On Mon, Mar 05, 2018 at 01:58:32PM -0800, Linus Torvalds wrote:
> On Mon, Mar 5, 2018 at 1:35 PM, Joerg Roedel <j...@8bytes.org> wrote:
> > I could probably add some debug instrumentation to check for that in my
> > future testing, as there is no NX protection in the user address-range
> > for the kernel-cr3.
> Does not NX work with PAE?
> Oh, it looks like the NX bit is marked as "RSVD (must be 0)" in the
> PDPDT. Oh well.

I had a version of these patches running which implemented NX on the PDE
level by allocating 8k PMD pages. But that ended up needing 5 order-1
allocations for each page-table, which I got to fail pretty easily after
some time. So I abandoned this approach for now.

Maybe it can be implemented with order-0 allocations for PMD pages, the
open problem is how to link the user and kernel PMD page-pairs together



