From nobody Sun Feb  8 07:14:41 2026
Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com
 [209.85.128.44])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C2572DC77A
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 21:06:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.128.44
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769461579; cv=none;
 b=QRktwPjTrbbL83TKLzbQu40WCBk++/rk6AkvZ9tGCZ8ZkGRpm6x142bdn7OXNERo5LrUe5LH6Z4jWoa88jTUP8wEI5ERxpcLUXOziDkOwj0wqsxVB+uo0xFL8BUtOesfmTY242dxenxuTN9/LUZAnKIHVPvJuccPT6PCUEAImZY=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769461579; c=relaxed/simple;
	bh=lx3Shh7ySnG1q+tVFLaQzos6/sxB8deFZqNpoG+Yl4E=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=GHeJ1Hyy7otVEGW9el85d2WFpi+CQecayBjCRBsBFKP0ZE449KHQCIc4bYfO4qpPygoJa08Dr59TrcuDGC6qzOTXrBy+C8MxCHC8prtIXHh78CsI1I+sgV2wgvkuqZ94GMysosa4LUctjVVfkgR7sBmiQgaXdwEXb/6w7h+WgT8=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=citrix.com;
 spf=pass smtp.mailfrom=citrix.com;
 dkim=pass (1024-bit key) header.d=citrix.com header.i=@citrix.com
 header.b=cG8Wr69p; arc=none smtp.client-ip=209.85.128.44
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=citrix.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=citrix.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=citrix.com header.i=@citrix.com
 header.b="cG8Wr69p"
Received: by mail-wm1-f44.google.com with SMTP id
 5b1f17b1804b1-47eddddcdcfso28969245e9.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 13:06:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1769461576; x=1770066376;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=p+rst1/+zmZkVpczY40RlzwyLz+AGToKNu6aYTlMfJo=;
        b=cG8Wr69pbQx8CnGP+qU7adTqWWwKauHFfl8WvpAKZ1p7bRx8FIqU5aPw25wdwjJq5r
         XacGP71qPAYzpST8FlYgF/1v2p9/QrbRqC/ahoJsXir5+pHwDNaDpRCRz/C2DofKgMWR
         9utNAwDFhyoBH/n08zbGLGgUH53Z4AmA2VmEk=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769461576; x=1770066376;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=p+rst1/+zmZkVpczY40RlzwyLz+AGToKNu6aYTlMfJo=;
        b=CCBoCzO4pcxp1HvROBGz7Op/Z604/hLKSpvNdVO6OMvsGwnnTUQ6cS/CNKKV+F6dqV
         KeAyn2vAEcDNyuI4AbTte7dMKgT5LGfc9qnZqv1tV11MPGUPgYkgkKHthwUseDTs9LBu
         SgbBwDi2Nw8en48K/MYdoHdmfqJ2F6C7MF42UEGx14OUEhEzxz3nThsr5iKu+3H9enSq
         RI3mIS9Fg3jCftyUazGhJUWwru+VKSEYdn6AjcE30aL+EL72P/a4DLMIyNTuB5BsfXXe
         Sv9VSNrKRmUH9GwiGEDhse1s96GYkRPPRBOwdJrF59qXPFqJIRQLlWC4fjtTp3svyt3/
         Lvzw==
X-Gm-Message-State: AOJu0Yypdu8L+OmLi9L0TCNmeddpxPOtV8py9KPEo9Ux8YhWdGAMh5qO
	c06rlyqvWO/HUsQ4kq11U4txQwokl4hS5+J/dg+z9KaNDUEwn7eZxQ/WsMZJ7uXJclI2YRiyFK3
	vy1Au
X-Gm-Gg: AZuq6aIH4corv073PoKaARh4NL2h4NVH5jqzALHGDylg8aN6Dp3Snng87+9zI4BMGn7
	025sA80C9hRQ8PbXakt2FNr3oXt4AMr5DlvvfkhI15E0g5KmyneYNugHBKM5S4lpHh3pY0+1yEo
	c4iU/1cLxy3M5SWW3kyNlPoh9eKJomI/W0A2cDIa9bkooCOJIhA6cAGDg8huXTfwwa/0ugIh8l6
	P4De3qXsv+1H8VKfHyF/je/D7yr2wiYITIH6V3rkfmkCU0ZuwLG+TKUp6m2fc9jC9cHJIeU0IVy
	Aq0JZU95CvdtwYYD04uz4EOljPQXjldQRrRN+LUs2y81G8uMX0MoyTTK0VIdfG4K0V1LoM0ATkZ
	LDNaezwqLs95sJBjb6iD5C9J6OghVCP2PSbBuH6Femy2yKIMWcLk3AJSojVmre2/kCQLORVnUF8
	Q2+4fWh0l1iJCRSI61x5VFXz/K/mzOC1NVpbWC5Vzd4im9GlENATconM8YeFXZrg==
X-Received: by 2002:a05:600c:3113:b0:47d:403e:4eaf with SMTP id
 5b1f17b1804b1-480650f2933mr32460585e9.10.1769461575594;
        Mon, 26 Jan 2026 13:06:15 -0800 (PST)
Received: from localhost.localdomain (host-92-26-102-188.as13285.net.
 [92.26.102.188])
        by smtp.gmail.com with ESMTPSA id
 5b1f17b1804b1-48066c40e04sm12700165e9.13.2026.01.26.13.06.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Jan 2026 13:06:15 -0800 (PST)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Ryusuke Konishi <konishi.ryusuke@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	Marco Elver <elver@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Jann Horn <jannh@google.com>,
	kasan-dev@googlegroups.com
Subject: [PATCH] x86/kfence: Fix booting on 32bit non-PAE systems
Date: Mon, 26 Jan 2026 21:06:12 +0000
Message-Id: <20260126210612.2095681-1-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: 
 <CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSqtMoV1Rn9JV_gw@mail.gmail.com>
References: 
 <CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSqtMoV1Rn9JV_gw@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The original patch inverted the PTE unconditionally to avoid
L1TF-vulnerable PTEs, but Linux doesn't make this adjustment in 2-level
paging.

Adjust the logic to use the flip_protnone_guard() helper, which is a nop on
2-level paging but inverts the address bits in all other paging modes.

This doesn't matter for the Xen aspect of the original change.  Linux no
longer supports running 32bit PV under Xen, and Xen doesn't support running
any 32bit PV guests without using PAE paging.

Fixes: b505f1944535 ("x86/kfence: avoid writing L1TF-vulnerable PTEs")
Reported-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Closes: https://lore.kernel.org/lkml/CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSq=
tMoV1Rn9JV_gw@mail.gmail.com/
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Ryusuke Konishi <konishi.ryusuke@gmail.com>
CC: Alexander Potapenko <glider@google.com>
CC: Marco Elver <elver@google.com>
CC: Dmitry Vyukov <dvyukov@google.com>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: Ingo Molnar <mingo@redhat.com>
CC: Borislav Petkov <bp@alien8.de>
CC: Dave Hansen <dave.hansen@linux.intel.com>
CC: x86@kernel.org
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Jann Horn <jannh@google.com>
CC: kasan-dev@googlegroups.com
CC: linux-kernel@vger.kernel.org
---
 arch/x86/include/asm/kfence.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/arch/x86/include/asm/kfence.h b/arch/x86/include/asm/kfence.h
index acf9ffa1a171..40cf6a5d781d 100644
--- a/arch/x86/include/asm/kfence.h
+++ b/arch/x86/include/asm/kfence.h
@@ -42,7 +42,7 @@ static inline bool kfence_protect_page(unsigned long addr=
, bool protect)
 {
 	unsigned int level;
 	pte_t *pte =3D lookup_address(addr, &level);
-	pteval_t val;
+	pteval_t val, new;
=20
 	if (WARN_ON(!pte || level !=3D PG_LEVEL_4K))
 		return false;
@@ -57,11 +57,12 @@ static inline bool kfence_protect_page(unsigned long ad=
dr, bool protect)
 		return true;
=20
 	/*
-	 * Otherwise, invert the entire PTE.  This avoids writing out an
-	 * L1TF-vulnerable PTE (not present, without the high address bits
+	 * Otherwise, flip the Present bit, taking care to avoid writing an
+	 * L1TF-vulenrable PTE (not present, without the high address bits
 	 * set).
 	 */
-	set_pte(pte, __pte(~val));
+	new =3D val ^ _PAGE_PRESENT;
+	set_pte(pte, __pte(flip_protnone_guard(val, new, PTE_PFN_MASK)));
=20
 	/*
 	 * If the page was protected (non-present) and we're making it

base-commit: fcb70a56f4d81450114034b2c61f48ce7444a0e2
--=20
2.39.5