From: Mike Rapoport <rppt@kernel.org>
To: Dan Moulding <dan@danm.net>
Cc: linux-mm@kvack.org, Peter Zijlstra <peterz@infradead.org>
Subject: Re: WARNING: Found insecure W+X mapping in v6.16-rc6 (Bisected)
Date: Tue, 15 Jul 2025 22:32:12 +0300 [thread overview]
Message-ID: <aHasvAUPPG0D0Na_@kernel.org> (raw)
In-Reply-To: <20250715174325.8277-1-dan@danm.net>
Hi,
On Tue, Jul 15, 2025 at 11:43:25AM -0600, Dan Moulding wrote:
> Hello memory management folks,
>
> I just recently started testing the v6.16-rc6 kernel, and started
> getting a new warning about insecure W+X mappings:
>
> [ 6.022847] ------------[ cut here ]------------
> [ 6.023020] x86/mm: Found insecure W+X mapping at address 0xffffffffc0247000
> [ 6.023200] WARNING: CPU: 5 PID: 1 at arch/x86/mm/dump_pagetables.c:246 note_page+0x6ec/0x790
...
> [ 6.031153] x86/mm: Checked W+X mappings: FAILED, 10 W+X pages found.
>
> I bisected it and git-bisect identified one of three possible commits
> (I couldn't test these individually because builds at those points
> fail to boot on my machine):
>
> There are only 'skip'ped commits left to test.
> The first bad commit could be any of:
> 0b0cae7119a0ec9449d7261b5e672a5fed765068
> 47410d839fcda6890cb82828f874f97710982f24
> a82b26451de126a5ae130361081986bc459afe9b
I'd say this one is the culprit: a82b26451de1 ("x86/its: explicitly manage
permissions for ITS pages")
> We cannot bisect more!
>
> I then tried individually reverting each of these and found that if I
> revert 47410d839fcd ("x86/Kconfig: only enable ROX cache in execmem
> when STRICT_MODULE_RWX is set") on top of v6.16-rc6 then the warning
> goes away. I looked at the change a little to understand why it might
> be causing a problem, and I think it might be because my kernel
> configuration does not enable loadable module support at all, so in my
> configuration STRICT_MODULE_RWX isn't enabled and is probably
> irrelevant given I don't build loadable modules.
>
> Please let me know if there are any additional details I can provide
> or if I should run additional tests with debugging options enabled, etc.
Can you please try this patch:
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 71019b3b54ea..f97e0a50e60a 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -89,7 +89,7 @@ config X86
select ARCH_HAS_DMA_OPS if GART_IOMMU || XEN
select ARCH_HAS_EARLY_DEBUG if KGDB
select ARCH_HAS_ELF_RANDOMIZE
- select ARCH_HAS_EXECMEM_ROX if X86_64 && STRICT_MODULE_RWX
+ select ARCH_HAS_EXECMEM_ROX if X86_64 && (STRICT_KERNEL_RWX || STRICT_MODULE_RWX)
select ARCH_HAS_FAST_MULTIPLIER
select ARCH_HAS_FORTIFY_SOURCE
select ARCH_HAS_GCOV_PROFILE_ALL
> Cheers,
>
> -- Dan
--
Sincerely yours,
Mike.
next prev parent reply other threads:[~2025-07-15 19:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-15 17:43 WARNING: Found insecure W+X mapping in v6.16-rc6 (Bisected) Dan Moulding
2025-07-15 19:32 ` Mike Rapoport [this message]
2025-07-15 20:02 ` Dan Moulding
2026-05-18 20:03 ` Nikola Z. Ivanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aHasvAUPPG0D0Na_@kernel.org \
--to=rppt@kernel.org \
--cc=dan@danm.net \
--cc=linux-mm@kvack.org \
--cc=peterz@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.