Received: by 2002:ab2:1347:0:b0:1f4:ac9d:b246 with SMTP id g7csp63725lqg;
        Wed, 10 Apr 2024 15:44:42 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCW6zG/SRnYHQS4lpW1SpPsZqcXcUkQUaSHwaH8zk6wSemES1iRf0rUoMRgtRugMJnNZqCaHDqbVGbijVEQGgQBKoUKKgNGQx6QhmhlmLw==
X-Google-Smtp-Source: AGHT+IGzvobKo5joSliKg/jeT570xE85EmD7UT2fxzj7/Zl7LH8OHK4rSnXfPbTHnAP7UJETFLrS
X-Received: by 2002:a17:906:448b:b0:a51:a676:db26 with SMTP id y11-20020a170906448b00b00a51a676db26mr2258220ejo.21.1712789082196;
        Wed, 10 Apr 2024 15:44:42 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1712789082; cv=pass;
        d=google.com; s=arc-20160816;
        b=eaSPjuoYU2ugfM75benzjvTJm7gdx6rcu5944yY/WjETIAxDXp7aQq4duAH3uLXn5e
         +L3xML4fCGK504XSZt+Pfs9TeBh0EckWzZ8IeP7CwspWLEYl0UHtrF2bwPdmdNyffQDK
         oRV+34W0hk8YtlhlxfERQLeswh9ld9zuZdoqYcZLk4yD8WqXBqVHeLnJutKOiervLVhy
         XqhPryg4LAqy0fKvLk89XoJQoS8N/4XR1gbjpBHZx1e9Cwmzw0ZMcaCzT7m8JxSWhyNd
         GvmMCqcQpM8rkEPaywkFo+YYhF6alrqTxifDp4UBBhRUF9tev/KyRAFxkR+C8IPBoOuX
         FRaQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe
         :list-id:precedence:dkim-signature;
        bh=tMizZl+Vqp5JNwp1YMb5ta7Uk1RvNa2X4SM4hK/B6PI=;
        fh=JtCVWFvTwkJhoQZda+CIQbt3hwQ9sj6LhA7GuU2+570=;
        b=Sc9cv7hRgzSlwbgryQkyUIUHO4iwGiokJ1zlEpK4L/kPlXHNUjWvcXM3dAzh6fT27G
         e/gj2Se+JtOyuiMCGMYQ++6VoR0wAO0wtgwDs+GepiSOcoBPK/JGhFM+fbsVsauSgUgR
         feFIzQW5DT1AC5xtaPiVj0DJJrRhqFTXKikpeKHYFYA/Ostz4YVNm+m9hO+DxRRgFNyl
         8F16zuN3Ml+PWe3VLTki5vlbGzH530RYNAhxiAtpag8r1ZB1kUS/9Mdr2XdfzwzT6M9E
         sSxpnoOHFqFKf3BmyQvJB8SZ27ku5jmhaGrA643TpwlfJpaOzgI+TLFkyDMQ5jO29MaF
         6L4Q==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=OmW9ZfgW;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id dr3-20020a170907720300b00a461e0e5539si96184ejc.456.2024.04.10.15.44.42
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 10 Apr 2024 15:44:42 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=OmW9ZfgW;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-139449-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id E989C1F22FAD
	for <linux.lists.archive@gmail.com>; Wed, 10 Apr 2024 22:44:41 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 1621310A1D;
	Wed, 10 Apr 2024 22:44:36 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OmW9ZfgW"
Received: from mail-ed1-f50.google.com (mail-ed1-f50.google.com [209.85.208.50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F4647F
	for <linux-kernel@vger.kernel.org>; Wed, 10 Apr 2024 22:44:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.50
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1712789075; cv=none; b=qea4zAFgjErbOttFYKxYBIG02Rjy6+Lw0k33z6wEGhwJqti1etlpmeS8k6kPX2Oo1NOi3oiYc2ZP4g9TUbXSjMDsvJXNu9cUedjuTGNczG7q1bxTSWgWFsXzP3Ty/nVBif0bMBFZ6bPAB232zYMFSuYcXz5BihPQI9HXYKH5f/0=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1712789075; c=relaxed/simple;
	bh=dEkR85D4XWCbgYS/l0Yq6bPsB1nCapF1eIhnKyIY7b8=;
	h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:
	 To:Cc:Content-Type; b=STDa7hvsjUECCRZWVE15/oLbU0U1uUm3imy9n+t1uhGqkb6zTU6E4FfjLr3rNXDfANQyz+g32zvi/QRX4XsnQMUjhksDg0ReFm+KSDIW64oYKIYglGbKJ9itOSIbotP0ytloOH8G824PLq+k222R2bUnZw37GowihD3GWMOyJTE=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OmW9ZfgW; arc=none smtp.client-ip=209.85.208.50
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-56e1baf0380so8306494a12.3
        for <linux-kernel@vger.kernel.org>; Wed, 10 Apr 2024 15:44:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1712789072; x=1713393872; darn=vger.kernel.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=tMizZl+Vqp5JNwp1YMb5ta7Uk1RvNa2X4SM4hK/B6PI=;
        b=OmW9ZfgW8PDzkW0jAbMU1NV90pqZfg4xPXI6mvQZbIrE/KoA/fmwkXkg+tkkrSWLVd
         fot0m6CmqTu/7T2dvd+jspzFehnMNcMt2PR1CAb6E7YHLgNYK0p4zLNbE4LqlNFgbSMQ
         6NWNu9PnJTPe9xOStURE0QuiYH7jVzWPgf0KLhOrMYj28eHRIXVEo2+Eab2cMVr3Gcg0
         fpxyodyy/Xsx+W0nMcexdW105rnipqmZULqNb5J5/AcdEYpzCG46MBt3y0BWNVM7iZke
         wId4Zd1RWTE4ytH6LMKdu6KBL1YcZzNSgMF2wVxZhzkI6dZnAt++/WEsY5zeBQ/4PFqZ
         6KHQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1712789072; x=1713393872;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=tMizZl+Vqp5JNwp1YMb5ta7Uk1RvNa2X4SM4hK/B6PI=;
        b=j+1UC6LU/0MYFn+KVtYZC37exvo85l/P63HhaSG8Z2Giw+788WmfCsuHVuDopFqWrn
         6NfESX7hcj+by6yiXMyOKNc6etubEXCe0wMVYZi2rPl7K6nOKS9LqRvVInHo91aHUmam
         e7lZx3qN10Cgu8rpbifm063RJeldUM/ccT7+qwCKn0qzw5xvsRQs7ziHksII4TxIZyU2
         7TP6tj3+CPZoKVUbu/enO2BfP7NMu6MabE9W/PAeEiZcSZDmUiq7BURMvxcG/CPdss3q
         XKi2hC9avmtQNXZDLXcgr/RszsvK+jpFb4e80cqFhsAQGQWt1V279xRgDcqqVu4FGrwP
         UKeA==
X-Gm-Message-State: AOJu0YzbZu/QrFgFlxe9E87KswK8i9j90HT1oEvbFLzSf+1vdaj4Vt3F
	vX08ncYor8Sf+cAZygnfTUWF13fvj+FxmA3w8wJ72/UsdD8HCMkOTHR0eoRCpbXw87CQvCrlzN9
	vQUSMx4loWf3QeHySaBtxTe6KiYm81Dlo
X-Received: by 2002:a50:875a:0:b0:56e:359d:fcea with SMTP id
 26-20020a50875a000000b0056e359dfceamr2534639edv.34.1712789071572; Wed, 10 Apr
 2024 15:44:31 -0700 (PDT)
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
References: <20240409094712.21285-1-jgross@suse.com>
In-Reply-To: <20240409094712.21285-1-jgross@suse.com>
From: Jason Andryuk <jandryuk@gmail.com>
Date: Wed, 10 Apr 2024 18:44:19 -0400
Message-ID: <CAKf6xptBEksXYaPg55fEHAvPLuCkW+h4iWerofxzu1GdLcrPBg@mail.gmail.com>
Subject: Re: [PATCH] x86/pat: fix W^X violation false-positives when running
 as Xen PV guest
To: Juergen Gross <jgross@suse.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org, 
	xen-devel@lists.xenproject.org, Thomas Gleixner <tglx@linutronix.de>, 
	Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>, 
	Dave Hansen <dave.hansen@linux.intel.com>, "H. Peter Anvin" <hpa@zytor.com>, 
	Andy Lutomirski <luto@kernel.org>, Peter Zijlstra <peterz@infradead.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Hi Juergen,

On Tue, Apr 9, 2024 at 5:47=E2=80=AFAM Juergen Gross <jgross@suse.com> wrot=
e:
>
> When running as Xen PV guest in some cases W^X violation WARN()s have
> been observed. Those WARN()s are produced by verify_rwx(), which looks
> into the PTE to verify that writable kernel pages have the NX bit set
> in order to avoid code modifications of the kernel by rogue code.
>
> As the NX bits of all levels of translation entries are or-ed and the
> RW bits of all levels are and-ed, looking just into the PTE isn't enough
> for the decision that a writable page is executable, too. When running
> as a Xen PV guest, kernel initialization will set the NX bit in PMD
> entries of the initial page tables covering the .data segment.

I think this is a more accurate description of what I investigated:
"When running as a Xen PV guest, the direct map PMDs and kernel high
map PMDs share the same set of PTEs.  Kernel initialization will set
the NX bit in the direct map PMD entries, and not the shared PTEs."

The WARN()s I saw were with direct map addresses.

Thanks,
Jason