Re: [RFC PATCH v3 6/8] x86/pti: don't mark the user PGD with _PAGE_NX.

[Willy Tarreau]

Hi David,

On Wed, Jan 10, 2018 at 08:28:27PM +0000, Woodhouse, David wrote:
> So... we'd really like to *not* lose the property that KPTI implies
> SMEP-like NX of user space for the kernel.

Don't worry, I find it nice as well and am not trying to kill it. As
mentionned in the "Note" section in the commit message, the current
#ifdef is temporary to make the whole thing work and I'm seeking good
ideas to do it only on unprotected processes. Andy proposed to continue
to do it inconditionally and to catch the page fault upon the first
return to user space and disable it. I like this approach but for now
I don't know how to do it. Another possibility would be that we disable
it when removing the protection on the mm.

Given that most of the discussion till now has been focused on how to
enable/disable the protection I'm leaving this part as-is for now. I'll
change the temporary commit message to make it clearer that it's broken
for now.

Cheers,
Willy