Re: [PATCH] x86/mm: Refuse W^X violations

From: Dave Hansen
Date: Thu Aug 25 2022 - 13:38:28 EST

Next message: Bart Van Assche: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Previous message: Doug Anderson: "Re: [PATCH] Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time""
In reply to: Sean Christopherson: "Re: [PATCH] x86/mm: Refuse W^X violations"
Next in thread: Kees Cook: "Re: [PATCH] x86/mm: Refuse W^X violations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 8/25/22 10:18, Sean Christopherson wrote:
>> +/*
>> + * Validate and enforce strict W^X semantics.
>> + */
>> +static inline pgprot_t verify_rwx(pgprot_t old, pgprot_t new, unsigned long start,
>> + unsigned long pfn, unsigned long npg)
>> +{
>> + unsigned long end;
>> +
> I think this needs
>
> if (!(__supported_pte_mask & _PAGE_NX))
> return new;
>
> to play nice with non-PAE 32-bit kernels.

Good catch. Nit: I'd probably write this up as:

if (!cpu_feature_enabled(X86_FEATURE_NX))
return new;

That gets us our fancy static branches and is a bit easier on the eyes.
I checked and don't see a way for __supported_pte_mask to have _PAGE_NX
clear when X86_FEATURE_NX==1.

Next message: Bart Van Assche: "Re: [for-linus][PATCH 01/10] tracing: Suppress sparse warnings triggered by is_signed_type()"
Previous message: Doug Anderson: "Re: [PATCH] Revert "drm: bridge: analogix/dp: add panel prepare/unprepare in suspend/resume time""
In reply to: Sean Christopherson: "Re: [PATCH] x86/mm: Refuse W^X violations"
Next in thread: Kees Cook: "Re: [PATCH] x86/mm: Refuse W^X violations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]