Re: Do x86 NX and AMD prefetch check cause page fault infinite loop?

[Jamie Lokier]

Ingo Molnar wrote:
> i understand what you mean, but for this to trigger one would have to
> trigger the prefetch erratum _and_ then turn off executability in
> parallel, right? So the question is, is there a reliable way to trigger
> the pagefault situation, and if yes, how do you turn on NX - because
> right before the fault the instruction had to be executable.

No need for anything in parallel.

I think you can trigger it by jumping to a non-PROT_EXEC page where
the target address is a prefetch -- or by falling through from the end
of a PROT_EXEC page to a non-PROT_EXEC one.

To be sure both cases are obscure, but the resulting loop is still wrong.

Who knows, perhaps internal conditions of the chip prevent these
particular prefetches from triggering the fault.  After all, we're
told that on returning from the fault handler, the prefetch won't
fault again, and it's not obvious why that should be.  It'd be very
subtle though, and deserve a comment.

-- Jamie

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/