e16d8a6cbb
This reverts commit 320d25b6a05f8b73c23fc21025d2906ecdd2d4fc. This change was problematic for a couple of reasons: 1. It missed a some entry points (Xen things and 64-bit native). 2. The entry it changed can be executed more than once. This isn't really a problem, but it conflated per-cpu state setup and global state setup. 3. It broke 64-bit non-NX. 64-bit non-NX worked the other way around from 32-bit -- __supported_pte_mask had NX set initially and was *cleared* in x86_configure_nx. With the patch applied, it never got cleared. Reported-and-tested-by: Meelis Roos <mroos@linux.ee> Signed-off-by: Andy Lutomirski <luto@kernel.org> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Borislav Petkov <bp@alien8.de> Cc: Brian Gerst <brgerst@gmail.com> Cc: Denys Vlasenko <dvlasenk@redhat.com> Cc: H. Peter Anvin <hpa@zytor.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Mike Galbraith <efault@gmx.de> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Link: http://lkml.kernel.org/r/59bd15f7f4b56b633a611b7f70876c6d2ad01a98.1461685884.git.luto@kernel.org Signed-off-by: Ingo Molnar <mingo@kernel.org>
62 lines
1.3 KiB
C
62 lines
1.3 KiB
C
#include <linux/spinlock.h>
|
|
#include <linux/errno.h>
|
|
#include <linux/init.h>
|
|
|
|
#include <asm/pgtable.h>
|
|
#include <asm/proto.h>
|
|
#include <asm/cpufeature.h>
|
|
|
|
static int disable_nx;
|
|
|
|
/*
|
|
* noexec = on|off
|
|
*
|
|
* Control non-executable mappings for processes.
|
|
*
|
|
* on Enable
|
|
* off Disable
|
|
*/
|
|
static int __init noexec_setup(char *str)
|
|
{
|
|
if (!str)
|
|
return -EINVAL;
|
|
if (!strncmp(str, "on", 2)) {
|
|
disable_nx = 0;
|
|
} else if (!strncmp(str, "off", 3)) {
|
|
disable_nx = 1;
|
|
}
|
|
x86_configure_nx();
|
|
return 0;
|
|
}
|
|
early_param("noexec", noexec_setup);
|
|
|
|
void x86_configure_nx(void)
|
|
{
|
|
if (boot_cpu_has(X86_FEATURE_NX) && !disable_nx)
|
|
__supported_pte_mask |= _PAGE_NX;
|
|
else
|
|
__supported_pte_mask &= ~_PAGE_NX;
|
|
}
|
|
|
|
void __init x86_report_nx(void)
|
|
{
|
|
if (!boot_cpu_has(X86_FEATURE_NX)) {
|
|
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
|
|
"missing in CPU!\n");
|
|
} else {
|
|
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
|
|
if (disable_nx) {
|
|
printk(KERN_INFO "NX (Execute Disable) protection: "
|
|
"disabled by kernel command line option\n");
|
|
} else {
|
|
printk(KERN_INFO "NX (Execute Disable) protection: "
|
|
"active\n");
|
|
}
|
|
#else
|
|
/* 32bit non-PAE kernel, NX cannot be used */
|
|
printk(KERN_NOTICE "Notice: NX (Execute Disable) protection "
|
|
"cannot be enabled: non-PAE kernel!\n");
|
|
#endif
|
|
}
|
|
}
|