From: Dave Jones <davej@codemonkey.org.uk>
To: Kees Cook <keescook@chromium.org>
Cc: "Mihai Donțu" <mihai.dontu@gmail.com>,
"Pavel Machek" <pavel@ucw.cz>,
LKML <linux-kernel@vger.kernel.org>,
"Stephen Smalley" <sds@tycho.nsa.gov>
Subject: Re: 4.4-rc0: 5 W+X pages found
Date: Tue, 8 Dec 2015 19:10:12 -0500 [thread overview]
Message-ID: <20151209001012.GA17123@codemonkey.org.uk> (raw)
In-Reply-To: <CAGXu5jKhhxxeFoKuHo5_S3RO35E5_YCKkXOMu4EyUOhO+i=0Qg@mail.gmail.com>
On Tue, Dec 08, 2015 at 01:19:32PM -0800, Kees Cook wrote:
> On Mon, Nov 23, 2015 at 6:37 AM, Mihai Donțu <mihai.dontu@gmail.com> wrote:
> > On Sun, 15 Nov 2015 08:00:22 +0100 Pavel Machek wrote:
> >> Kernel complains:
> >>
> >> [ 5.256044] ------------[ cut here ]------------
> >> [ 5.259267] WARNING: CPU: 0 PID: 1 at
> >> arch/x86/mm/dump_pagetables.c:225 note_page+0x5ec/0x790()
> >> [ 5.262668] x86/mm: Found insecure W+X mapping at address
> >> ffe69000/0xffe69000
> >> [ 5.267109] Modules linked in:
> >> [ 5.271403] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.3.0+ #122
> >> [ 5.275679] Hardware name: LENOVO 17097HU/17097HU, BIOS 7BETD8WW
> >> (2.19 ) 03/31/2011
> >> [ 5.279957] 00000000 00000000 f5cffeac c42b9f18 f5cffed8 f5cffec8
> >> c404062b 000000e1
> >> [ 5.284387] c403ca9c f5cfff50 00000163 00000000 f5cffee0 c4040686
> >> 00000009 f5cffed8
> >> [ 5.288815] c4d268ac f5cffef4 f5cfff1c c403ca9c c4d1f494 000000e1
> >> c4d268ac ffe69000
> >> [ 5.293314] Call Trace:
> >> [ 5.297602] [<c42b9f18>] dump_stack+0x41/0x59
> >> [ 5.301864] [<c404062b>] warn_slowpath_common+0x6b/0xa0
> >> [ 5.306054] [<c403ca9c>] ? note_page+0x5ec/0x790
> >> [ 5.310209] [<c4040686>] warn_slowpath_fmt+0x26/0x30
> >> [ 5.314358] [<c403ca9c>] note_page+0x5ec/0x790
> >> [ 5.318440] [<c403cd8f>] ptdump_walk_pgd_level_core+0x14f/0x230
> >> [ 5.322578] [<c403ce91>] ptdump_walk_pgd_level_checkwx+0x11/0x20
> >> [ 5.326632] [<c4034ead>] mark_rodata_ro+0xcd/0xf0
> >> [ 5.330625] [<c4a4aab7>] kernel_init+0x17/0xc0
> >> [ 5.334585] [<c4a511c9>] ret_from_kernel_thread+0x21/0x38
> >> [ 5.338585] [<c4a4aaa0>] ? rest_init+0xa0/0xa0
> >> [ 5.342583] ---[ end trace bc9ac0874ad9a058 ]---
> >> [ 5.346630] x86/mm: Checked W+X mappings: FAILED, 5 W+X pages
> >> found.
> >>
> >> ...I'm not quite sure why it does backtrace, or how to debug this
> >> one...
> >
> > That is a modest number.
> >
> > [ 2.493559] ------------[ cut here ]------------
> > [ 2.493563] WARNING: CPU: 2 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5e1/0x780()
> > [ 2.493565] x86/mm: Found insecure W+X mapping at address ffff88000009d000/0xffff88000009d000
> > [ 2.493565] Modules linked in:
> > [ 2.493568] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.4.0-rc2 #2
> > [ 2.493569] Hardware name: Dell Inc. Latitude E7440/07F3F4, BIOS A15 05/19/2015
> > [ 2.493570] 0000000000000000 00000000c03551f4 ffff88040c7cbd48 ffffffffaa54851c
> > [ 2.493572] ffff88040c7cbd90 ffff88040c7cbd80 ffffffffaa13a662 ffff88040c7cbe90
> > [ 2.493573] 8000000000000163 0000000000000004 0000000000000000 0000000000000000
> > [ 2.493575] Call Trace:
> > [ 2.493579] [<ffffffffaa54851c>] dump_stack+0x4e/0x82
> > [ 2.493582] [<ffffffffaa13a662>] warn_slowpath_common+0x82/0xc0
> > [ 2.493583] [<ffffffffaa13a6fc>] warn_slowpath_fmt+0x5c/0x80
> > [ 2.493585] [<ffffffffaa0a3f61>] note_page+0x5e1/0x780
> > [ 2.493587] [<ffffffffaa0a43c4>] ptdump_walk_pgd_level_core+0x2c4/0x3f0
> > [ 2.493588] [<ffffffffaa0a4527>] ptdump_walk_pgd_level_checkwx+0x17/0x20
> > [ 2.493591] [<ffffffffaa09ad0f>] mark_rodata_ro+0xef/0x100
> > [ 2.493594] [<ffffffffaae75d00>] ? rest_init+0x90/0x90
> > [ 2.493595] [<ffffffffaae75d1d>] kernel_init+0x1d/0xe0
> > [ 2.493596] [<ffffffffaae7c52f>] ret_from_fork+0x3f/0x70
> > [ 2.493598] [<ffffffffaae75d00>] ? rest_init+0x90/0x90
> > [ 2.493599] ---[ end trace e2aec56d15b94609 ]---
> > [ 2.498994] x86/mm: Checked W+X mappings: FAILED, 104640 W+X pages found.
> >
> > All the while I have:
> >
> > $ zgrep NX /proc/config.gz
> > CONFIG_DEBUG_SET_MODULE_RONX=y
> >
> > I added to CC the people involved in pushing this feature to mainline,
> > maybe they can point me to a possible cause.
>
> If you enable CONFIG_X86_PTDUMP, see if you can find out what exists
> in /sys/kernel/debug/kernel_page_tables at ffff88000009d000 ?
Is this not likely the EFI stuff mentioned in commit 54727e6e950aacd14ec9cd4260e9fe498322828c ?
I saw some patches that reorg'd a lot of the EFI memory code, but
afaik they didn't get merged yet.
sidenote:
# cat /sys/kernel/debug/kernel_page_tables
cat: /sys/kernel/debug/kernel_page_tables: Cannot allocate memory
<sad trombone>
Dave
next prev parent reply other threads:[~2015-12-09 0:10 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-15 7:00 4.4-rc0: 5 W+X pages found Pavel Machek
2015-11-23 14:37 ` Mihai Donțu
2015-12-08 21:19 ` Kees Cook
2015-12-09 0:10 ` Dave Jones [this message]
2015-12-09 19:33 ` Mihai Donțu
2015-12-14 8:04 ` 4.4-rc5: ugly warn on: " Pavel Machek
2015-12-14 8:58 ` Borislav Petkov
2015-12-14 9:07 ` Pavel Machek
2015-12-14 9:15 ` Borislav Petkov
2015-12-14 19:18 ` Linus Torvalds
2015-12-14 20:26 ` Pavel Machek
2015-12-14 21:02 ` Andy Lutomirski
2015-12-14 21:24 ` Arjan van de Ven
2015-12-14 22:25 ` Andy Lutomirski
2015-12-15 9:40 ` Pavel Machek
2015-12-15 17:45 ` Linus Torvalds
2015-12-15 18:30 ` Borislav Petkov
2015-12-15 19:06 ` Linus Torvalds
2015-12-15 19:15 ` Borislav Petkov
2015-12-15 18:40 ` Andy Lutomirski
2015-12-15 19:08 ` Linus Torvalds
2015-12-15 20:58 ` Pavel Machek
2015-12-15 21:12 ` 4.4.-rc5: lguest causes " Pavel Machek
2015-12-16 2:24 ` Rusty Russell
2015-12-16 8:10 ` Pavel Machek
2015-12-15 21:33 ` 4.4-rc5: " Borislav Petkov
2015-12-15 22:07 ` Pavel Machek
2015-12-15 22:15 ` Borislav Petkov
2015-12-15 7:56 ` Pavel Machek
2015-12-15 8:09 ` [PATCH 0/2] x86/mm: A _PAGE_NX fixlet and a kmap cleanup Andy Lutomirski
2015-12-15 8:09 ` [PATCH 1/2] x86_32/mm: Set NX in __supported_pte_mask before enabling paging Andy Lutomirski
2015-12-15 8:09 ` [PATCH 2/2] x86/mm: Make kmap_prot into a #define Andy Lutomirski
2016-01-19 9:26 ` [PATCH 0/2] x86/mm: A _PAGE_NX fixlet and a kmap cleanup Ingo Molnar
2016-01-19 19:44 ` Andy Lutomirski
2015-12-15 13:26 ` 4.4-rc5: ugly warn on: 5 W+X pages found Arjan van de Ven
2015-12-15 14:08 ` Pavel Machek
2015-12-15 16:28 ` H. Peter Anvin
2015-12-15 17:45 ` Pavel Machek
2015-12-14 12:29 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151209001012.GA17123@codemonkey.org.uk \
--to=davej@codemonkey.org.uk \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mihai.dontu@gmail.com \
--cc=pavel@ucw.cz \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.