Genode (x86_64) reboots on Thinkpad T420

Alexander Boettcher alexander.boettcher at genode-labs.com
Sun Mar 10 20:07:30 CET 2019 

On 08.03.19 12:29, Valery V. Sedletski wrote:
> On Fri Mar   8 15:57:20 2019 Alexander Boettcher <alexander.boettcher at genode-labs.com> wrote:
>> On 08.03.19 11:25, Valery V. Sedletski via users wrote:
>>> On 07.03.19 23:10, Valery V. Sedletski via users wrote:
>>>> Alexander Boettcher wrote:
>>
> 
>>> P.S.: I wondered why 32-bit works fine, but cnuke on the irc channel
>>> supposed that it could be because of NX bit, which is enabled on 32-bit
>>> normally only if PAE is enabled.
>>
>> Some kernels don't use PAE in 32bit, or in the kernel configuration it
>> is not enabled. That means the kernels in 32bit just don't use it and
>> therefore they booted up.
>>
>> In 64bit mode the NX-bit is supposed to be supported by all CPUs, never
>> have seen (until today) that you can disable such a security feature. It
>> makes no sense for modern OSes at all.
>>
> 
> IIRC, the bit prevents execution of code in DATA segments (?), It's supposed as a measure against viruses. Usually, such measures break some programs, which aren't viruses. So, I suspected that enabling the NX bit could break something, not vice versa, but it appears, I'm not right. I am still wondering why disabling it can cause traps or reboots. Do the kernels functionality depend on the NX bit somehow?

The kernel could/should check whether the NX feature is available by
hardware, and solely if, then should actually use it. The kernels
obviously don't do that.

When you look on how the NX bit is actually implemented, you will see
that the 63bit in the page table entry is used. With NX enabled, the 63.
bit decides whether code is executable (0) or not (1). If NX is
disabled, the 63 bit is part of your normal address lookup procedure.

If the kernel now set the 63. bit, but actually it is part of the normal
address page table walk (NX not supported), you will end up in wrong
addresses. Additionally, you also get non-canonical addresses, which is
not permitted and leads to hardware exceptions raised (see CPU
documentation of Intel/AMD).


Cheers,

-- 
Alexander Boettcher
Genode Labs

https://www.genode-labs.com - https://www.genode.org

Genode Labs GmbH - Amtsgericht Dresden - HRB 28424 - Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth

More information about the users mailing list