Ubuntu
linux package

booting 32bit non-PAE on CPU with NX does not report NX emulation

  1. Natty (11.04)
  2. Bug #745181
Bug #745181 reported by Kees Cook
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Fix Released
Low
Kees Cook
Maverick
Fix Released
Low
Kees Cook
Natty
Fix Released
Low
Kees Cook
Oneiric
Fix Released
Low
Kees Cook

Bug Description

Since 10.10, dmesg does not happen to mention that NX emulation is active on CPUs _with_ the NX bit, but without the PAE kernel.

SRU justification: this is a regression from Lucid which clearly showed when NX-emu was enabled in dmesg, and the change is small.

TEST-CASE:
boot a 32bit non-PAE kernel on a CPU with NX hardware. dmesg should report:
 Notice: NX (Execute Disable) protection cannot be enabled in hardware: non-PAE kernel!
 NX (Execute Disable) protection: approximated by x86 segment limits
instead of just:
 Notice: NX (Execute Disable) protection cannot be enabled: non-PAE kernel!

See original description
Revision history for this message
Kees Cook (kees) wrote :

Untested potential fix...

Changed in linux (Ubuntu Maverick):
assignee: nobody → Kees Cook (kees)
Changed in linux (Ubuntu Natty):
assignee: nobody → Kees Cook (kees)
Changed in linux (Ubuntu Oneiric):
assignee: nobody → Kees Cook (kees)
importance: Undecided → Low
Changed in linux (Ubuntu Natty):
importance: Undecided → Low
Changed in linux (Ubuntu Maverick):
importance: Undecided → Low
tags: added: patch
Kees Cook (kees)
Changed in linux (Ubuntu Natty):
status: New → Fix Committed
Changed in linux (Ubuntu Maverick):
status: New → Fix Committed
Changed in linux (Ubuntu Oneiric):
status: New → Fix Committed
Changed in linux (Ubuntu Natty):
status: Fix Committed → In Progress
Changed in linux (Ubuntu Maverick):
status: Fix Committed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package linux - 2.6.38-8.40

---------------
linux (2.6.38-8.40) natty; urgency=low

  [ Brad Figg ]

  * [Config] Set CONFIG_NR_CPUS=256 for amd64 generic
    - LP: #737124

  [ Henrik Rydberg ]

  * SAUCE: HID: hid-ntrig: add support for 1b96:0006 model
  * SAUCE: HID: ntrig: fix suspend/resume on recent models

  [ Kees Cook ]

  * [Config] packaging: adjust perms on vmlinuz as well
  * SAUCE: nx-emu: further clarify dmesg reporting
    - LP: #745181

  [ Leann Ogasawara ]

  * rebase to v2.6.38.1
  * [Config] update configs after v2.6.38.1 rebase
  * rebase to v2.6.38.2

  [ Manoj Iyer ]

  * SAUCE: thinkpad-acpi: module autoloading for newer Lenovo ThinkPads.
    - LP: #745217

  [ Tim Gardner ]

  * SAUCE: INR_OPEN=4096
    - LP: #663090

  [ Upstream Kernel Changes ]

  * (drop after v2.6.38) HID: ntrig don't dereference unclaimed hidinput
  * (drop after v2.6.38) HID: ntrig: apply NO_INIT_REPORTS quirk
  * (drop after v2.6.38) HID: hid-ntrig: init settle and mode check
  * eeepc-wmi: add hotplug code for Eeepc 1000H
  * eeepc-wmi: serialize access to wmi method
  * eeepc-wmi: return proper error code in eeepc_rfkill_set()
  * eeepc-wmi: add an helper using simple return codes
  * eeepc-wmi: add hibernate/resume callbacks
  * eeepc-wmi: switch to platform_create_bundle()
  * eeepc-wmi: reorder defines
  * eeepc-wmi: use the presence bit correctly
  * eeepc-wmi: add camera and card reader support
  * eeepc-wmi: add wimax support
  * eeepc-wmi: set the right key code for 0xe9
  * eeepc-wmi: support backlight power (bl_power) attribute
  * eeepc-wmi: respect wireless_hotplug setting
  * eeepc-wmi: real touchpad led device id is 0x001000012
  * eeepc-wmi: comments keymap to clarify the meaning of some keys
  * eeepc-wmi: add touchpad sysfs file
  * eeepc-wmi: reorder device ids

  [ Major Kernel Changes ]

  * rebase from v2.6.38 to v2.6.38.1
    - LP: #735640, #735450
  * rebase from v2.6.38.1 to v2.6.38.2
    - LP: #733780
 -- Leann Ogasawara <email address hidden> Mon, 28 Mar 2011 06:20:13 -0700

Changed in linux (Ubuntu Natty):
status: In Progress → Fix Released
Tim Gardner (timg-tpi)
Changed in linux (Ubuntu Maverick):
status: In Progress → Fix Committed
Kees Cook (kees)
description: updated
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted linux into maverick-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Revision history for this message
Steve Conklin (sconklin) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed' to 'verification-done'.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-maverick
Revision history for this message
Kees Cook (kees) wrote :

Confirmed to be fixed...

With 2.6.35-29.50-generic: $ dmesg | grep NX
[ 0.000000] Notice: NX (Execute Disable) protection cannot be enabled in hardware: non-PAE kernel!
...

With 2.6.35-29.51-generic: $ dmesg | grep NX
[ 0.000000] Notice: NX (Execute Disable) protection cannot be enabled in hardware: non-PAE kernel!
[ 0.000000] NX (Execute Disable) protection: approximated by x86 segment limits
...

tags: added: verification-done-maverick
removed: verification-needed-maverick
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (30.0 KiB)

This bug was fixed in the package linux - 2.6.35-30.54

---------------
linux (2.6.35-30.54) maverick-proposed; urgency=low

  [ Brad Figg ]

  * Release Tracking Bug
    - LP: #794114

  [ Upstream Kernel Changes ]

  * Revert "xhci: Fix full speed bInterval encoding."
  * Revert "USB: xhci - also free streams when resetting devices"
  * Revert "USB: xhci - fix math in xhci_get_endpoint_interval()"
  * Revert "USB: xhci - fix unsafe macro definitions"

linux (2.6.35-30.53) maverick-proposed; urgency=low

  [ Upstream Kernel Changes ]

  * xhci: Fix full speed bInterval encoding.
    - LP: #792959

linux (2.6.35-30.52) maverick-proposed; urgency=low

  [ Herton R. Krzesinski ]

  * Release Tracking Bug
    - LP: #790653

  [ Stefan Bader ]

  * Include nls_iso8859-1 for virtual images
    - LP: #732046

  [ Thomas Schlichter ]

  * SAUCE: vesafb: mtrr module parameter is uint, not bool
    - LP: #778043

  [ Tim Gardner ]

  * [Config] Add cachefiles.ko to virtual flavour
    - LP: #770430

  [ Upstream Kernel Changes ]

  * Revert "intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot
    hang"
    - LP: #772560
  * Revert "TPM: Long default timeout fix"
    - LP: #772560
  * Revert "tpm_tis: Use timeouts returned from TPM"
    - LP: #772560
  * Revert "xen: set max_pfn_mapped to the last pfn mapped"
  * CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
    - LP: #765007
    - CVE-2010-4565
  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1,
    CVE-2011-0711
    - LP: #767740
    - CVE-2011-0711
  * Treat writes as new when holes span across page boundaries,
    CVE-2011-0463
    - LP: #770483
    - CVE-2011-0463
  * fs/partitions/ldm.c: fix oops caused by corrupted partition table,
    CVE-2011-1017
    - LP: #771382
    - CVE-2011-1017
  * qla2xxx: Make the FC port capability mutual exclusive.
    - LP: #772560
  * staging: usbip: bugfixes related to kthread conversion
    - LP: #772560
  * staging: usbip: bugfix add number of packets for isochronous frames
    - LP: #772560
  * staging: usbip: bugfix for isochronous packets and optimization
    - LP: #772560
  * staging: hv: Fix GARP not sent after Quick Migration
    - LP: #772560
  * staging: hv: use sync_bitops when interacting with the hypervisor
    - LP: #772560
  * irda: validate peer name and attribute lengths
    - LP: #772560
  * irda: prevent heap corruption on invalid nickname
    - LP: #772560
  * nilfs2: fix data loss in mmap page write for hole blocks
    - LP: #772560
  * ASoC: Explicitly say registerless widgets have no register
    - LP: #772560
  * ALSA: ens1371: fix Creative Ectiva support
    - LP: #772560
  * ROSE: prevent heap corruption with bad facilities
    - LP: #772560
  * Btrfs: Fix uninitialized root flags for subvolumes
    - LP: #772560
  * x86, mtrr, pat: Fix one cpu getting out of sync during resume
    - LP: #772560
  * UBIFS: do not read flash unnecessarily
    - LP: #772560
  * UBIFS: fix oops on error path in read_pnode
    - LP: #772560
  * UBIFS: fix debugging failure in dbg_check_space_info
    - LP: #772560
  * quota: Don't write quota info in dquot_commit()
    - LP: #772560
  * mm: avoid wrapping vm_...

Changed in linux (Ubuntu Maverick):
status: Fix Committed → Fix Released
dino99 (9d9)
Changed in linux (Ubuntu Oneiric):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.