On Mon, Nov 27, 2017 at 10:11 AM, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> wrote: >> --- a/arch/x86/include/asm/pgtable_64.h >> +++ b/arch/x86/include/asm/pgtable_64.h >> @@ -222,7 +222,8 @@ static inline pgd_t kaiser_set_shadow_pg >> * wrong CR3 value, userspace will crash >> * instead of running. >> */ >> - pgd.pgd |= _PAGE_NX; >> + if (__supported_pte_mask & _PAGE_NX) >> + pgd.pgd |= _PAGE_NX; >> } > > Thanks for catching that. It's definitely a bug. Although, > practically, it's hard to hit, right? I think everything 64-bit > supports NX unless the hypervisor disabled it or something. There was a very narrow window where x86_64 machines were made without NX. :( This is reflected in x86_report_nx(), though maybe we should add a "OMG, why?" when 64-bit but no NX. ;) -Kees -- Kees Cook Pixel Security -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
