[PATCH RFC 3/4] x86/pti: don't mark the user PGD with _PAGE_NX.
From: Willy Tarreau
Date: Mon Jan 08 2018 - 11:13:15 EST
Since we're going to keep running on the same PGD when returning to
userspace for certain performance-critical tasks, we'll need the user
pages to be executable. So this code disables the extra protection
that was added consisting in marking user pages _PAGE_NX so that this
pgd remains usable for userspace.
Note: it isn't necessarily the best approach, but one way or another
if we want to be able to return to userspace from the kernel,
we'll have to have this executable anyway. Another approach
might consist in using another pgd for userland+kernel but
the current core really looks like an extra careful measure
to catch early bugs if any.
Signed-off-by: Willy Tarreau <w@xxxxxx>
---
arch/x86/mm/pti.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/x86/mm/pti.c b/arch/x86/mm/pti.c
index 43d4a4a..9e2dca0 100644
--- a/arch/x86/mm/pti.c
+++ b/arch/x86/mm/pti.c
@@ -135,9 +135,11 @@ pgd_t __pti_set_user_pgd(pgd_t *pgdp, pgd_t pgd)
* - we don't have NX support
* - we're clearing the PGD (i.e. the new pgd is not present).
*/
+#if 0
if ((pgd.pgd & (_PAGE_USER|_PAGE_PRESENT)) == (_PAGE_USER|_PAGE_PRESENT) &&
(__supported_pte_mask & _PAGE_NX))
pgd.pgd |= _PAGE_NX;
+#endif
/* return the copy of the PGD we want the kernel to use: */
return pgd;
--
1.7.12.1