From: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> The pageattr code has a mode where it can set or clear PTE bits in existing PTEs, so the page protections of the *new* PTEs come from one of two places: 1. The set/clear masks: cpa->mask_clr / cpa->mask_set 2. The existing PTE We filter ->mask_set/clr for supported PTE bits at entry to __change_page_attr() so we never need to filter them again. The only other place permissions can come from is an existing PTE and those already presumably have good bits. We do not need to filter them again. Signed-off-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx> Cc: Andrea Arcangeli <aarcange@xxxxxxxxxx> Cc: Andy Lutomirski <luto@xxxxxxxxxx> Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> Cc: Kees Cook <keescook@xxxxxxxxxx> Cc: Hugh Dickins <hughd@xxxxxxxxxx> Cc: Juergen Gross <jgross@xxxxxxxx> Cc: x86@xxxxxxxxxx Cc: Nadav Amit <namit@xxxxxxxxxx> --- b/arch/x86/mm/pageattr.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff -puN arch/x86/mm/pageattr.c~x86-pageattr-dont-filter-global arch/x86/mm/pageattr.c --- a/arch/x86/mm/pageattr.c~x86-pageattr-dont-filter-global 2018-04-02 16:41:15.543605172 -0700 +++ b/arch/x86/mm/pageattr.c 2018-04-02 16:41:15.547605172 -0700 @@ -598,7 +598,6 @@ try_preserve_large_page(pte_t *kpte, uns req_prot = pgprot_clear_protnone_bits(req_prot); if (pgprot_val(req_prot) & _PAGE_PRESENT) pgprot_val(req_prot) |= _PAGE_PSE; - req_prot = canon_pgprot(req_prot); /* * old_pfn points to the large page base pfn. So we need @@ -718,7 +717,7 @@ __split_large_page(struct cpa_data *cpa, */ pfn = ref_pfn; for (i = 0; i < PTRS_PER_PTE; i++, pfn += pfninc) - set_pte(&pbase[i], pfn_pte(pfn, canon_pgprot(ref_prot))); + set_pte(&pbase[i], pfn_pte(pfn, ref_prot)); if (virt_addr_valid(address)) { unsigned long pfn = PFN_DOWN(__pa(address)); @@ -935,7 +934,6 @@ static void populate_pte(struct cpa_data pte = pte_offset_kernel(pmd, start); pgprot = pgprot_clear_protnone_bits(pgprot); - pgprot = canon_pgprot(pgprot); while (num_pages-- && start < end) { set_pte(pte, pfn_pte(cpa->pfn, pgprot)); @@ -1234,7 +1232,7 @@ repeat: * after all we're only going to change it's attributes * not the memory it points to */ - new_pte = pfn_pte(pfn, canon_pgprot(new_prot)); + new_pte = pfn_pte(pfn, new_prot); cpa->pfn = pfn; /* * Do we really change anything ? _