On 03/05/18 13:58, Linus Torvalds wrote: > On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel <joro@xxxxxxxxxx> wrote: >> On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote: >>> >>> Ahh, good. So presumably Joerg actually did check it, just didn't even notice ;) >> >> Yeah, sort of. I ran the test, but it didn't catch the failure case in >> previous versions which was return to user with kernel-cr3 :) > > Ahh. Yes, that's bad. The NX protection to guarantee that you don't > return to user mode was really good on x86-64. > > So some other case could slip through, because user code can happily > run with the kernel page tables. > >> I could probably add some debug instrumentation to check for that in my >> future testing, as there is no NX protection in the user address-range >> for the kernel-cr3. > > Does not NX work with PAE? > > Oh, it looks like the NX bit is marked as "RSVD (must be 0)" in the > PDPDT. Oh well. > On NX-enabled hardware NX works with PDE, but the PDPDT in general doesn't have permission bits (it's really more of a set of four CR3s than a page table level.) -hpa -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx"> email@xxxxxxxxx </a>