From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755959AbdESTQb (ORCPT <rfc822;w@1wt.eu>);
        Fri, 19 May 2017 15:16:31 -0400
Received: from mail-io0-f172.google.com ([209.85.223.172]:36654 "EHLO
        mail-io0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755623AbdESTQ3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 May 2017 15:16:29 -0400
MIME-Version: 1.0
In-Reply-To: <CALCETrX-ZGks2v556rNH+WgU9R4JfP8sasr2w3WE==pQ8vm+Ng@mail.gmail.com>
References: <20170515220650.GD17314@wotan.suse.de> <20170515221505.GE17314@wotan.suse.de>
 <CAGXu5j+2Vgi77xvgOvnSKnEHPooJDPO3sWPbBWY-spfK=kWj7Q@mail.gmail.com>
 <CAB=NE6WAsJtpssSu-j_A93cWF==3NyHD_0f6N0-1OgKThwmwGg@mail.gmail.com>
 <CAGXu5j+WdmJtsS-Wrn9tdXPes0kGEGKeS4Zh8Kmp4QCP9gQEFA@mail.gmail.com>
 <20170517164017.GP17314@wotan.suse.de> <CAGXu5jL+5x2Ba_nLrbn-oeu43qPinTS=ZPeXre-s3e-s2--jEg@mail.gmail.com>
 <20170519004414.GD8951@wotan.suse.de> <20170519030802.GE8951@wotan.suse.de>
 <20170519154016.GH8951@wotan.suse.de> <20170519173529.GC19522@e104818-lin.cambridge.arm.com>
 <CALCETrX-ZGks2v556rNH+WgU9R4JfP8sasr2w3WE==pQ8vm+Ng@mail.gmail.com>
From: Kees Cook <keescook@chromium.org>
Date: Fri, 19 May 2017 12:16:27 -0700
X-Google-Sender-Auth: hFzjxk96QQhfv-vDXsBfHnP7uIE
Message-ID: <CAGXu5jLuccswsUnr_ABC7FyNgGttJ8s54bLndRsoNR44tBvQTw@mail.gmail.com>
Subject: Re: next-20170515: WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:236
 note_page+0x630/0x7e0
To: Andy Lutomirski <luto@kernel.org>
Cc: Catalin Marinas <catalin.marinas@arm.com>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Steven Rostedt <srostedt@redhat.com>,
        Stephen Smalley <sds@tycho.nsa.gov>, Ingo Molnar <mingo@kernel.org>,
        Michal Hocko <mhocko@kernel.org>, Vlastimil Babka <vbabka@suse.cz>,
        Andrew Morton <akpm@linux-foundation.org>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Mateusz Guzik <mguzik@redhat.com>, LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, May 19, 2017 at 11:27 AM, Andy Lutomirski <luto@kernel.org> wrote:
> One thing I've pondered: can we make some debugging mode (kmemleak,
> perhaps?) check that freed memory is RW at the time it's freed?  I
> once wrote some buggy code that freed an R page and caused an OOPS
> much later, and this bug here seems likely to be some code that frees
> RWX memory.

Which begs for even more checks: nothing should ever make a page RWX.
Either R, RW, or RX only... (or X too I guess, in the future).

-Kees

-- 
Kees Cook
Pixel Security