On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel <j...@8bytes.org> wrote: > On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote: >> >> Ahh, good. So presumably Joerg actually did check it, just didn't even >> notice ;) > > Yeah, sort of. I ran the test, but it didn't catch the failure case in > previous versions which was return to user with kernel-cr3 :)
Ahh. Yes, that's bad. The NX protection to guarantee that you don't return to user mode was really good on x86-64. So some other case could slip through, because user code can happily run with the kernel page tables. > I could probably add some debug instrumentation to check for that in my > future testing, as there is no NX protection in the user address-range > for the kernel-cr3. Does not NX work with PAE? Oh, it looks like the NX bit is marked as "RSVD (must be 0)" in the PDPDT. Oh well. Linux