Commit 4763ed4d authored by H. Peter Anvin's avatar H. Peter Anvin

x86, mm: Clean up and simplify NX enablement

The 32- and 64-bit code used very different mechanisms for enabling
NX, but even the 32-bit code was enabling NX in head_32.S if it is
available.  Furthermore, we had a bewildering collection of tests for
the available of NX.

This patch:

a) merges the 32-bit set_nx() and the 64-bit check_efer() function
   into a single x86_configure_nx() function.  EFER control is left
   to the head code.

b) eliminates the nx_enabled variable entirely.  Things that need to
   test for NX enablement can verify __supported_pte_mask directly,
   and cpu_has_nx gives the supported status of NX.
Signed-off-by: default avatarH. Peter Anvin <hpa@zytor.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Pekka Enberg <penberg@cs.helsinki.fi>
Cc: Vegard Nossum <vegardno@ifi.uio.no>
Cc: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
Cc: Chris Wright <chrisw@sous-sol.org>
LKML-Reference: <1258154897-6770-5-git-send-email-hpa@zytor.com>
Acked-by: default avatarKees Cook <kees.cook@canonical.com>
parent 583140af
...@@ -16,7 +16,7 @@ extern void ia32_sysenter_target(void); ...@@ -16,7 +16,7 @@ extern void ia32_sysenter_target(void);
extern void syscall32_cpu_init(void); extern void syscall32_cpu_init(void);
extern void check_efer(void); extern void x86_configure_nx(void);
extern int reboot_force; extern int reboot_force;
......
...@@ -1136,7 +1136,7 @@ void __cpuinit cpu_init(void) ...@@ -1136,7 +1136,7 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0); wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier(); barrier();
check_efer(); x86_configure_nx();
if (cpu != 0) if (cpu != 0)
enable_x2apic(); enable_x2apic();
......
...@@ -787,21 +787,17 @@ void __init setup_arch(char **cmdline_p) ...@@ -787,21 +787,17 @@ void __init setup_arch(char **cmdline_p)
strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE); strlcpy(command_line, boot_command_line, COMMAND_LINE_SIZE);
*cmdline_p = command_line; *cmdline_p = command_line;
#ifdef CONFIG_X86_64
/* /*
* Must call this twice: Once just to detect whether hardware doesn't * Must call this twice: Once just to detect whether hardware doesn't
* support NX (so that the early EHCI debug console setup can safely * support NX (so that the early EHCI debug console setup can safely
* call set_fixmap(), and then again after parsing early parameters to * call set_fixmap(), and then again after parsing early parameters to
* honor the respective command line option. * honor the respective command line option.
*/ */
check_efer(); x86_configure_nx();
#endif
parse_early_param(); parse_early_param();
#ifdef CONFIG_X86_64 x86_configure_nx();
check_efer();
#endif
/* Must be before kernel pagetables are setup */ /* Must be before kernel pagetables are setup */
vmi_activate(); vmi_activate();
......
...@@ -146,8 +146,8 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, ...@@ -146,8 +146,8 @@ unsigned long __init_refok init_memory_mapping(unsigned long start,
use_gbpages = direct_gbpages; use_gbpages = direct_gbpages;
#endif #endif
set_nx(); /* XXX: replace this with Kees' improved messages */
if (nx_enabled) if (__supported_pte_mask & _PAGE_NX)
printk(KERN_INFO "NX (Execute Disable) protection: active\n"); printk(KERN_INFO "NX (Execute Disable) protection: active\n");
/* Enable PSE if available */ /* Enable PSE if available */
......
...@@ -3,10 +3,8 @@ ...@@ -3,10 +3,8 @@
#include <linux/init.h> #include <linux/init.h>
#include <asm/pgtable.h> #include <asm/pgtable.h>
#include <asm/proto.h>
int nx_enabled;
#if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
static int disable_nx __cpuinitdata; static int disable_nx __cpuinitdata;
/* /*
...@@ -22,48 +20,19 @@ static int __init noexec_setup(char *str) ...@@ -22,48 +20,19 @@ static int __init noexec_setup(char *str)
if (!str) if (!str)
return -EINVAL; return -EINVAL;
if (!strncmp(str, "on", 2)) { if (!strncmp(str, "on", 2)) {
__supported_pte_mask |= _PAGE_NX;
disable_nx = 0; disable_nx = 0;
} else if (!strncmp(str, "off", 3)) { } else if (!strncmp(str, "off", 3)) {
disable_nx = 1; disable_nx = 1;
__supported_pte_mask &= ~_PAGE_NX;
} }
x86_configure_nx();
return 0; return 0;
} }
early_param("noexec", noexec_setup); early_param("noexec", noexec_setup);
#endif
#ifdef CONFIG_X86_PAE void __cpuinit x86_configure_nx(void)
void __init set_nx(void)
{ {
unsigned int v[4], l, h; if (cpu_has_nx && !disable_nx)
if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
if ((v[3] & (1 << 20)) && !disable_nx) {
rdmsr(MSR_EFER, l, h);
l |= EFER_NX;
wrmsr(MSR_EFER, l, h);
nx_enabled = 1;
__supported_pte_mask |= _PAGE_NX; __supported_pte_mask |= _PAGE_NX;
} else
}
}
#else
void set_nx(void)
{
}
#endif
#ifdef CONFIG_X86_64
void __cpuinit check_efer(void)
{
unsigned long efer;
rdmsrl(MSR_EFER, efer);
if (!(efer & EFER_NX) || disable_nx)
__supported_pte_mask &= ~_PAGE_NX; __supported_pte_mask &= ~_PAGE_NX;
} }
#endif
...@@ -1082,10 +1082,8 @@ asmlinkage void __init xen_start_kernel(void) ...@@ -1082,10 +1082,8 @@ asmlinkage void __init xen_start_kernel(void)
__supported_pte_mask |= _PAGE_IOMAP; __supported_pte_mask |= _PAGE_IOMAP;
#ifdef CONFIG_X86_64
/* Work out if we support NX */ /* Work out if we support NX */
check_efer(); x86_configure_nx();
#endif
xen_setup_features(); xen_setup_features();
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment