From: Dave Hansen <[email protected]>
The kernel sometimes needs to mask unsupported bits out of page
table entries. It does that with a mask: '__supported_pte_mask'.
That mask can obviously only contain the No-eXecute bit (_PAGE_NX)
on hardware where NX is supported. x86_configure_nx() checks the
boot CPU's NX support and adjusts the mask appropriately.
But it doesn't check support directly. It uses the venerable
'boot_cpu_data' which is a software approximation of the actual CPU
support. Unfortunately, Xen wants to set up '__supported_pte_mask'
before 'boot_cpu_data' has been initialized. It hacks around this
problem by repeating some of the 'boot_cpu_data' setup *just* for
NX.
Have x86_configure_nx() stop consulting 'boot_cpu_data' and move
the NX detection to the caller.
No functional change. That will come later.
Signed-off-by: Dave Hansen <[email protected]>
Reviewed-by: Kai Huang <[email protected]>
---
b/arch/x86/include/asm/proto.h | 2 +-
b/arch/x86/kernel/setup.c | 6 +++---
b/arch/x86/xen/enlighten_pv.c | 2 +-
3 files changed, 5 insertions(+), 5 deletions(-)
diff -puN arch/x86/include/asm/proto.h~x86_configure_nx-arg arch/x86/include/asm/proto.h
--- a/arch/x86/include/asm/proto.h~x86_configure_nx-arg 2024-04-02 15:22:59.638913056 -0700
+++ b/arch/x86/include/asm/proto.h 2024-04-02 15:22:59.642913062 -0700
@@ -37,7 +37,7 @@ void entry_SYSRETL_compat_end(void);
#define entry_SYSENTER_compat NULL
#endif
-void x86_configure_nx(void);
+void x86_configure_nx(bool nx_supported);
extern int reboot_force;
diff -puN arch/x86/kernel/setup.c~x86_configure_nx-arg arch/x86/kernel/setup.c
--- a/arch/x86/kernel/setup.c~x86_configure_nx-arg 2024-04-02 15:22:59.638913056 -0700
+++ b/arch/x86/kernel/setup.c 2024-04-02 15:22:59.642913062 -0700
@@ -687,9 +687,9 @@ dump_kernel_offset(struct notifier_block
return 0;
}
-void x86_configure_nx(void)
+void x86_configure_nx(bool nx_supported)
{
- if (boot_cpu_has(X86_FEATURE_NX))
+ if (nx_supported)
__supported_pte_mask |= _PAGE_NX;
else
__supported_pte_mask &= ~_PAGE_NX;
@@ -853,7 +853,7 @@ void __init setup_arch(char **cmdline_p)
* whether hardware doesn't support NX (so that the early EHCI debug
* console setup can safely call set_fixmap()).
*/
- x86_configure_nx();
+ x86_configure_nx(boot_cpu_has(X86_FEATURE_NX));
parse_early_param();
diff -puN arch/x86/xen/enlighten_pv.c~x86_configure_nx-arg arch/x86/xen/enlighten_pv.c
--- a/arch/x86/xen/enlighten_pv.c~x86_configure_nx-arg 2024-04-02 15:22:59.638913056 -0700
+++ b/arch/x86/xen/enlighten_pv.c 2024-04-02 15:22:59.642913062 -0700
@@ -1371,7 +1371,7 @@ asmlinkage __visible void __init xen_sta
/* Work out if we support NX */
get_cpu_cap(&boot_cpu_data);
- x86_configure_nx();
+ x86_configure_nx(boot_cpu_has(X86_FEATURE_NX));
/*
* Set up kernel GDT and segment registers, mainly so that
_
On 03.04.24 17:35, Dave Hansen wrote:
> From: Dave Hansen <[email protected]>
>
> The kernel sometimes needs to mask unsupported bits out of page
> table entries. It does that with a mask: '__supported_pte_mask'.
>
> That mask can obviously only contain the No-eXecute bit (_PAGE_NX)
> on hardware where NX is supported. x86_configure_nx() checks the
> boot CPU's NX support and adjusts the mask appropriately.
>
> But it doesn't check support directly. It uses the venerable
> 'boot_cpu_data' which is a software approximation of the actual CPU
> support. Unfortunately, Xen wants to set up '__supported_pte_mask'
> before 'boot_cpu_data' has been initialized. It hacks around this
> problem by repeating some of the 'boot_cpu_data' setup *just* for
> NX.
>
> Have x86_configure_nx() stop consulting 'boot_cpu_data' and move
> the NX detection to the caller.
>
> No functional change. That will come later.
>
> Signed-off-by: Dave Hansen <[email protected]>
> Reviewed-by: Kai Huang <[email protected]>
Reviewed-by: Juergen Gross <[email protected]>
Juergen