All of lore.kernel.org
 help / color / mirror / Atom feed
From: Borislav Petkov <bp@alien8.de>
To: Thomas Gleixner <tglx@linutronix.de>
Cc: Paul Menzel <pmenzel@molgen.mpg.de>,
	linux-mm@kvack.org, x86@kernel.org,
	lkml <linux-kernel@vger.kernel.org>
Subject: Re: x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
Date: Wed, 3 Oct 2018 23:22:55 +0200	[thread overview]
Message-ID: <20181003212255.GB28361@zn.tnic> (raw)
In-Reply-To: <alpine.DEB.2.21.1809281653270.2004@nanos.tec.linutronix.de>

On Fri, Sep 28, 2018 at 04:55:19PM +0200, Thomas Gleixner wrote:
> Sorry for the delay and thanks for the data. A quick diff did not reveal
> anything obvious. I'll have a closer look and we probably need more (other)
> information to nail that down.

Just a brain dump of what I've found out so far.

Commenting out the init_mem_mapping() call below:

void __init init_mem_mapping(void)
{
        unsigned long end;

	...

        /* the ISA range is always mapped regardless of memory holes */
//      init_memory_mapping(0, ISA_END_ADDRESS);

changes the address the warning reports to:

[    4.392870] x86/mm: Found insecure W+X mapping at address 0xc0000000/0xc0000000

but the machine boots fine otherwise.

Which begs the question: why do we direct-map the ISA range at
PAGE_OFFSET at all? Do we have to have virtual mappings of it at all? I
thought ISA devices don't need that but this is long before my time...

Then, the warning say too:

[    4.399804] x86/mm: Checked W+X mappings: FAILED, 252 W+X pages found.

and there really are 252 pages  (I counted) which are W+X:

---[ Kernel Mapping ]---
0xc0000000-0xc0001000           4K     RW                     x  pte
0xc0001000-0xc0099000         608K     RW                     x  pte
0xc0099000-0xc009a000           4K     ro                     NX pte
0xc009a000-0xc009b000           4K     ro                     x  pte
0xc009b000-0xc009d000           8K     RW                     NX pte
0xc009d000-0xc00a0000          12K     RW                     x  pte
0xc00a0000-0xc00a2000           8K     RW                     x  pte
0xc00a2000-0xc00b8000          88K     RW                     x  pte
0xc00b8000-0xc00c0000          32K     RW                     x  pte
0xc00c0000-0xc00f3000         204K     RW                     x  pte
0xc00f3000-0xc00fc000          36K     RW                     x  pte
0xc00fc000-0xc00fd000           4K     RW                     x  pte
0xc00fd000-0xc0100000          12K     RW                     x  pte
...

but I can't find where those guys appear from. Will be adding more debug
printks to track it down.

Anyway, just a dump of the current state...

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

  reply	other threads:[~2018-10-03 21:22 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-19  6:55 x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000 Paul Menzel
2018-09-19  8:09 ` Thomas Gleixner
2018-09-20  7:07   ` Paul Menzel
2018-09-20 22:51     ` Thomas Gleixner
2018-09-24 21:47       ` Paul Menzel
2018-09-28 14:55         ` Thomas Gleixner
2018-10-03 21:22           ` Borislav Petkov [this message]
2018-10-04  3:11             ` Paul Menzel
2018-10-04  7:48               ` Borislav Petkov
2018-10-04  8:03             ` Joerg Roedel
2018-10-04  8:14               ` Borislav Petkov
2018-10-04  8:40                 ` Paul Menzel
2018-10-04  8:49                   ` Borislav Petkov
2018-10-04  8:59                     ` Paul Menzel
2018-10-04 10:54                       ` Borislav Petkov
2018-10-04 11:00                         ` Paul Menzel
2018-10-04 11:12                           ` Borislav Petkov
2018-10-04  8:43                 ` Joerg Roedel
2018-10-04  8:48                   ` Borislav Petkov
2018-10-05  9:27               ` Thomas Gleixner
2018-10-05  9:39                 ` Paul Menzel
2018-10-08 19:37                   ` Thomas Gleixner
2018-10-08 20:08                     ` Bjorn Helgaas

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181003212255.GB28361@zn.tnic \
    --to=bp@alien8.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-mm@kvack.org \
    --cc=pmenzel@molgen.mpg.de \
    --cc=tglx@linutronix.de \
    --cc=x86@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.