Received: by 2002:a05:6359:c8b:b0:c7:702f:21d4 with SMTP id go11csp1680409rwb; Fri, 23 Sep 2022 17:07:33 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7102ANE5uW9zwdrla37yzcf/quhbGGYTMwNqy7sL9XXpgbRzi7I+PVs9xuEIFJaV2TQpCl X-Received: by 2002:a05:6402:1cad:b0:454:50c2:e837 with SMTP id cz13-20020a0564021cad00b0045450c2e837mr11149854edb.171.1663978052818; Fri, 23 Sep 2022 17:07:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663978052; cv=none; d=google.com; s=arc-20160816; b=LdjIfMorB2TzewK8spvhC7CX834UCNaTU3B07DqPbMlXWFe6F4BnKI5yB3FXnluh5C eY7+ExY7j8ypdQUhW8BgInPEdGM0L5vzFsMyp9UUpl8/ndwc9tHu2+YSzW18oupi5otq k/re0i+wdo4Q8L0XtyA8Iiacx/GC1OyPNNlweIQ+47CzCh3GfrKSdkgpYRVXGYFMBy5V 4TdBA3GKI+d1si2t1Rd6j6OVtN1AxGu5QpKVEKp28CpSz1IIaSsB9XjX2BBKgUI6GU9F DEc250eLPYCWwXd0MXslh0R/iSN9+KDmncJF9bjsQRzwLZ0Qk4owA8CPMg/g0bTVQBuM 19JQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BEWBQ/N1eOSJUx4cKeNRYsp1Xg+eINoB3Vsyk1Ms/PM=; b=dl19iwwjILjq1JBYtpMlnRnejRhgJepZNvMmRR5p6D8sqiybSXf4TUpOdRHEpFSEUi MBOXQFtRmRFjrOuDRcPJUMAUj92a/RzsBVvM4GNkmDSBau3YL+ZGzdayEHs2rtw6sc9E 9UogHwYI0J3t8dnlzUJxQguT7xFmvfQ37tEbgevsL4/F92DU9ZrWfk2dVnLBAfdCd+SB vOkvZ2qrelmL4nEsP2B/5BhBcgxysitaG5vvClrjeeVS9Lsh4K0Suy61y20QXzh0Uxtz lk+bXAfLmYxw4m1ZmiLJf4ZwDdTsMT2437d+iO/smtnwOHFnubYO1eh9w5vbVswG/2wY 2x+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DHIBNaSz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt15-20020a170907728f00b0077b49a2aca5si9169469ejc.393.2022.09.23.17.07.05; Fri, 23 Sep 2022 17:07:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DHIBNaSz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232753AbiIXAEc (ORCPT + 99 others); Fri, 23 Sep 2022 20:04:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52926 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232959AbiIXAE1 (ORCPT ); Fri, 23 Sep 2022 20:04:27 -0400 Received: from mail-pj1-x102f.google.com (mail-pj1-x102f.google.com [IPv6:2607:f8b0:4864:20::102f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5235013A942 for ; Fri, 23 Sep 2022 17:04:26 -0700 (PDT) Received: by mail-pj1-x102f.google.com with SMTP id bu5-20020a17090aee4500b00202e9ca2182so8851296pjb.0 for ; Fri, 23 Sep 2022 17:04:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date; bh=BEWBQ/N1eOSJUx4cKeNRYsp1Xg+eINoB3Vsyk1Ms/PM=; b=DHIBNaSzUY2QBwMW/mTvWLgwOCjfKVRV16zgUnhARd9o6Kc5V6a1QVhMaqvxQF7xtC jL4jDkZr9JtLjvPiXipG++74X6CSAJ+uVES3b0308HiZU8x0yj98zb8btJPr6iUAavrY bcCSOlon43h/N21/TMgK2xg/Qvxaqo3ducGhY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date; bh=BEWBQ/N1eOSJUx4cKeNRYsp1Xg+eINoB3Vsyk1Ms/PM=; b=Sw1e2s//fouCBvmne9u/KxtRfB9mRCcmCey/IT96517lSS414CYhmmwAM042UXPiAB 1PGbMAMwwYTM1CTolrNcFZEiePC9DG0i7TRaXwq1GMXZ+59yKyBjYQ6fcGUINzn3t5HW Pe23zr9STE9OKkbWJEGc01SytgEvJSv2rkEcmATraikP4UlnFozPun27DGd6K6j20V/R 9Q02HKNZ/yrNbw7OuSFFs4AyilORdQPb+HzEaq9GQoWpdWwLcqHU/cGy/HqYre1/qYTa f52iWWiSob0bvPEhB1BbXbJ+xKBbIYLaSCiDNeXEN3n23SMfnugMUGB6xMwIbi0sujGi c3Xw== X-Gm-Message-State: ACrzQf3Jch578Cakn0zp+zohMiEhEZZp3lUPnm5idAPuxnkPy28jKzEj arjXEy6+SzdnSlJYJG9LMkIdEQ== X-Received: by 2002:a17:90b:4f45:b0:203:6d82:205c with SMTP id pj5-20020a17090b4f4500b002036d82205cmr23141222pjb.224.1663977865777; Fri, 23 Sep 2022 17:04:25 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id w35-20020a17090a6ba600b002031264a864sm2134200pjj.41.2022.09.23.17.04.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 23 Sep 2022 17:04:24 -0700 (PDT) Date: Fri, 23 Sep 2022 17:04:23 -0700 From: Kees Cook To: Dave Hansen Cc: Ard Biesheuvel , Guenter Roeck , Peter Zijlstra , Dave Hansen , linux-kernel@vger.kernel.org, Darren Hart , Andy Shevchenko , Thomas Gleixner , Ingo Molnar , Borislav Petkov , x86@kernel.org, linux-efi@vger.kernel.org, "H. Peter Anvin" Subject: Re: [PATCH] x86/mm+efi: Avoid creating W+X mappings Message-ID: <202209231702.DC9FB5860@keescook> References: <20220922193157.1673623-1-dave.hansen@linux.intel.com> <5f443915-b38a-c78d-cccd-876501434cef@roeck-us.net> <202209231126.6855D54@keescook> <202209231417.F73F40060@keescook> <69e00173-087e-6a22-7a02-0c1212f42065@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <69e00173-087e-6a22-7a02-0c1212f42065@intel.com> X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Sep 23, 2022 at 03:15:15PM -0700, Dave Hansen wrote: > On 9/23/22 14:19, Kees Cook wrote: > >> But currently, PAE is not even enabled in the i386_defconfig, and > >> defaults to off. This means people that are unaware of this won't > >> enable it, and will be running without NX support. > > And they all make me cry. ;) > > It's been like that for a long time, presumably because the defconfig > should *boot* in as many cases as possible. It wouldn't be hard to > change. It also wouldn't be hard to default to HIGHMEM4G (non-PAE) on > targeted builds for CPUs that don't support it. Patch attached to do > that, if anyone else has an opinion. > > We should probably just leave i386 alone, but it breaks my heart to see > Kees in tears. *dabs his eyes with tissue* > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > index f9920f1341c8..fad978c7b7c5 100644 > --- a/arch/x86/Kconfig > +++ b/arch/x86/Kconfig > @@ -1363,9 +1363,14 @@ config X86_CPUID > with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to > /dev/cpu/31/cpuid. > > +config CPU_HAS_PAE > + def_bool y > + depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 > + > choice > prompt "High Memory Support" > default HIGHMEM4G > + default HIGHMEM64G if CPU_HAS_PAE > depends on X86_32 > > config NOHIGHMEM > @@ -1412,7 +1417,7 @@ config HIGHMEM4G > > config HIGHMEM64G > bool "64GB" > - depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6 > + depends on CPU_HAS_PAE > select X86_PAE > help > Select this if you have a 32-bit processor and more than 4 I feel happy now! :) -- Kees Cook