Re: [patch V2 1/5] x86/kaiser: Respect disabled CPU features

From: Kees Cook
Date: Mon Nov 27 2017 - 13:37:27 EST

Next message: Maciej S. Szmigiero: "Re: [PATCH v3 1/2] ALSA: pcm: add SNDRV_PCM_FORMAT_{S, U}20"
Previous message: Jason Gunthorpe: "Re: [PATCH 0/3] RDMA/hns: Bug fixes in hns RoCE driver"
In reply to: Dave Hansen: "Re: [patch V2 1/5] x86/kaiser: Respect disabled CPU features"
Next in thread: Thomas Gleixner: "[patch V2 5/5] x86/kaiser: Add boottime disable switch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 27, 2017 at 10:11 AM, Dave Hansen
<dave.hansen@xxxxxxxxxxxxxxx> wrote:
>> --- a/arch/x86/include/asm/pgtable_64.h
>> +++ b/arch/x86/include/asm/pgtable_64.h
>> @@ -222,7 +222,8 @@ static inline pgd_t kaiser_set_shadow_pg
>> * wrong CR3 value, userspace will crash
>> * instead of running.
>> */
>> - pgd.pgd |= _PAGE_NX;
>> + if (__supported_pte_mask & _PAGE_NX)
>> + pgd.pgd |= _PAGE_NX;
>> }
>
> Thanks for catching that. It's definitely a bug. Although,
> practically, it's hard to hit, right? I think everything 64-bit
> supports NX unless the hypervisor disabled it or something.

There was a very narrow window where x86_64 machines were made without
NX. :( This is reflected in x86_report_nx(), though maybe we should
add a "OMG, why?" when 64-bit but no NX. ;)

-Kees

--
Kees Cook
Pixel Security

Next message: Maciej S. Szmigiero: "Re: [PATCH v3 1/2] ALSA: pcm: add SNDRV_PCM_FORMAT_{S, U}20"
Previous message: Jason Gunthorpe: "Re: [PATCH 0/3] RDMA/hns: Bug fixes in hns RoCE driver"
In reply to: Dave Hansen: "Re: [patch V2 1/5] x86/kaiser: Respect disabled CPU features"
Next in thread: Thomas Gleixner: "[patch V2 5/5] x86/kaiser: Add boottime disable switch"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]