Re: [PATCH] x86/mm+efi: Avoid creating W+X mappings
From: Dave Hansen
Date: Fri Sep 23 2022 - 18:15:25 EST
On 9/23/22 14:19, Kees Cook wrote:
>> But currently, PAE is not even enabled in the i386_defconfig, and
>> defaults to off. This means people that are unaware of this won't
>> enable it, and will be running without NX support.
> And they all make me cry. ;)
It's been like that for a long time, presumably because the defconfig
should *boot* in as many cases as possible. It wouldn't be hard to
change. It also wouldn't be hard to default to HIGHMEM4G (non-PAE) on
targeted builds for CPUs that don't support it. Patch attached to do
that, if anyone else has an opinion.
We should probably just leave i386 alone, but it breaks my heart to see
Kees in tears.diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index f9920f1341c8..fad978c7b7c5 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1363,9 +1363,14 @@ config X86_CPUID
with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
/dev/cpu/31/cpuid.
+config CPU_HAS_PAE
+ def_bool y
+ depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
+
choice
prompt "High Memory Support"
default HIGHMEM4G
+ default HIGHMEM64G if CPU_HAS_PAE
depends on X86_32
config NOHIGHMEM
@@ -1412,7 +1417,7 @@ config HIGHMEM4G
config HIGHMEM64G
bool "64GB"
- depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
+ depends on CPU_HAS_PAE
select X86_PAE
help
Select this if you have a 32-bit processor and more than 4