Hello Xishi, On Sat, Jan 06, 2018 at 02:45:30PM +0800, Xishi Qiu wrote: > How about this fix patch? I tested and it works. > > diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c > index 088681d..f6c32f5 100644 > --- a/arch/x86/kernel/tboot.c > +++ b/arch/x86/kernel/tboot.c > @@ -131,6 +131,8 @@ static int map_tboot_page(unsigned long vaddr, unsigned > long pfn, > pud = pud_alloc(&tboot_mm, pgd, vaddr); > if (!pud) > return -1; > + if (__supported_pte_mask & _PAGE_NX) > + pgd->pgd &= ~_PAGE_NX; > pmd = pmd_alloc(&tboot_mm, pud, vaddr); > if (!pmd) > return -1;
Oh great that you already verified this. The only difference from the above to what I applied is that I didn't check "__supported_pte_mask & _PAGE_NX", but that's superflous here. It won't hurt to add it, your patch is fine as well. The location where to do the NX clearing is the correct one and same optimal place as in efi_64.c too (right after pud_alloc success). Only the setting of NX requires verification that it's in the __supported_pte_mask first, the clearing is always fine (worst case it will do nothing). On a side note, I already verified if NX is disabled (-cpu nx=off) the pgd isn't NX poisoned in the first place, but clearing NX won't hurt even in such case. Thanks, Andrea