From: Kees Cook <keescook@chromium.org>
To: Dave Hansen <dave.hansen@intel.com>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Guenter Roeck <linux@roeck-us.net>,
Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@linux.intel.com>,
linux-kernel@vger.kernel.org, Darren Hart <dvhart@infradead.org>,
Andy Shevchenko <andy@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
x86@kernel.org, linux-efi@vger.kernel.org,
"H. Peter Anvin" <hpa@zytor.com>
Subject: Re: [PATCH] x86/mm+efi: Avoid creating W+X mappings
Date: Fri, 23 Sep 2022 17:04:23 -0700 [thread overview]
Message-ID: <202209231702.DC9FB5860@keescook> (raw)
In-Reply-To: <69e00173-087e-6a22-7a02-0c1212f42065@intel.com>
On Fri, Sep 23, 2022 at 03:15:15PM -0700, Dave Hansen wrote:
> On 9/23/22 14:19, Kees Cook wrote:
> >> But currently, PAE is not even enabled in the i386_defconfig, and
> >> defaults to off. This means people that are unaware of this won't
> >> enable it, and will be running without NX support.
> > And they all make me cry. ;)
>
> It's been like that for a long time, presumably because the defconfig
> should *boot* in as many cases as possible. It wouldn't be hard to
> change. It also wouldn't be hard to default to HIGHMEM4G (non-PAE) on
> targeted builds for CPUs that don't support it. Patch attached to do
> that, if anyone else has an opinion.
>
> We should probably just leave i386 alone, but it breaks my heart to see
> Kees in tears.
*dabs his eyes with tissue*
> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> index f9920f1341c8..fad978c7b7c5 100644
> --- a/arch/x86/Kconfig
> +++ b/arch/x86/Kconfig
> @@ -1363,9 +1363,14 @@ config X86_CPUID
> with major 203 and minors 0 to 31 for /dev/cpu/0/cpuid to
> /dev/cpu/31/cpuid.
>
> +config CPU_HAS_PAE
> + def_bool y
> + depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
> +
> choice
> prompt "High Memory Support"
> default HIGHMEM4G
> + default HIGHMEM64G if CPU_HAS_PAE
> depends on X86_32
>
> config NOHIGHMEM
> @@ -1412,7 +1417,7 @@ config HIGHMEM4G
>
> config HIGHMEM64G
> bool "64GB"
> - depends on !M486SX && !M486 && !M586 && !M586TSC && !M586MMX && !MGEODE_LX && !MGEODEGX1 && !MCYRIXIII && !MELAN && !MWINCHIPC6 && !MWINCHIP3D && !MK6
> + depends on CPU_HAS_PAE
> select X86_PAE
> help
> Select this if you have a 32-bit processor and more than 4
I feel happy now! :)
--
Kees Cook
next prev parent reply other threads:[~2022-09-24 0:04 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-29 10:18 [PATCH v2] x86/mm: Refuse W^X violations Peter Zijlstra
2022-08-29 19:08 ` Kees Cook
2022-09-01 18:17 ` [tip: x86/mm] " tip-bot2 for Peter Zijlstra
2022-09-21 20:07 ` [PATCH v2] " Guenter Roeck
2022-09-21 20:59 ` Dave Hansen
2022-09-21 22:59 ` Guenter Roeck
2022-09-22 3:09 ` Guenter Roeck
2022-09-22 7:46 ` Peter Zijlstra
2022-09-22 15:00 ` Dave Hansen
2022-09-22 16:38 ` Guenter Roeck
2022-09-22 16:29 ` Guenter Roeck
2022-09-22 19:31 ` [PATCH] x86/mm+efi: Avoid creating W+X mappings Dave Hansen
2022-09-22 22:08 ` Ard Biesheuvel
2022-09-23 6:59 ` Peter Zijlstra
2022-09-23 9:49 ` Ard Biesheuvel
2022-09-23 13:58 ` Guenter Roeck
2022-09-23 14:26 ` Ard Biesheuvel
2022-09-23 18:31 ` Kees Cook
2022-09-23 19:53 ` Ard Biesheuvel
2022-09-23 21:19 ` Kees Cook
2022-09-23 22:15 ` Dave Hansen
2022-09-23 22:32 ` Eric W. Biederman
2022-09-24 0:04 ` Kees Cook [this message]
2022-10-02 10:33 ` [PATCH v2] x86/mm: Refuse W^X violations Pavel Machek
2022-10-24 15:27 ` Steven Rostedt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202209231702.DC9FB5860@keescook \
--to=keescook@chromium.org \
--cc=andy@infradead.org \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dave.hansen@linux.intel.com \
--cc=dvhart@infradead.org \
--cc=hpa@zytor.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.