From: Mike Rapoport <rppt@kernel.org>
To: Juergen Gross <jgross@suse.com>
Cc: linux-kernel@vger.kernel.org, x86@kernel.org, xin@zytor.com,
Dave Hansen <dave.hansen@linux.intel.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
stable@vger.kernel.org
Subject: Re: [PATCH 1/3] x86/execmem: don't use PAGE_KERNEL protection for code pages
Date: Wed, 28 May 2025 20:27:19 +0300 [thread overview]
Message-ID: <aDdHdwf8REvdu5FF@kernel.org> (raw)
In-Reply-To: <20250528123557.12847-2-jgross@suse.com>
On Wed, May 28, 2025 at 02:35:55PM +0200, Juergen Gross wrote:
> In case X86_FEATURE_PSE isn't available (e.g. when running as a Xen
> PV guest), execmem_arch_setup() will fall back to use PAGE_KERNEL
> protection for the EXECMEM_MODULE_TEXT range.
>
> This will result in attempts to execute code with the NX bit set in
> case of ITS mitigation being applied.
>
> Avoid this problem by using PAGE_KERNEL_EXEC protection instead,
> which will not set the NX bit.
>
> Cc: <stable@vger.kernel.org>
> Reported-by: Xin Li <xin@zytor.com>
> Fixes: 5185e7f9f3bd ("x86/module: enable ROX caches for module text on 64 bit")
> Signed-off-by: Juergen Gross <jgross@suse.com>
> ---
> arch/x86/mm/init.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
> index 7456df985d96..f5012ae31d8b 100644
> --- a/arch/x86/mm/init.c
> +++ b/arch/x86/mm/init.c
> @@ -1089,7 +1089,7 @@ struct execmem_info __init *execmem_arch_setup(void)
> pgprot = PAGE_KERNEL_ROX;
> flags = EXECMEM_KASAN_SHADOW | EXECMEM_ROX_CACHE;
> } else {
> - pgprot = PAGE_KERNEL;
> + pgprot = PAGE_KERNEL_EXEC;
Please don't. Everything except ITS can work with PAGE_KENREL so the fix
should be on ITS side.
> flags = EXECMEM_KASAN_SHADOW;
> }
>
> --
> 2.43.0
>
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2025-05-28 17:27 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 12:35 [PATCH 0/3] x86: Fix some bugs related to ITS mitigation Juergen Gross
2025-05-28 12:35 ` [PATCH 1/3] x86/execmem: don't use PAGE_KERNEL protection for code pages Juergen Gross
2025-05-28 17:27 ` Mike Rapoport [this message]
2025-05-28 18:22 ` Jürgen Groß
2025-05-30 7:44 ` Peter Zijlstra
2025-05-28 12:35 ` [PATCH 2/3] x86/mm/pat: don't collapse pages without PSE set Juergen Gross
2025-06-11 9:30 ` [tip: x86/urgent] " tip-bot2 for Juergen Gross
2025-05-28 12:35 ` [PATCH 3/3] x86/alternative: make kernel ITS thunks read-only Juergen Gross
2025-05-28 13:10 ` Peter Zijlstra
2025-05-28 13:19 ` Jürgen Groß
2025-05-28 13:22 ` Peter Zijlstra
2025-05-28 13:30 ` Jürgen Groß
2025-05-28 15:58 ` Peter Zijlstra
2025-05-28 16:17 ` Peter Zijlstra
2025-05-28 17:24 ` Mike Rapoport
2025-05-28 17:31 ` Mike Rapoport
2025-06-03 11:17 ` Mike Rapoport
2025-05-29 4:09 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aDdHdwf8REvdu5FF@kernel.org \
--to=rppt@kernel.org \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=hpa@zytor.com \
--cc=jgross@suse.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=peterz@infradead.org \
--cc=stable@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
--cc=xin@zytor.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.