From nobody Sun Feb  8 05:23:25 2026
Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com
 [209.85.221.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 121F12DCBFC
	for <linux-kernel@vger.kernel.org>; Mon, 26 Jan 2026 21:10:51 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 arc=none smtp.client-ip=209.85.221.42
ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1769461853; cv=none;
 b=gZChQN0WQR3Ri1J/pq+Mkjcg3xKeI+7BIJPwWGpPCtFt+KAFn+dzudw4LQlrKonSLiLMS79InHozWoXtRXZnrVe0k7YODtwZpTZm802NI8rZCg5C51h/CG9Y068NN4SJya4P/JmwY3c2aIMTMILpxxsPD+7aYlEh0w229dK/IlE=
ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1769461853; c=relaxed/simple;
	bh=R/wZmZ+9v4P3p+3awD58RV4596yEdNV93ARibZ++0Hk=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version;
 b=D/VYlxiPUK0mnNTSGg2YAHal/4rkgzVi9Hf4zkn5N8jT65v+O28TYzltr62ku2hvk7t7R31/mfxDTTGIP/ZtFHqq+BiGIsE+Y1TLkwn7RyBlvoSCpyV0wCAlRnBpkUUcYonUQo10q4uDRguegvtnvQ6w+eZr/Y2Kty04Y4OQUkk=
ARC-Authentication-Results: i=1; smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=citrix.com;
 spf=pass smtp.mailfrom=citrix.com;
 dkim=pass (1024-bit key) header.d=citrix.com header.i=@citrix.com
 header.b=fgFJp0Bz; arc=none smtp.client-ip=209.85.221.42
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=reject dis=none) header.from=citrix.com
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=citrix.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=citrix.com header.i=@citrix.com
 header.b="fgFJp0Bz"
Received: by mail-wr1-f42.google.com with SMTP id
 ffacd0b85a97d-432755545fcso3664794f8f.1
        for <linux-kernel@vger.kernel.org>;
 Mon, 26 Jan 2026 13:10:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=citrix.com; s=google; t=1769461850; x=1770066650;
 darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=SPdFNoBhwc/42UhsY49ECO9+OSxJlw6W4wx9EBbbxTg=;
        b=fgFJp0Bz5YpeB1V6M2smE04Xyf1kkb1z6mIC4VmWdVm7JmiJd4bRJdbVKmr/kn57MZ
         VQYYKVqjH441KFhrw5zdracsCBIcjmlbEdAwPvqua1dtHJbudqGKX/yRqyPpxwrPPNis
         yn6ylZA+ToquICmuIojq/U6KVA5dmjswd8Ok8=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1769461850; x=1770066650;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=SPdFNoBhwc/42UhsY49ECO9+OSxJlw6W4wx9EBbbxTg=;
        b=g1W/D2JSIB1jKlO2flEMIsDhgcsQEgi6IhZfjA6C00v4GVF5BrK2VsTBfFju66SRDV
         UUHzVYuAoiGKCv1ANhh/Sb+c2QlbeqHeEmF7fL+EViu0ZmO062OcEDSbqnDk7MQfcgnl
         DTaBQf5hsflEN3Z/SLKAsDcLkPCGlpaJUQJW+l3exkVfO6mCAtMtPn/3HOmmeGXFRXdc
         5hbiI3rhDCDB8l6ggABnyKQyjWggPl0aRt6ohY3+mcBMLjLZV/chPvm5mJTdQEhyW623
         KLH58s9g3AzW2O2tBUV1LrrgTLHd6T9/kAPSkIegaddNxJOlwN7PdhjLCXUdCkU87y1K
         tQOQ==
X-Gm-Message-State: AOJu0YzCvWq0SDVcDX4TiQYAwICCsrAEVTtfBrMA1lHXdcgrJATW0fGj
	LFwkvELbPEjDuCtaFerq+W/ifLP4AP1nw2/gQ+YhthRDdJqSCnzBwr/GS09YvNSSClUbyNvDjpJ
	xTShr
X-Gm-Gg: AZuq6aI/Kb1iEoJV/XtDvsigXDNFfrMVFmAR/9xruftlvJfLq2+Bjby2R9x4BqnMGI0
	mxUWdSVz1epYQ4QbyYPvaoeWF/bzVqlpdVJPo0eJXSTuG/B+bLDSzBAAjJUEfN0YAviLedPN2ew
	zoIbaXfzH1wDf27zgN5ZsHP/ejiVDAbpvtePdbO/m0GYoQCJiCXo3yL5ZYFyN88VJ7F/bLWq/CM
	QnQMCQRL3UW/+J6Xv6KpPJ+1Hd8UyrAJD4pf93pr8bQztX6T0Yl24xwYVXnbBFx9y26hCzJ8KLR
	ZC0ylNrVZyjuVGLkLOtWXuXU/Xs5DWXvHcQP2OuaygpcwZVrf0orolB615MmbkaIrbUSEEGpRoQ
	i87BBIN6/XqSXR9GHeCMIkYmD3gw6pwrRxTsIadPSY1Td6HBMPY0EaAjsuakOPjH3PXps4nQ8gq
	4PKdLCe330BOoHuiYbomiU6bpd+qqJk9ZxjTLyR+l2GEiqopsl3MzJnRkWO/pOhA==
X-Received: by 2002:a05:6000:22c1:b0:435:960c:5286 with SMTP id
 ffacd0b85a97d-435ca1ae448mr9047616f8f.58.1769461850008;
        Mon, 26 Jan 2026 13:10:50 -0800 (PST)
Received: from localhost.localdomain (host-92-26-102-188.as13285.net.
 [92.26.102.188])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-435b1e715d3sm33097044f8f.28.2026.01.26.13.10.49
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 26 Jan 2026 13:10:49 -0800 (PST)
From: Andrew Cooper <andrew.cooper3@citrix.com>
To: LKML <linux-kernel@vger.kernel.org>
Cc: Andrew Cooper <andrew.cooper3@citrix.com>,
	Ryusuke Konishi <konishi.ryusuke@gmail.com>,
	Alexander Potapenko <glider@google.com>,
	Marco Elver <elver@google.com>,
	Dmitry Vyukov <dvyukov@google.com>,
	Thomas Gleixner <tglx@linutronix.de>,
	Ingo Molnar <mingo@redhat.com>,
	Borislav Petkov <bp@alien8.de>,
	Dave Hansen <dave.hansen@linux.intel.com>,
	x86@kernel.org,
	"H. Peter Anvin" <hpa@zytor.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Jann Horn <jannh@google.com>,
	kasan-dev@googlegroups.com
Subject: [PATCH v2] x86/kfence: Fix booting on 32bit non-PAE systems
Date: Mon, 26 Jan 2026 21:10:46 +0000
Message-Id: <20260126211046.2096622-1-andrew.cooper3@citrix.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: 
 <CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSqtMoV1Rn9JV_gw@mail.gmail.com>
References: 
 <CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSqtMoV1Rn9JV_gw@mail.gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"

The original patch inverted the PTE unconditionally to avoid
L1TF-vulnerable PTEs, but Linux doesn't make this adjustment in 2-level
paging.

Adjust the logic to use the flip_protnone_guard() helper, which is a nop on
2-level paging but inverts the address bits in all other paging modes.

This doesn't matter for the Xen aspect of the original change.  Linux no
longer supports running 32bit PV under Xen, and Xen doesn't support running
any 32bit PV guests without using PAE paging.

Fixes: b505f1944535 ("x86/kfence: avoid writing L1TF-vulnerable PTEs")
Reported-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Closes: https://lore.kernel.org/lkml/CAKFNMokwjw68ubYQM9WkzOuH51wLznHpEOMSq=
tMoV1Rn9JV_gw@mail.gmail.com/
Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
CC: Ryusuke Konishi <konishi.ryusuke@gmail.com>
CC: Alexander Potapenko <glider@google.com>
CC: Marco Elver <elver@google.com>
CC: Dmitry Vyukov <dvyukov@google.com>
CC: Thomas Gleixner <tglx@linutronix.de>
CC: Ingo Molnar <mingo@redhat.com>
CC: Borislav Petkov <bp@alien8.de>
CC: Dave Hansen <dave.hansen@linux.intel.com>
CC: x86@kernel.org
CC: "H. Peter Anvin" <hpa@zytor.com>
CC: Andrew Morton <akpm@linux-foundation.org>
CC: Jann Horn <jannh@google.com>
CC: kasan-dev@googlegroups.com
CC: linux-kernel@vger.kernel.org
Tested-by: Borislav Petkov (AMD) <bp@alien8.de>
---
v2:
 * Fix a spelling mistake in the comment.
---
 arch/x86/include/asm/kfence.h | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/arch/x86/include/asm/kfence.h b/arch/x86/include/asm/kfence.h
index acf9ffa1a171..dfd5c74ba41a 100644
--- a/arch/x86/include/asm/kfence.h
+++ b/arch/x86/include/asm/kfence.h
@@ -42,7 +42,7 @@ static inline bool kfence_protect_page(unsigned long addr=
, bool protect)
 {
 	unsigned int level;
 	pte_t *pte =3D lookup_address(addr, &level);
-	pteval_t val;
+	pteval_t val, new;
=20
 	if (WARN_ON(!pte || level !=3D PG_LEVEL_4K))
 		return false;
@@ -57,11 +57,12 @@ static inline bool kfence_protect_page(unsigned long ad=
dr, bool protect)
 		return true;
=20
 	/*
-	 * Otherwise, invert the entire PTE.  This avoids writing out an
+	 * Otherwise, flip the Present bit, taking care to avoid writing an
 	 * L1TF-vulnerable PTE (not present, without the high address bits
 	 * set).
 	 */
-	set_pte(pte, __pte(~val));
+	new =3D val ^ _PAGE_PRESENT;
+	set_pte(pte, __pte(flip_protnone_guard(val, new, PTE_PFN_MASK)));
=20
 	/*
 	 * If the page was protected (non-present) and we're making it

base-commit: fcb70a56f4d81450114034b2c61f48ce7444a0e2
--=20
2.39.5