On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel <j...@8bytes.org> wrote:
> On Mon, Mar 05, 2018 at 12:50:33PM -0800, Linus Torvalds wrote:
>>
>> Ahh, good. So presumably Joerg actually did check it, just didn't even
>> notice ;)
>
> Yeah, sort of. I ran the test, but it didn't catch the failure case in
> previous versions which was return to user with kernel-cr3 :)
Ahh. Yes, that's bad. The NX protection to guarantee that you don't
return to user mode was really good on x86-64.
So some other case could slip through, because user code can happily
run with the kernel page tables.
> I could probably add some debug instrumentation to check for that in my
> future testing, as there is no NX protection in the user address-range
> for the kernel-cr3.
Does not NX work with PAE?
Oh, it looks like the NX bit is marked as "RSVD (must be 0)" in the
PDPDT. Oh well.
Linux
