On Wed, Mar 11, 2009 at 10:46 AM, NAHieu <nahieu@xxxxxxxxx> wrote: > On Tue, Mar 10, 2009 at 4:13 PM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: >> Sorry, my mistake, PAE is required yes, and then 32bit Linux Kernel >> will have NX enabled: >> >> PAE can be enabled with CONFIG_X86_PAE (and CONFIG_HIGHMEM64G - >> possibly needed, which is what the kernel config file for Fedora Core >> 11 has): >> >> In arch/x86/mm/init_32.c: >> >> #ifdef CONFIG_X86_PAE >> set_nx(); >> if (nx_enabled) >> printk(KERN_INFO "NX (Execute Disable) protection: active\n"); >> #endif > > That is indeed what happens in the kernel code. However, now I really > have some doubts now after reading the Intel manual 3A. > > According to 3.8.5, PAE mode in x86 reserves all the bits from 36-63 > to 0. Knowing that bit 63 is for NX, this means NX bit is never on, so > no page can be set with NX bit. As a result, all the pages in x86 > cannot prohibit execution. > > Meanwhile, 3.10.3 clearly mentions NX bit can be turned on in x86-64 > (IA32e in Intel term). > > So this means NX is really only possible in 64bit OS??? But then why > Linux 32 turns on NX? > > Could anybody confirm this confusion? Hmm now I see the reason: 4.13.3 says that the reserved bits are checked when PAE is on. My question still stands: why some (every?) data areas dont prohibit execution in x86 Linux? Thanks, H >> On Tue, Mar 10, 2009 at 12:23 PM, NAHieu <nahieu@xxxxxxxxx> wrote: >>> On Mon, Mar 9, 2009 at 11:50 PM, Peter Teoh <htmldeveloper@xxxxxxxxx> wrote: >>>> as far as I can remember, in x86 architecture, hardware-wise, it is >>>> NOT possible to enable NX. U may do anything via software, but it >>>> will not be enabled. NX feature is only for 64bit OS. >>>> >>> >>> No, NX is available for 32bit Linux, as long as PAE is enable. >>> >>> I am still stuck here (on 32bit Linux). It seems nobody can shed some >>> lights in this problem? >>> >>> Thanks, >>> H >>> >>> >>>> On Mon, Mar 9, 2009 at 4:27 AM, NAHieu <nahieu@xxxxxxxxx> wrote: >>>>> Hi, >>>>> >>>>> I inspect my Linux memory, and it seems that there is no area that >>>>> prohibite execution like I expected (using NX bit in modern CPU). That >>>>> really surprises me. >>>>> >>>>> I looked at some potential data areas exported in System.map file, like: >>>>> >>>>> - mark_rodata_ro >>>>> - sysctl_data >>>>> - new_cpu_data >>>>> - boot_cpu_data >>>>> >>>>> And all of these areas allow to execute code (because NX=0 there). Is >>>>> that really desirable? >>>>> >>>>> Anybody know for sure which area (easier to check if exported in >>>>> System.map) doesnt allow execute? >>>>> >>>>> I can confirm that NX is active in my machine (reported in dmesg) >>>>> >>> >> >> >> >> -- >> Regards, >> Peter Teoh >> > -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
