Re: [PATCH v2 5/6] x86/cpu: Remove "noexec"

From: Kees Cook
Date: Mon Feb 07 2022 - 17:25:49 EST

Next message: David Matlack: "Re: [PATCH 13/23] KVM: MMU: remove kvm_calc_shadow_root_page_role_common"
Previous message: Guenter Roeck: "Re: [PATCH 5.16 000/127] 5.16.8-rc2 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 27, 2022 at 12:56:25PM +0100, Borislav Petkov wrote:
> From: Borislav Petkov <bp@xxxxxxx>
>
> It doesn't make any sense to disable non-executable mappings -
> security-wise or else.
>
> So rip out that switch and move the remaining code into setup.c and
> delete setup_nx.c
>
> Signed-off-by: Borislav Petkov <bp@xxxxxxx>
> Reviewed-by: Lai Jiangshan <jiangshanlai@xxxxxxxxx>

I've dug through the nx fun again. The verify_cpu() calls are untouched
(which were the most fiddly part of all that a decade ago), so that's
good. The early handling of __supported_pte_mask in x86_configure_nx()
is untouched and the call is retained before the param processing for
the set_fixmap() dance, so everything I can remember as being "difficult"
with NX ordering here looks good.

Thanks for cleaning all this up!

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: David Matlack: "Re: [PATCH 13/23] KVM: MMU: remove kvm_calc_shadow_root_page_role_common"
Previous message: Guenter Roeck: "Re: [PATCH 5.16 000/127] 5.16.8-rc2 review"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]