From: labbott@redhat.com (Laura Abbott)
To: linux-arm-kernel@lists.infradead.org
Subject: How to debug "insecure W+X mapping"?
Date: Tue, 12 Dec 2017 15:30:00 -0800 [thread overview]
Message-ID: <680ec27a-1557-f2d9-8159-bd49326bd36c@redhat.com> (raw)
In-Reply-To: <bff5a2b3-0d93-5f55-c129-4b14a5a09b45@codeaurora.org>
On 12/12/2017 02:57 PM, Timur Tabi wrote:
> We have a 4.10-based kernel that occasionally displays an insecure W+X mapping (courtesy of CONFIG_DEBUG_WX):
>
> [??? 7.151680] arm64/mm: Found insecure W+X mapping at address 0000345a049d2000/0x345a049d2000
> ...
> [??? 7.435481] Checked W+X mappings: FAILED, 4 W+X pages found, 0 non-UXN pages found
>
> The number of actual W+X pages varies, e.g. sometimes it says 6 pages.
>
> How do I go about debugging this? How do I identify the source of 0000345a049d2000?
>
That's a funny address. The check was written to scan the init_mm
page table but that's not a kernel address on arm64. It almost looks
like something set up a userspace mapping very early in the boot process?
I'd start by dumping the physical address at that address to
see if that gives a suggestion where the mapping came from.
Thanks,
Laura
next prev parent reply other threads:[~2017-12-12 23:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-12 22:57 How to debug "insecure W+X mapping"? Timur Tabi
2017-12-12 23:30 ` Laura Abbott [this message]
2017-12-13 11:58 ` [PATCH] arm64: fix CONFIG_DEBUG_WX address reporting (was: Re: How to debug "insecure W+X mapping"?) Mark Rutland
2017-12-14 19:02 ` [PATCH] arm64: fix CONFIG_DEBUG_WX address reporting Laura Abbott
2017-12-14 21:34 ` Timur Tabi
2017-12-14 19:03 ` Timur Tabi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=680ec27a-1557-f2d9-8159-bd49326bd36c@redhat.com \
--to=labbott@redhat.com \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox