void) in init/main.c (after
init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 78d185d..1b036e3 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -43,7 +43,7 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
user PT_LOAD FLAGS(7); /* RWE */
data.init PT_LOAD FLAGS(7); /* RWE */
@@ -89,6 +89,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -151,6 +153,8 @@ SECTIONS
.data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
*(.data.read_mostly)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 0607119..da6da99 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -423,9 +423,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
diff --git a/init/main.c b/init/main.c
index 2d9d6bd..a1a6248 100644
--- a/init/main.c
+++ b/init/main.c
@@ -7,6 +7,8 @@
* Added initrd & change_root: Werner Almesberger & Hans Lermen, Feb '96
* Moan early if gcc is old, avoiding bogus kernels - Paul Gortmaker, May '96
* Simplified starting of init: Michael A. Griffith
+ * Data NX protection by Siarhei Liakh
+ * and Xuxian Jiang
*/
#include
@@ -91,6 +93,21 @@ extern void radix_tree_init(void);
extern void free_initmem(void);
#ifndef CONFIG_DEBUG_RODATA
static inline void mark_rodata_ro(void) { }
+static inline void mark_nxdata_nx(void) { }
+#else
+void mark_nxdata_nx(void)
+{
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PFN_ALIGN(_etext);
+ unsigned long size = PFN_ALIGN(_end) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
+}
#endif
#ifdef CONFIG_TC
@@ -839,6 +856,7 @@ static noinline int init_post(void)
free_initmem();
unlock_kernel();
mark_rodata_ro();
+ mark_nxdata_nx();
system_state = SYSTEM_RUNNING;
numa_default_policy();
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
V4: fixed ifdef, removed credits from CREDITS
V5: fixed an address calculation bug in mark_nxdata_nx()
V6: updated for compatibility with 2.6.33-rc5
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
Acked-by: Arjan van de Ven
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index f92a0da..2cb7369 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -69,7 +69,7 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
user PT_LOAD FLAGS(5); /* R_E */
#ifdef CONFIG_SMP
@@ -108,6 +108,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -143,6 +145,8 @@ SECTIONS
/* rarely changed data like cpu maps */
READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
} :data
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index d406c52..d613d0a 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -356,9 +356,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -373,11 +374,29 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
#endif
}
+void mark_nxdata_nx(void)
+{
+#ifdef CONFIG_DEBUG_RODATA
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PAGE_ALIGN((unsigned long)(&_etext));
+ unsigned long size = PAGE_ALIGN((unsigned long)(&_end)) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_memory_nx(start, size >> PAGE_SHIFT);
+#endif
+}
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
x86, mm: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
V4: fixed ifdef, removed credits from CREDITS
V5: fixed an address calculation bug in mark_nxdata_nx()
V6: updated for compatibility with 2.6.33-rc5
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
Acked-by: Arjan van de Ven
Reviewed-by: James Morris
LKML-Reference: <817ecb6f1001311527w7914ab20sf15b800dcaa37df7@mail.gmail.com>
Signed-off-by: H. Peter Anvin
---
arch/x86/kernel/vmlinux.lds.S | 6 +++++-
arch/x86/mm/init.c | 21 ++++++++++++++++++++-
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index f92a0da..2cb7369 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -69,7 +69,7 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
user PT_LOAD FLAGS(5); /* R_E */
#ifdef CONFIG_SMP
@@ -108,6 +108,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -143,6 +145,8 @@ SECTIONS
/* rarely changed data like cpu maps */
READ_MOSTLY_DATA(INTERNODE_CACHE_BYTES)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
} :data
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index d406c52..d613d0a 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -356,9 +356,10 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -373,11 +374,29 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
+void mark_nxdata_nx(void)
+{
+#ifdef CONFIG_DEBUG_RODATA
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PAGE_ALIGN((unsigned long)(&_etext));
+ unsigned long size = PAGE_ALIGN((unsigned long)(&_end)) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_memory_nx(start, size >> PAGE_SHIFT);
+#endif
+}
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
* tip-bot for Siarhei Liakh wrote:
> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
> Author: Siarhei Liakh
> AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
> Committer: H. Peter Anvin
> CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
>
> x86, mm: NX protection for kernel data
>
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
-tip testing is seeing boot hangs along the lines of:
[ 15.568108] EXT3-fs (sda1): recovery complete
[ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
[ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
[ 15.584021] async_waiting @ 1
[ 15.588008] async_continuing @ 1 after 0 usec
[ 15.592163] Freeing unused kernel memory: 540k freed
[ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
which i suspect could be due to the commit above.
Config attached. Athlon64 testbox.
Ingo
[tip:x86/mm] x86, mm: NX protection for kernel data
On Mon, Feb 22, 2010 at 5:54 AM, Ingo Molnar wrote:
>
> * tip-bot for Siarhei Liakh wrote:
>
>> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
>> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
>> Author: Siarhei Liakh
>> AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
>> Committer: H. Peter Anvin
>> CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
>>
>> x86, mm: NX protection for kernel data
>>
>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>> (static) kernel data area as NX.
>
> -tip testing is seeing boot hangs along the lines of:
>
> [ 15.568108] EXT3-fs (sda1): recovery complete
> [ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
> [ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
> [ 15.584021] async_waiting @ 1
> [ 15.588008] async_continuing @ 1 after 0 usec
> [ 15.592163] Freeing unused kernel memory: 540k freed
> [ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
>
> which i suspect could be due to the commit above.
>
> Config attached. Athlon64 testbox.
I have been looking at this issue for several days now and my best
theory is that we are indeed trying to execute something in .data.
Here is what I discovered so far:
1. This patch definitely causes this issue
2. Kernel boots just fine when NX is set from _stext through _sdata
(notes, exception table, ro-data).
3. Kernel crashes when NX is set from _stext through _edata, which
covers init task data, nosave data, page/cache aligned data, data
data, constructors and read-mostly data.
4. Each side of .text, .rodata and .data is page-aligned, so the patch
is not setting NX on any neighbouring sections.
5. The crash happens on some asynchronous event, AFTER we kernel
initialisation is complete and INIT process have been kicked off in
the userspace.
6. From what I see, the actual crash is caused by a double fault.
In the boot log attached, you can see that crash happens after page
tables have been dumped by my custom INIT process and the system has
booted into shell (you can see root@(none):/# before the crash dump).
Only about a second later we get a crash dump.
At this point I need some help and guidance on how to track down what
exactly happens there, as I am not very familiar with what goes into
.data and why are we trying to execute it.
Thank you.
[tip:x86/mm] x86, mm: NX protection for kernel data
* Ingo Molnar wrote:
>
> * tip-bot for Siarhei Liakh wrote:
>
> > Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
> > Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
> > Author: Siarhei Liakh
> > AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
> > Committer: H. Peter Anvin
> > CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
> >
> > x86, mm: NX protection for kernel data
> >
> > This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> > (static) kernel data area as NX.
>
> -tip testing is seeing boot hangs along the lines of:
>
> [ 15.568108] EXT3-fs (sda1): recovery complete
> [ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
> [ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
> [ 15.584021] async_waiting @ 1
> [ 15.588008] async_continuing @ 1 after 0 usec
> [ 15.592163] Freeing unused kernel memory: 540k freed
> [ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
>
> which i suspect could be due to the commit above.
Yep, that's confirmed now, applying these 3 reverts makes it boot fine:
833e0ca: Revert "x86, mm: NX protection for kernel data"
ce4b6b4: Revert "x86: RO/NX protection for loadable kernel modules"
e357312: Revert "module: fix () used as prototype in include/linux/module.h"
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
On 02/22/2010 03:01 AM, Ingo Molnar wrote:
>>
>>> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
>>> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
>>> Author: Siarhei Liakh
>>> AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
>>> Committer: H. Peter Anvin
>>> CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
>>>
>>> x86, mm: NX protection for kernel data
>>>
>>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>>> (static) kernel data area as NX.
>>
>> -tip testing is seeing boot hangs along the lines of:
>>
>> [ 15.568108] EXT3-fs (sda1): recovery complete
>> [ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
>> [ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
>> [ 15.584021] async_waiting @ 1
>> [ 15.588008] async_continuing @ 1 after 0 usec
>> [ 15.592163] Freeing unused kernel memory: 540k freed
>> [ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
>>
>> which i suspect could be due to the commit above.
>
> Yep, that's confirmed now, applying these 3 reverts makes it boot fine:
>
> 833e0ca: Revert "x86, mm: NX protection for kernel data"
> ce4b6b4: Revert "x86: RO/NX protection for loadable kernel modules"
> e357312: Revert "module: fix () used as prototype in include/linux/module.h"
>
Given that e357312 is a () -> (void) prototype fix, is hardly seems
likely to be at fault. The RO/NX stuff, on the other hand, make a lot
of sense.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
* H. Peter Anvin wrote:
> On 02/22/2010 03:01 AM, Ingo Molnar wrote:
> >>
> >>> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
> >>> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
> >>> Author: Siarhei Liakh
> >>> AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
> >>> Committer: H. Peter Anvin
> >>> CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
> >>>
> >>> x86, mm: NX protection for kernel data
> >>>
> >>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> >>> (static) kernel data area as NX.
> >>
> >> -tip testing is seeing boot hangs along the lines of:
> >>
> >> [ 15.568108] EXT3-fs (sda1): recovery complete
> >> [ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
> >> [ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
> >> [ 15.584021] async_waiting @ 1
> >> [ 15.588008] async_continuing @ 1 after 0 usec
> >> [ 15.592163] Freeing unused kernel memory: 540k freed
> >> [ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
> >>
> >> which i suspect could be due to the commit above.
> >
> > Yep, that's confirmed now, applying these 3 reverts makes it boot fine:
> >
> > 833e0ca: Revert "x86, mm: NX protection for kernel data"
> > ce4b6b4: Revert "x86: RO/NX protection for loadable kernel modules"
> > e357312: Revert "module: fix () used as prototype in include/linux/module.h"
> >
>
> Given that e357312 is a () -> (void) prototype fix, is hardly seems
> likely to be at fault. The RO/NX stuff, on the other hand, make a lot
> of sense.
Yes, i reverted e357312 because it was a dependent change.
Thanks,
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
On Mon, Feb 22, 2010 at 12:21 PM, Ingo Molnar wrote:
>
> * H. Peter Anvin wrote:
>
>> On 02/22/2010 03:01 AM, Ingo Molnar wrote:
>> >>
>> >>> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
>> >>> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
>> >>> Author: Siarhei Liakh
>> >>> AuthorDate: Sun, 31 Jan 2010 18:27:55 -0500
>> >>> Committer: H. Peter Anvin
>> >>> CommitDate: Wed, 17 Feb 2010 10:11:24 -0800
>> >>>
>> >>> x86, mm: NX protection for kernel data
>> >>>
>> >>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>> >>> (static) kernel data area as NX.
>> >>
>> >> -tip testing is seeing boot hangs along the lines of:
>> >>
>> >> [ 15.568108] EXT3-fs (sda1): recovery complete
>> >> [ 15.573064] EXT3-fs (sda1): mounted filesystem with ordered data mode
>> >> [ 15.580313] VFS: Mounted root (ext3 filesystem) readonly on device 8:1.
>> >> [ 15.584021] async_waiting @ 1
>> >> [ 15.588008] async_continuing @ 1 after 0 usec
>> >> [ 15.592163] Freeing unused kernel memory: 540k freed
>> >> [ 15.600126] NX-protecting the kernel data: c15ab000, 2919 pages
>> >>
>> >> which i suspect could be due to the commit above.
>> >
>> > Yep, that's confirmed now, applying these 3 reverts makes it boot fine:
>> >
>> > 833e0ca: Revert "x86, mm: NX protection for kernel data"
>> > ce4b6b4: Revert "x86: RO/NX protection for loadable kernel modules"
>> > e357312: Revert "module: fix () used as prototype in include/linux/module.h"
>> >
>>
>> Given that e357312 is a () -> (void) prototype fix, is hardly seems
>> likely to be at fault. The RO/NX stuff, on the other hand, make a lot
>> of sense.
>
> Yes, i reverted e357312 because it was a dependent change.
I was able to narrow down the issue to spinlock debugging. More
specifically, DEBUG_SPINLOCK=y seem to be somehow incompatible with
kernel's RW-data being NX.
Crash/nocrash config diff:
============================================
diff -uNr config.tip.crash config.tip.nocrash
--- config.tip.crash 2010-03-05 22:43:01.000000000 -0500
+++ config.tip.nocrash 2010-03-06 01:38:00.000000000 -0500
@@ -1,7 +1,7 @@
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.33
-# Fri Mar 5 22:22:10 2010
+# Sat Mar 6 01:22:32 2010
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -219,27 +219,27 @@
# CONFIG_INLINE_SPIN_LOCK_BH is not set
# CONFIG_INLINE_SPIN_LOCK_IRQ is not set
# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set
-# CONFIG_INLINE_SPIN_UNLOCK is not set
+CONFIG_INLINE_SPIN_UNLOCK=y
# CONFIG_INLINE_SPIN_UNLOCK_BH is not set
-# CONFIG_INLINE_SPIN_UNLOCK_IRQ is not set
+CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set
# CONFIG_INLINE_READ_TRYLOCK is not set
# CONFIG_INLINE_READ_LOCK is not set
# CONFIG_INLINE_READ_LOCK_BH is not set
# CONFIG_INLINE_READ_LOCK_IRQ is not set
# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set
-# CONFIG_INLINE_READ_UNLOCK is not set
+CONFIG_INLINE_READ_UNLOCK=y
# CONFIG_INLINE_READ_UNLOCK_BH is not set
-# CONFIG_INLINE_READ_UNLOCK_IRQ is not set
+CONFIG_INLINE_READ_UNLOCK_IRQ=y
# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set
# CONFIG_INLINE_WRITE_TRYLOCK is not set
# CONFIG_INLINE_WRITE_LOCK is not set
# CONFIG_INLINE_WRITE_LOCK_BH is not set
# CONFIG_INLINE_WRITE_LOCK_IRQ is not set
# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set
-# CONFIG_INLINE_WRITE_UNLOCK is not set
+CONFIG_INLINE_WRITE_UNLOCK=y
# CONFIG_INLINE_WRITE_UNLOCK_BH is not set
-# CONFIG_INLINE_WRITE_UNLOCK_IRQ is not set
+CONFIG_INLINE_WRITE_UNLOCK_IRQ=y
# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set
# CONFIG_MUTEX_SPIN_ON_OWNER is not set
CONFIG_FREEZER=y
@@ -331,7 +331,7 @@
CONFIG_FLAT_NODE_MEM_MAP=y
CONFIG_SPARSEMEM_STATIC=y
CONFIG_PAGEFLAGS_EXTENDED=y
-CONFIG_SPLIT_PTLOCK_CPUS=999999
+CONFIG_SPLIT_PTLOCK_CPUS=4
CONFIG_PHYS_ADDR_T_64BIT=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
@@ -2808,16 +2808,12 @@
CONFIG_DEBUG_RT_MUTEXES=y
CONFIG_DEBUG_PI_LIST=y
CONFIG_RT_MUTEX_TESTER=y
-CONFIG_DEBUG_SPINLOCK=y
+# CONFIG_DEBUG_SPINLOCK is not set
CONFIG_DEBUG_MUTEXES=y
-CONFIG_DEBUG_LOCK_ALLOC=y
-CONFIG_PROVE_LOCKING=y
-# CONFIG_PROVE_RCU is not set
-CONFIG_LOCKDEP=y
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
# CONFIG_LOCK_STAT is not set
-CONFIG_DEBUG_LOCKDEP=y
-CONFIG_TRACE_IRQFLAGS=y
-CONFIG_DEBUG_SPINLOCK_SLEEP=y
+# CONFIG_DEBUG_SPINLOCK_SLEEP is not set
CONFIG_DEBUG_LOCKING_API_SELFTESTS=y
CONFIG_STACKTRACE=y
# CONFIG_DEBUG_KOBJECT is not set
============================================
Kernel crash dump:
============================================
[ 2.844000] EXT3-fs (sda1): warning: maximal mount count reached,
running e2fsck is recommended
[ 2.848000] EXT3-fs (sda1): using internal journal
[ 2.849556] EXT3-fs (sda1): recovery complete
[ 2.852000] EXT3-fs (sda1): mounted filesystem with ordered data mode
[ 2.854168] VFS: Mounted root (ext3 filesystem) on device 8:1.
[ 2.856000] Freeing unused kernel memory (init): 540k freed
[ 2.857056] NX-protecting the kernel data: 0xc15b3000 - 0xc1834000, 641 pages
[ 2.860328] do_page_fault - entry
[ 2.862554] do_page_fault: 0xc17ebdb8
[ 2.864000] do_page_fault - kernel space
[ 2.864000] do_page_fault - about to call bad_area_nosemaphore()
[ 2.864000] BUG: unable to handle kernel paging request at c17ebdb8
[ 2.864000] IP: [] do_raw_spin_unlock+0x5e/0x71
[ 2.864000] *pdpt = 00000000018c0001 *pde = 80000000016001e1
[ 2.864000] Oops: 0003 [#1] SMP
[ 2.864000] last sysfs file:
[ 2.864000] Modules linked in:
[ 2.864000]
[ 2.864000] Pid: 1, comm: swapper Not tainted 2.6.33-tip+ #41 /
[ 2.864000] EIP: 0060:[] EFLAGS: 00010046 CPU: 0
[ 2.864000] EIP is at do_raw_spin_unlock+0x5e/0x71
[ 2.864000] EAX: 00000000 EBX: c17ebdac ECX: 00000001 EDX: 00000c0b
[ 2.864000] ESI: 00000246 EDI: c18c0058 EBP: f780fe14 ESP: f780fe10
[ 2.864000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 2.864000] Process swapper (pid: 1, ti=f780f000 task=f7826000
task.ti=f780f000)
[ 2.864000] Stack:
[ 2.864000] c17ebdac f780fe24 c15ad3f2 00000000 00000000 f780ff18
c1017a57 00000000
[ 2.864000] <0> 016001e3 00000000 016001e3 f77a8004 00000001
00000000 00000163 80000000
[ 2.864000] <0> 00000000 ffffffff ffffffff 80000000 000001e1
80000000 00000000 80000000
[ 2.864000] Call Trace:
[ 2.864000] [] ? _raw_spin_unlock_irqrestore+0x20/0x3c
[ 2.864000] [] ? __change_page_attr_set_clr+0x65c/0x945
[ 2.864000] [] ? vm_unmap_aliases+0x17b/0x186
[ 2.864000] [] ? _etext+0x0/0x24
[ 2.864000] [] ? change_page_attr_set_clr+0x174/0x312
[ 2.864000] [] ? _etext+0x0/0x24
[ 2.864000] [] ? set_memory_nx+0x2d/0x32
[ 2.864000] [] ? mark_nxdata_nx+0x37/0x41
[ 2.864000] [] ? _etext+0x0/0x24
[ 2.864000] [] ? i386_start_kernel+0x0/0xaa
[ 2.864000] [] ? free_initmem+0x1c/0x1e
[ 2.864000] [] ? init_post+0xd/0x121
[ 2.864000] [] ? kernel_init+0x1d5/0x1df
[ 2.864000] [] ? kernel_init+0x0/0x1df
[ 2.864000] [] ? kernel_thread_helper+0x6/0x10
[ 2.864000] Code: 54 8b c1 39 43 0c 74 0c ba 74 e1 73 c1 89 d8 e8
31 ff ff ff 64 a1 d8 6b 8b c1 39 43 08 74 0c ba 80 e1 73 c1 89 d8 e8
1a ff ff ff 43 0c ff ff ff ff c7 43 08 ff ff ff ff fe 03 5b 5d c3
55 89
[ 2.864000] EIP: [] do_raw_spin_unlock+0x5e/0x71 SS:ESP
0068:f780fe10
[ 2.864000] CR2: 00000000c17ebdb8
[ 2.864000] ---[ end trace 0d94f53e9dfe82f9 ]---
[ 2.948071] swapper used greatest stack depth: 1804 bytes left
[ 2.952000] Kernel panic - not syncing: Attempted to kill init!
============================================
looking for c17ebdb8 in system.map points to a location in pgd_lock:
============================================
$grep c17ebd System.map
c17ebd68 d bios_check_work
c17ebda8 d highmem_pages
c17ebdac D pgd_lock
c17ebdc8 D pgd_list
c17ebdd0 D show_unhandled_signals
c17ebdd4 d cpa_lock
c17ebdf0 d memtype_lock
============================================
I've looked at the lock debugging and could not find any place that
would look like an attempt to execute data. This would lead me to
think that calling set_memory_nx from kernel_init somehow confuses the
lock debugging subsystem, or set_memory_nx does not change page
attributes in a safe manner (for example when a lock is stored inside
the page whose attributes are being changed).
Any suggestions on how should I proceed forward in troubleshooting this issue?
Thank you.
[tip:x86/mm] x86, mm: NX protection for kernel data
On Sat, Mar 6, 2010 at 2:44 PM, Siarhei Liakh wrote:
> On Mon, Feb 22, 2010 at 12:21 PM, Ingo Molnar wrote:
>>
>> * H. Peter Anvin wrote:
>>
>>> On 02/22/2010 03:01 AM, Ingo Molnar wrote:
>>> >>
>>> >>> Commit-ID: 01ab31371da90a795b774d87edf2c21bb3a64dda
>>> >>> Gitweb: http://git.kernel.org/tip/01ab31371da90a795b774d87edf2c21bb3a64dda
[ . . . ]
> I was able to narrow down the issue to spinlock debugging. More
> specifically, DEBUG_SPINLOCK=y seem to be somehow incompatible with
> kernel's RW-data being NX.
[ . . . ]
> Kernel crash dump:
> ============================================
> [ 2.844000] EXT3-fs (sda1): warning: maximal mount count reached,
> running e2fsck is recommended
> [ 2.848000] EXT3-fs (sda1): using internal journal
> [ 2.849556] EXT3-fs (sda1): recovery complete
> [ 2.852000] EXT3-fs (sda1): mounted filesystem with ordered data mode
> [ 2.854168] VFS: Mounted root (ext3 filesystem) on device 8:1.
> [ 2.856000] Freeing unused kernel memory (init): 540k freed
> [ 2.857056] NX-protecting the kernel data: 0xc15b3000 - 0xc1834000, 641 pages
> [ 2.860328] do_page_fault - entry
> [ 2.862554] do_page_fault: 0xc17ebdb8
> [ 2.864000] do_page_fault - kernel space
> [ 2.864000] do_page_fault - about to call bad_area_nosemaphore()
> [ 2.864000] BUG: unable to handle kernel paging request at c17ebdb8
> [ 2.864000] IP: [] do_raw_spin_unlock+0x5e/0x71
> [ 2.864000] *pdpt = 00000000018c0001 *pde = 80000000016001e1
> [ 2.864000] Oops: 0003 [#1] SMP
> [ 2.864000] last sysfs file:
> [ 2.864000] Modules linked in:
> [ 2.864000]
> [ 2.864000] Pid: 1, comm: swapper Not tainted 2.6.33-tip+ #41 /
> [ 2.864000] EIP: 0060:[] EFLAGS: 00010046 CPU: 0
> [ 2.864000] EIP is at do_raw_spin_unlock+0x5e/0x71
> [ 2.864000] EAX: 00000000 EBX: c17ebdac ECX: 00000001 EDX: 00000c0b
> [ 2.864000] ESI: 00000246 EDI: c18c0058 EBP: f780fe14 ESP: f780fe10
> [ 2.864000] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
> [ 2.864000] Process swapper (pid: 1, ti=f780f000 task=f7826000
> task.ti=f780f000)
> [ 2.864000] Stack:
> [ 2.864000] c17ebdac f780fe24 c15ad3f2 00000000 00000000 f780ff18
> c1017a57 00000000
> [ 2.864000] <0> 016001e3 00000000 016001e3 f77a8004 00000001
> 00000000 00000163 80000000
> [ 2.864000] <0> 00000000 ffffffff ffffffff 80000000 000001e1
> 80000000 00000000 80000000
> [ 2.864000] Call Trace:
> [ 2.864000] [] ? _raw_spin_unlock_irqrestore+0x20/0x3c
> [ 2.864000] [] ? __change_page_attr_set_clr+0x65c/0x945
> [ 2.864000] [] ? vm_unmap_aliases+0x17b/0x186
> [ 2.864000] [] ? _etext+0x0/0x24
> [ 2.864000] [] ? change_page_attr_set_clr+0x174/0x312
> [ 2.864000] [] ? _etext+0x0/0x24
> [ 2.864000] [] ? set_memory_nx+0x2d/0x32
> [ 2.864000] [] ? mark_nxdata_nx+0x37/0x41
> [ 2.864000] [] ? _etext+0x0/0x24
> [ 2.864000] [] ? i386_start_kernel+0x0/0xaa
> [ 2.864000] [] ? free_initmem+0x1c/0x1e
> [ 2.864000] [] ? init_post+0xd/0x121
> [ 2.864000] [] ? kernel_init+0x1d5/0x1df
> [ 2.864000] [] ? kernel_init+0x0/0x1df
> [ 2.864000] [] ? kernel_thread_helper+0x6/0x10
> [ 2.864000] Code: 54 8b c1 39 43 0c 74 0c ba 74 e1 73 c1 89 d8 e8
> 31 ff ff ff 64 a1 d8 6b 8b c1 39 43 08 74 0c ba 80 e1 73 c1 89 d8 e8
> 1a ff ff ff 43 0c ff ff ff ff c7 43 08 ff ff ff ff fe 03 5b 5d c3
> 55 89
> [ 2.864000] EIP: [] do_raw_spin_unlock+0x5e/0x71 SS:ESP
> 0068:f780fe10
> [ 2.864000] CR2: 00000000c17ebdb8
> [ 2.864000] ---[ end trace 0d94f53e9dfe82f9 ]---
> [ 2.948071] swapper used greatest stack depth: 1804 bytes left
> [ 2.952000] Kernel panic - not syncing: Attempted to kill init!
> ============================================
>
> looking for c17ebdb8 in system.map points to a location in pgd_lock:
> ============================================
> $grep c17ebd System.map
> c17ebd68 d bios_check_work
> c17ebda8 d highmem_pages
> c17ebdac D pgd_lock
> c17ebdc8 D pgd_list
> c17ebdd0 D show_unhandled_signals
> c17ebdd4 d cpa_lock
> c17ebdf0 d memtype_lock
> ============================================
>
> I've looked at the lock debugging and could not find any place that
> would look like an attempt to execute data. This would lead me to
> think that calling set_memory_nx from kernel_init somehow confuses the
> lock debugging subsystem, or set_memory_nx does not change page
> attributes in a safe manner (for example when a lock is stored inside
> the page whose attributes are being changed).
I've done some extra debugging and it really does look like the crash
happens when we are setting NX on a large page which has pgd_lock
inside it.
Here is a trace of printk's that I added to troubleshoot this issue:
=========================
[ 3.072003] try_preserve_large_page - enter
[ 3.073185] try_preserve_large_page - address: 0xc1600000
[ 3.074513] try_preserve_large_page - 2M page
[ 3.075606] try_preserve_large_page - about to call static_protections
[ 3.076000] try_preserve_large_page - back from static_protections
[ 3.076000] try_preserve_large_page - past loop
[ 3.076000] try_preserve_large_page - new_prot != old_prot
[ 3.076000] try_preserve_large_page - the address is aligned and
the number of pages covers the full range
[ 3.076000] try_preserve_large_page - about to call __set_pmd_pte
[ 3.076000] __set_pmd_pte - enter
[ 3.076000] __set_pmd_pte - address: 0xc1600000
[ 3.076000] __set_pmd_pte - about to call
set_pte_atomic(*0xc18c0058(low=0x16001e3, high=0x0), (low=0x16001e1,
high=0x80000000))
[lock-up here]
=========================
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
* Siarhei Liakh wrote:
> Any suggestions on how should I proceed forward in troubleshooting this issue?
Can you reproduce it in KVM?
If yes then that might give you a more debuggable state than a crashed native
system.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[tip:x86/mm] x86, mm: NX protection for kernel data
>> Any suggestions on how should I proceed forward in troubleshooting this issue?
>
> Can you reproduce it in KVM?
Yes, it crashes in KVM.
> If yes then that might give you a more debuggable state than a crashed native
> system.
Running kernel in KVM under kgdb with a watchpoint set for
($eip>=_etext)&&($eip<=_edata) still produces a dump but without ever
triggering the watchpoint.
I was hoping that some Kernel Locking Guru would say "take a look at
__xxx_yyy_zzz(), the things it does always looked suspicious to me."
:)
But joking aside, I would really appreciate ANY advice on debugging
this problem, as my best idea at this point is to pretty much
single-step through the whole thing... And since I am not familiar
with lock debugging at all, this will take a long time to figure out
on my own.
Thank you, guys.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
On Sun, 31 Jan 2010, Siarhei Liakh wrote:
> V1: initial patch for 2.6.30
> V2: patch for 2.6.31-rc7
> V3: moved all code into arch/x86, adjusted credits
> V4: fixed ifdef, removed credits from CREDITS
> V5: fixed an address calculation bug in mark_nxdata_nx()
> V6: updated for compatibility with 2.6.33-rc5
> ---
>
> Signed-off-by: Siarhei Liakh
> Signed-off-by: Xuxian Jiang
> Acked-by: Arjan van de Ven
Reviewed-by: James Morris
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] x86: NX protection for kernel data
Hi!
> --- a/init/main.c
> +++ b/init/main.c
> @@ -7,6 +7,8 @@
> * Added initrd & change_root: Werner Almesberger & Hans Lermen, Feb '96
> * Moan early if gcc is old, avoiding bogus kernels - Paul Gortmaker, May '96
> * Simplified starting of init: Michael A. Griffith
> + * Data NX protection by Siarhei Liakh
> + * and Xuxian Jiang
> */
Better delete the changelog and add yourself to credits. Changelogs in
.c files are considered bad these days. (Feel free to kill the old
entries, too.)
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] x86: NX protection for kernel data
On Mon, 31 Aug 2009, Pavel Machek wrote:
> .c files are considered bad these days. (Feel free to kill the old
> entries, too.)
No, please don't delete historical information.
- James
--
James Morris
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V2] x86: NX protection for kernel data
On Wed, Aug 26, 2009 at 01:20:19PM -0400, Siarhei Liakh wrote:
>This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>(static) kernel data area as NX.
>The following steps are taken to achieve this:
>1. Linker script is adjusted so .text always starts and ends on a page boundary
>2. Linker script is adjusted so .rodata and .data always start and
>end on a page boundary
>3. void mark_nxdata_nx(void) added to init/main.c with actual
>functionality: NX is set for all
>pages from _etext through _end.
>4. mark_nxdata_nx() called from init_post(void) in init/main.c (after
>init has been released)
>5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
>
>The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
> and Xuxian Jiang .
>
{snip}
>
> #include
>@@ -91,6 +93,21 @@ extern void radix_tree_init(void);
> extern void free_initmem(void);
> #ifndef CONFIG_DEBUG_RODATA
> static inline void mark_rodata_ro(void) { }
>+static inline void mark_nxdata_nx(void) { }
>+#else
>+void mark_nxdata_nx(void)
>+{
>+ /*
>+ * When this called, init has already been executed and released,
>+ * so everything past _etext sould be NX.
>+ */
>+ unsigned long start = PFN_ALIGN(_etext);
>+ unsigned long size = PFN_ALIGN(_end) - start;
>+
>+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
>+ start, size >> PAGE_SHIFT);
>+ set_pages_nx(virt_to_page(start), size >> PAGE_SHIFT);
>+}
I am afraid this function has to be in arch/x86/mm/init.c.
Seems set_pages_nx() is x86-specific.
Have you tested this on other arch?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH] x86: NX protection for kernel data
On Sun, Jul 19, 2009 at 4:13 PM, Sam Ravnborg wrote:
> On Sun, Jul 19, 2009 at 03:43:06PM -0400, Siarhei Liakh wrote:
>> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
>> (static) kernel data area as NX.
>> The following steps are taken to achieve this:
>> 1. Linker scripts are adjusted so .text always starts and end on a page boundary
>> 2. Linker scripts are adjusted so .rodata and .data always starts and
>> end on a page boundary
>> 3. void mark_nxdata_nx(void) added to arch/x86/mm/init_64.c and
>> arch/x86/mm/init_32.c with actual functionality: NX is set for all
>> pages from _etext through _edata
>> 4. mark_nxdata_nx() called from init_post(void) in init/main.c
>>
>> The patch have been developed for Linux 2.6.30 x86 by Siarhei Liakh
>> and Xuxian Jiang .
>
>
> The patch no longer applies.
> The file vmlinux_32.lds.S and vmlinux_64.lds.S has been unified
> into one file.
That is actually a great news. I will get the latest source and
re-write the patch.
>> --- a/arch/x86/kernel/vmlinux_32.lds.S
>> +++ b/arch/x86/kernel/vmlinux_32.lds.S
>> @@ -47,6 +47,7 @@ SECTIONS
>> IRQENTRY_TEXT
>> *(.fixup)
>> *(.gnu.warning)
>> + . = ALIGN(PAGE_SIZE); /* .text should occupy whole number of pages */
>> _etext = .; /* End of text section */
>
> So _etext cover until page boundary - makes sense.
>
>> } :text = 0x9090
>>
>> @@ -93,6 +94,7 @@ SECTIONS
>> *(.data.read_mostly)
>> _edata = .; /* End of data section */
>> }
>> + . = ALIGN(PAGE_SIZE); /* needed so we can set NX for .data */
>
> But here _edata does not cover until page boundary.
> And alignmnet is located outside the output section
> definition.
> It would be better/more consistent to follow the style you use for .text here.
You are correct. _edata should be the last thing in .data, and
alignment should be done before it. However, this brings up a
question: was there any specific reason to leave .data.init_task
beyond the _edata? Should we move _edata into the the last of the
.data.* sections to have poper view of kernel layout?
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
This patch expands functionality of CONFIG_DEBUG_RODATA to set main
(static) kernel data area as NX.
The following steps are taken to achieve this:
1. Linker script is adjusted so .text always starts and ends on a page boundary
2. Linker script is adjusted so .rodata and .data always start and
end on a page boundary
3. void mark_nxdata_nx(void) added to arch/x86/mm/init.c with actual
functionality: NX is set for all pages from _etext through _end.
4. mark_nxdata_nx() called from free_initmem() (after init has been released)
5. free_init_pages() sets released memory NX in arch/x86/mm/init.c
The results of patch application may be observed in the diff of kernel page
table dumps:
--- data_nx_pt_before.txt 2009-10-13 07:48:59.000000000 -0400
+++ data_nx_pt_after.txt 2009-10-13 07:26:46.000000000 -0400
@@ -2,8 +2,9 @@
0x00000000-0xc0000000 3G pmd
---[ Kernel Mapping ]---
0xc0000000-0xc0100000 1M RW GLB x pte
-0xc0100000-0xc048d000 3636K ro GLB x pte
-0xc048d000-0xc0600000 1484K RW GLB x pte
+0xc0100000-0xc0381000 2564K ro GLB x pte
+0xc0381000-0xc048d000 1072K ro GLB NX pte
+0xc048d000-0xc0600000 1484K RW GLB NX pte
0xc0600000-0xf7800000 882M RW PSE GLB NX pmd
0xf7800000-0xf79fe000 2040K RW GLB NX pte
0xf79fe000-0xf7a00000 8K pte
The patch have been developed for Linux 2.6.31-rc7 x86 by Siarhei Liakh
and Xuxian Jiang .
V1: initial patch for 2.6.30
V2: patch for 2.6.31-rc7
V3: moved all code into arch/x86, adjusted credits
V4: fixed ifdef, removed credits from CREDITS
V5: fixed an address calculation bug in mark_nxdata_nx()
V6: added acked-by and PT dump diff to commit log
---
Signed-off-by: Siarhei Liakh
Signed-off-by: Xuxian Jiang
Acked-by: Arjan van de Ven
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
index 78d185d..83ae734 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -43,14 +43,14 @@ jiffies_64 = jiffies;
PHDRS {
text PT_LOAD FLAGS(5); /* R_E */
- data PT_LOAD FLAGS(7); /* RWE */
+ data PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_X86_64
- user PT_LOAD FLAGS(7); /* RWE */
- data.init PT_LOAD FLAGS(7); /* RWE */
+ user PT_LOAD FLAGS(6); /* RW_ */
+ data.init PT_LOAD FLAGS(6); /* RW_ */
#ifdef CONFIG_SMP
- percpu PT_LOAD FLAGS(7); /* RWE */
+ percpu PT_LOAD FLAGS(6); /* RW_ */
#endif
- data.init2 PT_LOAD FLAGS(7); /* RWE */
+ data.init2 PT_LOAD FLAGS(6); /* RW_ */
#endif
note PT_NOTE FLAGS(0); /* ___ */
}
@@ -89,6 +89,8 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
+ /* .text should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of text section */
_etext = .;
} :text = 0x9090
@@ -151,6 +153,8 @@ SECTIONS
.data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
*(.data.read_mostly)
+ /* .data should occupy whole number of pages */
+ . = ALIGN(PAGE_SIZE);
/* End of data section */
_edata = .;
}
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
index 0607119..7bfd411 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -423,9 +423,10 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
/*
* We just marked the kernel text read only above, now that
* we are going to free part of that, we need to make that
- * writeable first.
+ * writeable and non-executable first.
*/
set_memory_rw(begin, (end - begin) >> PAGE_SHIFT);
+ set_memory_nx(begin, (end - begin) >> PAGE_SHIFT);
printk(KERN_INFO "Freeing %s: %luk freed\n", what, (end - begin) >> 10);
@@ -440,11 +441,29 @@ void free_init_pages(char *what, unsigned long
begin, unsigned long end)
#endif
}
+void mark_nxdata_nx(void)
+{
+#ifdef CONFIG_DEBUG_RODATA
+ /*
+ * When this called, init has already been executed and released,
+ * so everything past _etext sould be NX.
+ */
+ unsigned long start = PAGE_ALIGN((unsigned long)(&_etext));
+ unsigned long size = PAGE_ALIGN((unsigned long)(&_end)) - start;
+
+ printk(KERN_INFO "NX-protecting the kernel data: %lx, %lu pages\n",
+ start, size >> PAGE_SHIFT);
+ set_memory_nx(start, size >> PAGE_SHIFT);
+#endif
+}
+
void free_initmem(void)
{
free_init_pages("unused kernel memory",
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
+ /* Set kernel's data as NX */
+ mark_nxdata_nx();
}
#ifdef CONFIG_BLK_DEV_INITRD
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
* Siarhei Liakh wrote:
> This patch expands functionality of CONFIG_DEBUG_RODATA to set main
> (static) kernel data area as NX.
thanks - this one looks good now.
Would be nice if you could send this with the patch that also deals with
the first 1 MB.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
> thanks - this one looks good now.
>
> Would be nice if you could send this with the patch that also deals with
> the first 1 MB.
I do plan to have that first megabyte fixed. But for now, let's keep
these patches separate, as there are many things that rely on that 1MB
area and I want to make sure they all still work properly with the
patch.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[PATCH V6] x86: NX protection for kernel data
* Siarhei Liakh wrote:
> > thanks - this one looks good now.
> >
> > Would be nice if you could send this with the patch that also deals
> > with the first 1 MB.
>
> I do plan to have that first megabyte fixed. But for now, let's keep
> these patches separate, as there are many things that rely on that 1MB
> area and I want to make sure they all still work properly with the
> patch.
Well, if we are going to touch this area i'd like to see them addressed
together.
The 1MB thing would obviously be a default-off Kconfig option so in that
sense it should not break anything by default.
Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/