linux/arch/x86/kernel
Kees Cook ae84739c27 x86, cpu: Clear XD_DISABLED flag on Intel to regain NX
Intel CPUs have an additional MSR bit to indicate if the BIOS was
configured to disable the NX cpu feature. This bit was traditionally
used for operating systems that did not understand how to handle the
NX bit. Since Linux understands this, this BIOS flag should be ignored
by default.

In a review[1] of reported hardware being used by Ubuntu bug reporters,
almost 10% of systems had an incorrectly configured BIOS, leaving their
systems unable to use the NX features of their CPU.

This change will clear the MSR_IA32_MISC_ENABLE_XD_DISABLE bit so that NX
cannot be inappropriately controlled by the BIOS on Intel CPUs. If, under
very strange hardware configurations, NX actually needs to be disabled,
"noexec=off" can be used to restore the prior behavior.

[1] http://www.outflux.net/blog/archives/2010/02/18/data-mining-for-nx-bit/

Signed-off-by: Kees Cook <kees.cook@canonical.com>
LKML-Reference: <1289414154-7829-3-git-send-email-kees.cook@canonical.com>
Acked-by: Pekka Enberg <penberg@kernel.org>
Acked-by: Alan Cox <alan@lxorguk.ukuu.org.uk>
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
2010-11-10 15:42:54 -08:00
..
acpi Merge branch 'stable/xen-pcifront-0.8.2' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen 2010-10-28 17:11:17 -07:00
apic x86: Check irq_remapped instead of remapping_enabled in destroy_irq() 2010-10-30 10:28:31 +02:00
cpu Merge branch 'perf-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-27 18:48:00 -07:00
.gitignore
alternative.c Merge branches 'perf-fixes-for-linus' and 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-30 11:43:26 -07:00
amd_iommu_init.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
amd_iommu.c x86/amd-iommu: Update copyright headers 2010-10-13 11:13:21 +02:00
amd_nb.c x86, amd_nb: Enable GART support for AMD family 0x15 CPUs 2010-10-01 16:18:32 -07:00
apb_timer.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
aperture_64.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
apm_32.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
asm-offsets_32.c x86, asm: Fix CFI macro invocations to deal with shortcomings in gas 2010-10-19 14:28:02 -07:00
asm-offsets_64.c
asm-offsets.c
audit_64.c
bootflag.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
check.c x86: Use memblock to replace early_res 2010-08-27 11:12:29 -07:00
cpuid.c x86: convert cpu notifier to return encapsulate errno value 2010-05-27 09:12:48 -07:00
crash_dump_32.c mm: stack based kmap_atomic() 2010-10-26 16:52:08 -07:00
crash_dump_64.c mm, x86: Saving vmcore with non-lazy freeing of vmas 2010-09-17 09:11:56 +02:00
crash.c x86, UV: Make kdump avoid stack dumps 2010-07-21 11:33:27 -07:00
doublefault_32.c
dumpstack_32.c x86, printk: Get rid of <0> from stack output 2010-10-23 20:03:03 +02:00
dumpstack_64.c x86, printk: Get rid of <0> from stack output 2010-10-23 20:03:03 +02:00
dumpstack.c x86: Unify dumpstack.h and stacktrace.h 2010-06-08 23:29:52 +02:00
e820.c x86, memblock: Use memblock_memory_size()/memblock_free_memory_size() to get correct dma_reserve 2010-08-27 11:13:54 -07:00
early_printk_mrst.c x86, earlyprintk: Add hsu early console for Intel Medfield platform 2010-10-08 10:01:47 +02:00
early_printk.c x86, earlyprintk: Add hsu early console for Intel Medfield platform 2010-10-08 10:01:47 +02:00
early-quirks.c Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:18:06 -07:00
entry_32.S x86, asm: Restore parentheses around one pushl_cfi argument 2010-10-22 10:51:44 +02:00
entry_64.S Merge branches 'softirq-for-linus', 'x86-debug-for-linus', 'x86-numa-for-linus', 'x86-quirks-for-linus', 'x86-setup-for-linus', 'x86-uv-for-linus' and 'x86-vm86-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-23 08:25:36 -07:00
ftrace.c jump label: Make dynamic no-op selection available outside of ftrace 2010-09-20 18:19:39 -04:00
head32.c Merge branch 'x86-trampoline-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-22 20:37:50 -07:00
head64.c x86-64: Only set max_pfn_mapped to 512 MiB if we enter via head_64.S 2010-10-14 09:06:49 +02:00
head_32.S x86-32, mm: Add an initial page table for core bootstrapping 2010-10-20 14:23:55 -07:00
head_64.S x86-64: Simplify loading initial_gs 2010-07-21 21:23:51 -07:00
head.c x86: Use memblock to replace early_res 2010-08-27 11:12:29 -07:00
hpet.c workqueues: s/ON_STACK/ONSTACK/ 2010-10-26 16:52:14 -07:00
hw_breakpoint.c x86: Fix instruction breakpoint encoding 2010-09-17 03:24:13 +02:00
i386_ksyms_32.c
i387.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:34:32 -07:00
i8237.c
i8253.c i8253: Convert i8253_lock to raw_spinlock 2010-03-02 10:28:38 +01:00
i8259.c x86: i8259: Convert to new irq_chip functions 2010-10-12 16:53:36 +02:00
init_task.c Rename .data.cacheline_aligned to .data..cacheline_aligned. 2010-03-03 11:25:58 +01:00
io_delay.c
ioport.c
irq_32.c x86-32: Restore irq stacks NUMA-aware allocations 2010-10-29 08:17:07 +02:00
irq_64.c
irq_work.c irq_work: Add generic hardirq context callbacks 2010-10-18 19:58:50 +02:00
irq.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
irqinit.c Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:11:46 -07:00
jump_label.c jump label: x86 support 2010-09-22 16:33:03 -04:00
kdebugfs.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
kgdb.c debug_core,x86,blackfin: Clean up hw debug disable API 2010-10-29 13:14:41 -05:00
kprobes.c jump label: Add jump_label_text_reserved() to reserve jump points 2010-09-22 16:30:46 -04:00
kvm.c
kvmclock.c KVM guest: Move a printk that's using the clock before it's ready 2010-10-24 10:53:06 +02:00
ldt.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
machine_kexec_32.c
machine_kexec_64.c x86, cleanups: Use clear_page/copy_page rather than memset/memcpy 2010-09-22 15:36:49 -07:00
Makefile x86: Move olpc to platform 2010-10-27 17:22:16 +02:00
mca_32.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
microcode_amd.c
microcode_core.c Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
microcode_intel.c Update broken web addresses in arch directory. 2010-10-18 11:03:21 +02:00
mmconf-fam10h_64.c x86: Move range related operation to one file 2010-02-10 17:47:17 -08:00
module.c Merge commit 'v2.6.36-rc7' into perf/core 2010-10-08 10:46:27 +02:00
mpparse.c Merge commit 'v2.6.36-rc3' into x86/memblock 2010-08-31 09:45:46 +02:00
msr.c x86: convert cpu notifier to return encapsulate errno value 2010-05-27 09:12:48 -07:00
paravirt_patch_32.c
paravirt_patch_64.c
paravirt-spinlocks.c
paravirt.c x86, paravirt: Remove alloc_pmd_clone hook, only used by VMI 2010-08-23 17:09:44 -07:00
pci-calgary_64.c x86, calgary: Make Calgary IOMMU use IOMMU_INIT_* macros. 2010-08-26 15:14:15 -07:00
pci-dma.c x86, iommu: Utilize the IOMMU_INIT macros functionality. 2010-08-26 15:14:52 -07:00
pci-gart_64.c Merge branch 'x86-iommu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 14:23:48 -07:00
pci-iommu_table.c x86, iommu: Add proper dependency sort routine (and sanity check). 2010-08-26 15:13:19 -07:00
pci-nommu.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
pci-swiotlb.c x86, swiotlb: Make SWIOTLB use IOMMU_INIT_* macros. 2010-08-26 15:13:37 -07:00
pcspeaker.c
probe_roms_32.c
process_32.c x86, perf: Add power_end event to process_*.c cpu_idle routine 2010-06-18 11:35:10 +02:00
process_64.c x86-64, fpu: Disable preemption when using TS_USEDFPU 2010-09-09 14:16:45 -07:00
process.c Make do_execve() take a const filename pointer 2010-08-17 18:07:43 -07:00
ptrace.c ptrace: cleanup arch_ptrace() on x86 2010-10-27 18:03:10 -07:00
pvclock.c x86: pvclock: Move scale_delta into common header 2010-10-24 10:51:24 +02:00
quirks.c x86: HPET force enable for CX700 / VIA Epia LT 2010-09-15 16:27:04 +02:00
reboot_fixups_32.c
reboot.c Merge branch 'linus' into x86/urgent 2010-10-25 19:38:52 +02:00
relocate_kernel_32.S
relocate_kernel_64.S
rtc.c
setup_percpu.c Merge branch 'core-memblock-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 18:52:11 -07:00
setup.c Merge branch 'linux-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2010-10-28 11:59:52 -07:00
signal.c
smp.c x86, kexec: Make sure to stop all CPUs before exiting the kernel 2010-10-21 13:30:44 -07:00
smpboot.c Merge branch 'x86-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-27 18:38:55 -07:00
stacktrace.c x86: Unify save_stack_address() and save_stack_address_nosched() 2010-06-09 17:32:19 +02:00
step.c x86, ptrace: Fix block-step 2010-03-26 11:33:57 +01:00
sys_i386_32.c i386: Make kernel_execve() suitable for stack unwinding 2010-09-03 08:16:02 +02:00
sys_x86_64.c improve sys_newuname() for compat architectures 2010-03-12 15:52:32 -08:00
syscall_64.c
syscall_table_32.S x86: fix up system call numbering nit 2010-08-10 15:35:10 -07:00
tboot.c Merge branch 'kvm-updates/2.6.35' of git://git.kernel.org/pub/scm/virt/kvm/kvm 2010-05-21 17:16:21 -07:00
tce_64.c
test_nx.c
test_rodata.c
time.c x86: Convert i8259_lock to raw_spinlock 2010-02-16 18:21:32 +01:00
tls.c
tls.h
topology.c
trampoline_32.S
trampoline_64.S x86, cpu: Rename verify_cpu_64.S to verify_cpu.S 2010-11-10 15:42:42 -08:00
trampoline.c Merge branch 'x86-trampoline-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-22 20:37:50 -07:00
traps.c Merge branches 'softirq-for-linus', 'x86-debug-for-linus', 'x86-numa-for-linus', 'x86-quirks-for-linus', 'x86-setup-for-linus', 'x86-uv-for-linus' and 'x86-vm86-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-23 08:25:36 -07:00
tsc_sync.c
tsc.c Merge branch 'x86-amd-nb-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-21 13:01:08 -07:00
verify_cpu.S x86, cpu: Clear XD_DISABLED flag on Intel to regain NX 2010-11-10 15:42:54 -08:00
vm86_32.c x86, vm86: Fix preemption bug for int1 debug and int3 breakpoint handlers. 2010-09-23 11:07:49 -07:00
vmlinux.lds.S Merge branch 'x86-irq-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-10-22 08:54:21 -07:00
vsmp_64.c
vsyscall_64.c timkeeping: Fix update_vsyscall to provide wall_to_monotonic offset 2010-07-27 12:40:54 +02:00
x86_init.c x86: Introduce x86_msi_ops 2010-10-18 10:49:34 -04:00
x8664_ksyms_64.c x86-64: Don't export init_level4_pgt 2010-04-28 17:25:47 -07:00
xsave.c Merge branch 'x86-xsave-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2010-08-06 16:25:13 -07:00