From: Pavel Machek <pavel@ucw.cz>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
Arjan van de Ven <arjan@linux.intel.com>,
Borislav Petkov <bp@alien8.de>,
kernel list <linux-kernel@vger.kernel.org>,
Stephen Smalley <sds@tycho.nsa.gov>,
Brian Gerst <brgerst@gmail.com>,
Denys Vlasenko <dvlasenk@redhat.com>, Peter Anvin <hpa@zytor.com>,
Mike Galbraith <efault@gmx.de>,
Peter Zijlstra <peterz@infradead.org>,
Thomas Gleixner <tglx@linutronix.de>
Subject: Re: 4.4-rc5: ugly warn on: 5 W+X pages found
Date: Tue, 15 Dec 2015 21:58:35 +0100 [thread overview]
Message-ID: <20151215205835.GA3522@amd> (raw)
In-Reply-To: <CA+55aFyp91uoxPV=NTNpWOLWkfV9QB=0WKZBtF2cdBNC8Q6LSA@mail.gmail.com>
Hi!
> > I tried applying:
> >
> > [PATCH 1/2] x86_32/mm: Set NX in __supported_pte_mask before enabling
> > paging
> >
> > but I still get
> >
> > [ 2.691897] x86/mm: Found insecure W+X mapping at address ffe69000/0xffe69000
>
> This may be an insane suggestion, but how about we try to detect when
> that entry gets set, rather than after the fact.
>
> Something really brute-force like
>
> diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
> index 6ec0c8b2e9df..538c9bb239b9 100644
> --- a/arch/x86/include/asm/pgtable.h
> +++ b/arch/x86/include/asm/pgtable.h
> @@ -337,6 +337,13 @@ static inline pmd_t pmd_clear_soft_dirty(pmd_t pmd)
>
> #endif /* CONFIG_HAVE_ARCH_SOFT_DIRTY */
>
> +static inline int kernel_write_execute_prot(pgprotval_t protval)
> +{
> + return !(protval & _PAGE_USER) &&
> + !(protval & _PAGE_NX) &&
> + (protval & _PAGE_RW);
> +}
...
> + if (protval & _PAGE_PRESENT) {
> protval &= __supported_pte_mask;
> + WARN_ON_ONCE(kernel_write_execute_prot(protval));
> + }
>
> return protval;
> }
>
> or similar?
>
> The above is entirely untested. Maybe it doesn't compile. Or
> boot. Or work.
Well, with two extra spaces at each line, it does not apply :-).
I applied it by hand, and the output is:
[ 0.000000] MTRR variable ranges enabled:
[ 0.000000] 0 base 000000000 mask F80000000 write-back
[ 0.000000] 1 base 080000000 mask FC0000000 write-back
[ 0.000000] 2 base 0BF700000 mask FFFF00000 uncachable
[ 0.000000] 3 base 0BF800000 mask FFF800000 uncachable
[ 0.000000] 4 disabled
[ 0.000000] 5 disabled
[ 0.000000] 6 disabled
[ 0.000000] 7 disabled
[ 0.000000] x86/PAT: PAT not supported by CPU.
[ 0.000000] initial memory mapped: [mem 0x00000000-0x05bfffff]
[ 0.000000] Base memory trampoline at [c009b000] 9b000 size 16384
[ 0.000000] ------------[ cut here ]------------
[ 0.000000] WARNING: CPU: 0 PID: 0 at
./arch/x86/include/asm/pgtable.h:357 kernel_physical_mapping_init+0x
256/0x395()
[ 0.000000] Modules linked in:
[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 4.4.0-rc5+ #137
[ 0.000000] Hardware name: LENOVO 17097HU/17097HU, BIOS 7BETD8WW
(2.19 ) 03/31/2011
[ 0.000000] 00000000 00000000 c4e63e90 c42baaf8 00000000 c4e63eac
c404066b 00000165
[ 0.000000] c4f134da 00000000 00000000 00000000 c4e63ebc c404070f
00000009 00000000
[ 0.000000] c4e63f18 c4f134da c4e63f00 00000000 00000000 00000000
00000000 00000000
[ 0.000000] Call Trace:
[ 0.000000] [<c42baaf8>] dump_stack+0x41/0x59
[ 0.000000] [<c404066b>] warn_slowpath_common+0x6b/0xa0
[ 0.000000] [<c4f134da>] ?
kernel_physical_mapping_init+0x256/0x395
[ 0.000000] [<c404070f>] warn_slowpath_null+0xf/0x20
[ 0.000000] [<c4f134da>] kernel_physical_mapping_init+0x256/0x395
[ 0.000000] [<c4a4de21>] init_memory_mapping+0x191/0x300
[ 0.000000] [<c4f12d96>] init_mem_mapping+0xe7/0x1f3
[ 0.000000] [<c4f12d96>] ? init_mem_mapping+0xe7/0x1f3
[ 0.000000] [<c4f065ef>] setup_arch+0x659/0x8ca
[ 0.000000] [<c4f0480e>] start_kernel+0xbb/0x360
[ 0.000000] [<c4f042d4>] i386_start_kernel+0x82/0x86
[ 0.000000] ---[ end trace e117245cd61feaf1 ]---
[ 0.000000] BRK [0x0566a000, 0x0566afff] PGTABLE
[ 0.000000] BRK [0x0566b000, 0x0566bfff] PGTABLE
[ 0.000000] BRK [0x0566c000, 0x0566cfff] PGTABLE
I'll take a look if I can figure out what it means...
Pavel
--
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
next prev parent reply other threads:[~2015-12-15 20:58 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-15 7:00 4.4-rc0: 5 W+X pages found Pavel Machek
2015-11-23 14:37 ` Mihai Donțu
2015-12-08 21:19 ` Kees Cook
2015-12-09 0:10 ` Dave Jones
2015-12-09 19:33 ` Mihai Donțu
2015-12-14 8:04 ` 4.4-rc5: ugly warn on: " Pavel Machek
2015-12-14 8:58 ` Borislav Petkov
2015-12-14 9:07 ` Pavel Machek
2015-12-14 9:15 ` Borislav Petkov
2015-12-14 19:18 ` Linus Torvalds
2015-12-14 20:26 ` Pavel Machek
2015-12-14 21:02 ` Andy Lutomirski
2015-12-14 21:24 ` Arjan van de Ven
2015-12-14 22:25 ` Andy Lutomirski
2015-12-15 9:40 ` Pavel Machek
2015-12-15 17:45 ` Linus Torvalds
2015-12-15 18:30 ` Borislav Petkov
2015-12-15 19:06 ` Linus Torvalds
2015-12-15 19:15 ` Borislav Petkov
2015-12-15 18:40 ` Andy Lutomirski
2015-12-15 19:08 ` Linus Torvalds
2015-12-15 20:58 ` Pavel Machek [this message]
2015-12-15 21:12 ` 4.4.-rc5: lguest causes " Pavel Machek
2015-12-16 2:24 ` Rusty Russell
2015-12-16 8:10 ` Pavel Machek
2015-12-15 21:33 ` 4.4-rc5: " Borislav Petkov
2015-12-15 22:07 ` Pavel Machek
2015-12-15 22:15 ` Borislav Petkov
2015-12-15 7:56 ` Pavel Machek
2015-12-15 8:09 ` [PATCH 0/2] x86/mm: A _PAGE_NX fixlet and a kmap cleanup Andy Lutomirski
2015-12-15 8:09 ` [PATCH 1/2] x86_32/mm: Set NX in __supported_pte_mask before enabling paging Andy Lutomirski
2015-12-15 8:09 ` [PATCH 2/2] x86/mm: Make kmap_prot into a #define Andy Lutomirski
2016-01-19 9:26 ` [PATCH 0/2] x86/mm: A _PAGE_NX fixlet and a kmap cleanup Ingo Molnar
2016-01-19 19:44 ` Andy Lutomirski
2015-12-15 13:26 ` 4.4-rc5: ugly warn on: 5 W+X pages found Arjan van de Ven
2015-12-15 14:08 ` Pavel Machek
2015-12-15 16:28 ` H. Peter Anvin
2015-12-15 17:45 ` Pavel Machek
2015-12-14 12:29 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151215205835.GA3522@amd \
--to=pavel@ucw.cz \
--cc=arjan@linux.intel.com \
--cc=bp@alien8.de \
--cc=brgerst@gmail.com \
--cc=dvlasenk@redhat.com \
--cc=efault@gmx.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=peterz@infradead.org \
--cc=sds@tycho.nsa.gov \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.