Received: by 2002:a05:7412:3784:b0:e2:908c:2ebd with SMTP id jk4csp2236699rdb; Tue, 3 Oct 2023 14:54:15 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHbXiRy/4qTynkBilbEhUq78yrVSTuQ1F1cRqlcutqFNLm2mENrATVGkSUqE23etDXcbyEP X-Received: by 2002:a17:90b:38cd:b0:26d:2bac:a0bb with SMTP id nn13-20020a17090b38cd00b0026d2baca0bbmr584679pjb.6.1696370055214; Tue, 03 Oct 2023 14:54:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1696370055; cv=none; d=google.com; s=arc-20160816; b=Pp7sfH5hWHNIqt03EWJC6lQ4g69zs8YfIChwV3A0tlJAPOiy6//WiTGyCn0M0GLL7+ zo57pZCqjWgHnnMAJ5hU11YyVSmhseUDzeEEtteXBBWXV3eJyU9JCryZCFO4TEgIbQn+ 6LJPZXEkmeHGjx+PSJ1QvVfGEMgZvaKfAApeexTF0eCrE+xf4WBHyjqIi1e0E9XtVPX3 vCtzL+eyuems28gMA/OOT3HpLwRA/5AW4fkkWj2cQhUZPVmddx/NCvxh14UvJukSBekP g6NueYwHvh/irjQseVMl6qc6p34yqKhzlu5VG55Wrvw7VBjO56UFMePtkKBmhzYXE4/E Ksnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:references:in-reply-to:user-agent:subject:cc:to:from :date:dkim-signature:dkim-filter; bh=s7M3jPu88VzYxvgafIQdD5PZlhNhSK8uSfdd5mIZprE=; fh=0YLHe293IRm/m0PfJsmUmpykk1S1dGVtx0hFNu8jesw=; b=SBCOo0ghjG6ddxNbeAQrmZBa7FDwOJORh+1YGOh8Dv01LUbbnTaxvNx1tO/MdyH6k5 CgoqvYoMNP2y7HGYCBDoQ51fcSSZpnKP0/68v6bTvTzA4u9BU7oXcO2F2yrS7Z0kHsQl in23+ll5EAgVgxoJ0Lk8WCPwYiiz0ilMgOv3SYQ8P6E5tJlUpn3JFozALtBp7g7ay1Ac 8UuvSxCPCmPKWFL6Gs4xfe3wpVE/5Wz5TgnQSmJYF1DBpWonU2JlH+8sK6tU+nhkY4lI DTVWW9ofFfwlXQFI5SzHIljkWiOBvAjKvZz1fNY+LisBotva+IMIJLIf68Ij15ha528P FNhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@zytor.com header.s=2023091101 header.b=qzHo+0Py; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Return-Path: Received: from agentk.vger.email (agentk.vger.email. [2620:137:e000::3:2]) by mx.google.com with ESMTPS id m1-20020a17090a34c100b0027909a89950si111931pjf.149.2023.10.03.14.54.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 03 Oct 2023 14:54:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) client-ip=2620:137:e000::3:2; Authentication-Results: mx.google.com; dkim=pass header.i=@zytor.com header.s=2023091101 header.b=qzHo+0Py; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:2 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zytor.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id DDE2C8191651; Tue, 3 Oct 2023 14:54:12 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241284AbjJCVyF (ORCPT + 99 others); Tue, 3 Oct 2023 17:54:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35444 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241282AbjJCVyE (ORCPT ); Tue, 3 Oct 2023 17:54:04 -0400 Received: from mail.zytor.com (unknown [IPv6:2607:7c80:54:3::138]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3AF43A1 for ; Tue, 3 Oct 2023 14:54:02 -0700 (PDT) Received: from [127.0.0.1] ([99.8.153.148]) (authenticated bits=0) by mail.zytor.com (8.17.1/8.17.1) with ESMTPSA id 393LrRTV1773610 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Tue, 3 Oct 2023 14:53:28 -0700 DKIM-Filter: OpenDKIM Filter v2.11.0 mail.zytor.com 393LrRTV1773610 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zytor.com; s=2023091101; t=1696370009; bh=s7M3jPu88VzYxvgafIQdD5PZlhNhSK8uSfdd5mIZprE=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=qzHo+0PywrAnDtUs+udBREyLz4hUEKi9doXzhFtkFdo77Fv7ui7OYR9Ax6GYZOnKx bXnnwptIBB9zO9YNGLLnXajY9GOyqIrGNQ5agwyHxUuzCfFGDJF3Kbql8AR9f5RXcO q782sQ2bfjGV3BN+pbSBZIvlQLceo2zPj0385P6FMJkekQPxe4/bnFNP0oPOBcQCi2 7doeleL3AEm4Ok8ryLr4nhIUgNdmiTgiG5kVOal89kzmb4WOqaMZl7fdXKJV9KRhcH fdSJe8dIhyey0ubvt19FbZmEvKpyvspHuh2JUCYTkYBVUOeoCiXXnXhri6rqixPJgY fULQp5QXR/I0w== Date: Tue, 03 Oct 2023 14:53:17 -0700 From: "H. Peter Anvin" To: Dave Hansen , Ingo Molnar CC: Alexey Dobriyan , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , linux-kernel@vger.kernel.org Subject: Re: [PATCH] x86_64: test that userspace stack is in fact NX User-Agent: K-9 Mail for Android In-Reply-To: <1dad6a33-1cd0-0d0f-29c5-97fd2807f07a@intel.com> References: <4b78a714-5ac3-4783-8256-1dda4673db01@p183> <1d5223b8-0275-619d-db1c-e2aaaddb173e@intel.com> <1dad6a33-1cd0-0d0f-29c5-97fd2807f07a@intel.com> Message-ID: <060F14C5-3E81-4A9B-8576-8905410EF830@zytor.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Tue, 03 Oct 2023 14:54:13 -0700 (PDT) On October 3, 2023 1:46:20 PM PDT, Dave Hansen = wrote: >On 10/3/23 12:30, Ingo Molnar wrote: >> * Ingo Molnar wrote: >>> Because not having NX in 2023 on any system that is threatened is a >>> big security vulnerability in itself, and whether the vendor or owner >>> intentionally did that or not doesn't really matter, and a failing >>> kernel testcase will be the least of their problems=2E >> BTW=2E, it's also questionable whether the owner is *aware* of the fact= that=20 >> NX is not available: what if some kernel debug option cleared the NX fl= ag,=20 >> unintended, or there's some serious firmware bug? >>=20 >> However unlikely those situations might be, I think unconditionally war= ning=20 >> about NX not available is a very 2023 thing to do=2E > >100% agree for x86_64=2E Any sane x86_64 system has NX and the rest are >noise that can live with the error message, unless someone shows up with >a compelling reason why not=2E > >For 32-bit, the situation is reversed=2E The majority of 32-bit-only CPU= s >never had NX=2E The only reason to even *do* this check on 32-bit is tha= t >we think folks are running i386 kernels on x86_64 hardware _or_ we just >don't care about 32-bit in the first place=2E > >In the end, I think if we're going to do this test on i386, we should >_also_ do the 5-lines-of-code CPUID check=2E But I honestly don't care >that much=2E I wouldn't NAK (or not merge) this patch over it=2E Perhaps we should also complain at people who are still running 32-bit ker= nels on 64-bit hardware? It has been 20 years=2E=2E=2E