Bug#852324: x86/mm: Found insecure W+X mapping

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Bug#852324: x86/mm: Found insecure W+X mapping

Diederik de Haas-2
Package: xen-linux-system-4.8.0-2-amd64
Version: 4.8.15-2
Severity: normal

When I boot my system with Xen, I get the following section in dmesg:

[   13.588381] ------------[ cut here ]------------
[   13.588386] WARNING: CPU: 18 PID: 1 at /build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 note_page+0x5e8/0x790
[   13.588388] x86/mm: Found insecure W+X mapping at address ffff880000000000/0xffff880000000000
[   13.588388] Modules linked in:
[   13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted 4.8.0-2-amd64 #1 Debian 4.8.15-2
[   13.588392] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3202 04/18/2016
[   13.588394]  0000000000000200 00000000043f1514 ffffffff8131f925 ffff8802806b3de0
[   13.588397]  0000000000000000 ffffffff81074ffe ffff8802806b3ed0 ffff8802806b3e38
[   13.588399]  0000000000000004 0000000000000000 ffff8802806b3ed0 0000000000000000
[   13.588401] Call Trace:
[   13.588406]  [<ffffffff8131f925>] ? dump_stack+0x5c/0x77
[   13.588409]  [<ffffffff81074ffe>] ? __warn+0xbe/0xe0
[   13.588412]  [<ffffffff8107507f>] ? warn_slowpath_fmt+0x5f/0x80
[   13.588415]  [<ffffffff810cadc9>] ? vprintk_emit+0x349/0x530
[   13.588417]  [<ffffffff81067198>] ? note_page+0x5e8/0x790
[   13.588419]  [<ffffffff81067615>] ? ptdump_walk_pgd_level_core+0x2d5/0x400
[   13.588423]  [<ffffffff815dbd46>] ? kernel_init+0x26/0x100
[   13.588425]  [<ffffffff815e8eef>] ? ret_from_fork+0x1f/0x40
[   13.588427]  [<ffffffff815dbd20>] ? rest_init+0x80/0x80
[   13.588428] ---[ end trace 98efce8be234f5b3 ]---
[   13.608867] x86/mm: Checked W+X mappings: FAILED, 4602 W+X pages found.

But when I boot my system 'normally', ie without Xen, the error does not
show up.

In https://lists.xen.org/archives/html/xen-devel/2017-01/msg02315.html I
mentioned this too, but figured this specific item is more debian kernel
related then Xen. Full dmesg output of both with and without Xen is
attached to that message to xen-devel.

I'll gladly provide more info, just tell me what you need and how to
obtain it. I installed the debug package for the kernel, but that didn't
seem to affect the above stacktrace.

Cheers,
  Diederik


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages xen-linux-system-4.8.0-2-amd64 depends on:
ii  linux-image-4.8.0-2-amd64  4.8.15-2
ii  xen-system-amd64           4.8.0-1

xen-linux-system-4.8.0-2-amd64 recommends no packages.

xen-linux-system-4.8.0-2-amd64 suggests no packages.

-- no debconf information

Reply | Threaded
Open this post in threaded view
|

Bug#852324: x86/mm: Found insecure W+X mapping

Ben Hutchings-3
On Mon, 2017-01-23 at 16:44 +0100, Diederik de Haas wrote:
> Package: xen-linux-system-4.8.0-2-amd64
> Version: 4.8.15-2
> Severity: normal
>
> When I boot my system with Xen, I get the following section in dmesg:
>
> [   13.588381] ------------[ cut here ]------------
> [   13.588386] WARNING: CPU: 18 PID: 1 at /build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 note_page+0x5e8/0x790
> [   13.588388] x86/mm: Found insecure W+X mapping at address ffff880000000000/0xffff880000000000

This (virtual) address is equal to PAGE_OFFSET, so this mapping
corresponds to the bottom of RAM.

[...]
> I'll gladly provide more info, just tell me what you need and how to
> obtain it. I installed the debug package for the kernel, but that didn't
> seem to affect the above stacktrace.

The stack trace isn't important for this - the bug is not in a calling
function, it's earlier in the initialisation process.

Any ideas, Ian?

Ben.

--
Ben Hutchings
Hoare's Law of Large Problems:
        Inside every large problem is a small problem struggling to get
out.


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Bug#852324: x86/mm: Found insecure W+X mapping

Ian Campbell-2
On Mon, 2017-01-23 at 18:32 +0000, Ben Hutchings wrote:
> Any ideas, Ian?

I'm afraid I'm not so up to speed on Xen things since I changed jobs
last year, looks like people from xen-devel are already involved
though.

Ian.

Reply | Threaded
Open this post in threaded view
|

Processed: Re: x86/mm: Found insecure W+X mapping

Debian Bug Tracking System
In reply to this post by Diederik de Haas-2
Processing control commands:

> retitle -1 [xen] x86/mm: Found insecure W+X mapping
Bug #852324 [src:linux] x86/mm: Found insecure W+X mapping
Changed Bug title to '[xen] x86/mm: Found insecure W+X mapping' from 'x86/mm: Found insecure W+X mapping'.
> tag -1 upstream confirmed
Bug #852324 [src:linux] [xen] x86/mm: Found insecure W+X mapping
Added tag(s) confirmed and upstream.
> found -1 4.9.13-1
Bug #852324 [src:linux] [xen] x86/mm: Found insecure W+X mapping
Marked as found in versions linux/4.9.13-1.

--
852324: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852324
Debian Bug Tracking System
Contact [hidden email] with problems

Reply | Threaded
Open this post in threaded view
|

Bug#852324: marked as done ([xen] x86/mm: Found insecure W+X mapping)

Debian Bug Tracking System
In reply to this post by Diederik de Haas-2
Your message dated Wed, 31 Oct 2018 03:22:07 +0000
with message-id <[hidden email]>
and subject line Re: [xen] x86/mm: Found insecure W+X mapping
has caused the Debian Bug report #852324,
regarding [xen] x86/mm: Found insecure W+X mapping
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
852324: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852324
Debian Bug Tracking System
Contact [hidden email] with problems

Package: xen-linux-system-4.8.0-2-amd64
Version: 4.8.15-2
Severity: normal

When I boot my system with Xen, I get the following section in dmesg:

[   13.588381] ------------[ cut here ]------------
[   13.588386] WARNING: CPU: 18 PID: 1 at /build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 note_page+0x5e8/0x790
[   13.588388] x86/mm: Found insecure W+X mapping at address ffff880000000000/0xffff880000000000
[   13.588388] Modules linked in:
[   13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted 4.8.0-2-amd64 #1 Debian 4.8.15-2
[   13.588392] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3202 04/18/2016
[   13.588394]  0000000000000200 00000000043f1514 ffffffff8131f925 ffff8802806b3de0
[   13.588397]  0000000000000000 ffffffff81074ffe ffff8802806b3ed0 ffff8802806b3e38
[   13.588399]  0000000000000004 0000000000000000 ffff8802806b3ed0 0000000000000000
[   13.588401] Call Trace:
[   13.588406]  [<ffffffff8131f925>] ? dump_stack+0x5c/0x77
[   13.588409]  [<ffffffff81074ffe>] ? __warn+0xbe/0xe0
[   13.588412]  [<ffffffff8107507f>] ? warn_slowpath_fmt+0x5f/0x80
[   13.588415]  [<ffffffff810cadc9>] ? vprintk_emit+0x349/0x530
[   13.588417]  [<ffffffff81067198>] ? note_page+0x5e8/0x790
[   13.588419]  [<ffffffff81067615>] ? ptdump_walk_pgd_level_core+0x2d5/0x400
[   13.588423]  [<ffffffff815dbd46>] ? kernel_init+0x26/0x100
[   13.588425]  [<ffffffff815e8eef>] ? ret_from_fork+0x1f/0x40
[   13.588427]  [<ffffffff815dbd20>] ? rest_init+0x80/0x80
[   13.588428] ---[ end trace 98efce8be234f5b3 ]---
[   13.608867] x86/mm: Checked W+X mappings: FAILED, 4602 W+X pages found.

But when I boot my system 'normally', ie without Xen, the error does not
show up.

In https://lists.xen.org/archives/html/xen-devel/2017-01/msg02315.html I
mentioned this too, but figured this specific item is more debian kernel
related then Xen. Full dmesg output of both with and without Xen is
attached to that message to xen-devel.

I'll gladly provide more info, just tell me what you need and how to
obtain it. I installed the debug package for the kernel, but that didn't
seem to affect the above stacktrace.

Cheers,
  Diederik


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.8.0-2-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages xen-linux-system-4.8.0-2-amd64 depends on:
ii  linux-image-4.8.0-2-amd64  4.8.15-2
ii  xen-system-amd64           4.8.0-1

xen-linux-system-4.8.0-2-amd64 recommends no packages.

xen-linux-system-4.8.0-2-amd64 suggests no packages.

-- no debconf information

Version: 4.17~rc3-1~exp1

This was fixed upstream in Linux 4.17-rc1.

Ben.

--
Ben Hutchings
Absolutum obsoletum. (If it works, it's out of date.) - Stafford Beer


signature.asc (849 bytes) Download Attachment