Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1377241rwb;
        Fri, 23 Sep 2022 11:45:29 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM5IxQJh/f3aJXUtbyZETOOJsNIH2kv+I/y1wv7UZd2GQv5g+jx8nQeedL6Xdees8O+4ZGqI
X-Received: by 2002:a17:90a:4888:b0:203:6d42:ccae with SMTP id b8-20020a17090a488800b002036d42ccaemr11170322pjh.166.1663958728950;
        Fri, 23 Sep 2022 11:45:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1663958728; cv=none;
        d=google.com; s=arc-20160816;
        b=HzBCezFF6+enQ5N2WDwSMwYYO9Ivzixe/TzHlqTXBgdbqSZxrZiJyt7oifjB8r3sHg
         /RACdFLQqUSrhU+FtwBd2h9sV8ziMVqAA2Trb7jaeZYwQX4PHHk1CCe2I6g87gcQONyp
         IK82PsCzu4lGl+NvAaZJwvD10rGTPH7kLIKoRcpDkBpNvLqasv+URg2xUN5qxp65/ug9
         mkQNT3uObUYFrAmGh+97dg82CwRZOO5vgewdH4QTr1asVnqw0sB7S/DEYUZm/qX87pMx
         BLjW1shpJPlQ49lzo7aknmtaHxRfT4HH4me9ex1FK/ynXM9JiLmiN/9ap48j1dKWSroD
         pWOA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=bP5mST62l3Dyplz/ju44QwmUlqSEvtJtbI9d63/+wa4=;
        b=a2RcSNiHLOmUco2IV48ilzr9dcz7J2vMnVKS8uc5flKp0bHet2BFDVw6IZaZ3HZJob
         OnbIazNDn18iGqZQDGb+r/N1372uPRQCSrjuux/oX2w0OGIaZT1/CVwoveDpK9OYIggC
         VOO3PJ2/TIipjiC6IaH9+onQMXRbMfna0OyrXBSBzkZrPvZr2rmeIVjUcZIp/IQFQEAw
         XqfF+chCJ8HOVduCz6tR9Ktb08nUnYGXTd3Gn+ykpy3B6OT3GuYvFqpYcFlJGz1vkAx+
         KTBn1gd9y3fgHbQRfrvc9x8sKQv5kAcYNsrgp+werOVSMGILOvjyHUDdP1+gPexpkOa9
         R6GA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=LmxM4Lz5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id 17-20020a17090a1a5100b001fd6e58cd98si3429795pjl.123.2022.09.23.11.45.17;
        Fri, 23 Sep 2022 11:45:28 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@chromium.org header.s=google header.b=LmxM4Lz5;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232909AbiIWSb6 (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Fri, 23 Sep 2022 14:31:58 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55022 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232868AbiIWSbq (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 23 Sep 2022 14:31:46 -0400
Received: from mail-pf1-x430.google.com (mail-pf1-x430.google.com [IPv6:2607:f8b0:4864:20::430])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 82EAC127CBE
        for <linux-kernel@vger.kernel.org>; Fri, 23 Sep 2022 11:31:39 -0700 (PDT)
Received: by mail-pf1-x430.google.com with SMTP id b75so918812pfb.7
        for <linux-kernel@vger.kernel.org>; Fri, 23 Sep 2022 11:31:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:from:to:cc:subject:date;
        bh=bP5mST62l3Dyplz/ju44QwmUlqSEvtJtbI9d63/+wa4=;
        b=LmxM4Lz58SHUvrkrIDVdepMVdSRQVWhb0IlR3f+Yovh2Cag0sjNwoC90rQKRLK9hC1
         AzYQmE4xAjwoNc4CI+gAqYwedw3+SSn/iDZaiATAx2X7dYUI/+nmQeNdJ4PwBSOomhFO
         do9ZF7l8HzIAkh+9dE2aIqst0P0cZu3xLfTPM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=in-reply-to:content-disposition:mime-version:references:message-id
         :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date;
        bh=bP5mST62l3Dyplz/ju44QwmUlqSEvtJtbI9d63/+wa4=;
        b=hivL/MDgBH42dkx9OkkD7DHh5c8AYqKjOCu2/Gqqfv13iB0sKPUhUQyAguePDB3zHj
         0t/Cf1WjUn6FhrczShfJ5ugaoSDbNcWRNpD6DN9dQ435PqEjKtMDq0bdXHLbpOG17JFh
         JqzGzIxZXQPWnEVDO+IEHtYxIfI2BC3wcHbbJkgqCQLu5BUL89C4Q03+oRZLw6qKwGiM
         HOFTEDIP7sOdYdip/9OFS6ElsKG/ZINK+pfkgGHQ+0Su8LkUQBAP7W26YxVhYoJlcWQq
         rc/yyobQitYwq+HoFW32/UT1reTgGuCszvNB3GEILpkFZslVhsvudlvIKOz1OfkC1AfQ
         a3JA==
X-Gm-Message-State: ACrzQf1JgOa7kts6X7iiDHQi3gIAXDkJwMC92OMKlNhAW6hW7Fd4ZESk
        NTq0n1hOXXXlZmVv1wihkoVljA==
X-Received: by 2002:a63:594c:0:b0:438:f2ce:8780 with SMTP id j12-20020a63594c000000b00438f2ce8780mr8739037pgm.285.1663957899033;
        Fri, 23 Sep 2022 11:31:39 -0700 (PDT)
Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163])
        by smtp.gmail.com with ESMTPSA id p12-20020a170902e74c00b0016c5306917fsm6403374plf.53.2022.09.23.11.31.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 23 Sep 2022 11:31:38 -0700 (PDT)
Date:   Fri, 23 Sep 2022 11:31:37 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Ard Biesheuvel <ardb@kernel.org>
Cc:     Guenter Roeck <linux@roeck-us.net>,
        Peter Zijlstra <peterz@infradead.org>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        linux-kernel@vger.kernel.org, Darren Hart <dvhart@infradead.org>,
        Andy Shevchenko <andy@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
        x86@kernel.org, linux-efi@vger.kernel.org,
        "H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH] x86/mm+efi: Avoid creating W+X mappings
Message-ID: <202209231126.6855D54@keescook>
References: <08906193-246b-c874-8bac-1d98d2313ac4@roeck-us.net>
 <20220922193157.1673623-1-dave.hansen@linux.intel.com>
 <CAMj1kXHcF_iK_g0OZSkSv56Wmr=eQGQwNstcNjLEfS=mm7a06w@mail.gmail.com>
 <Yy1ZadE6Vnnc2dNf@hirez.programming.kicks-ass.net>
 <CAMj1kXEvt-TQzO5jO6srkC8jW5fbou95VKu=os3gt_y87ZPJWg@mail.gmail.com>
 <5f443915-b38a-c78d-cccd-876501434cef@roeck-us.net>
 <CAMj1kXEt1RwYbkBOFa=KsML0KvJ6Zuu9eJ_=jQA7BTW-N2BSeA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAMj1kXEt1RwYbkBOFa=KsML0KvJ6Zuu9eJ_=jQA7BTW-N2BSeA@mail.gmail.com>
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Sep 23, 2022 at 04:26:58PM +0200, Ard Biesheuvel wrote:
> I was basically making the point that we still support i386 without
> PAE (which is a prerequisite for supporting non-executable mappings),
> and if we are going to be pedantic about security on this
> architecture, we should probably make PAE mandatory as well.

My expectation would be that if someone is running modern kernels on i386,
they're not using PAE. If they care about PAE, I'd expect them to have
long since moved to x86_64.

> If we are ok with the current state, enabling this permission check on
> i386 makes no sense.

I'd agree. If it's a choice between "spend a lot of time making sure
this works correctly on i386" and "don't do this at all on i386", I
would pick the latter. If someone steps up to do the former, then by
all means take the patches.

-- 
Kees Cook