From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752081AbbJETO0 (ORCPT <rfc822;w@1wt.eu>);
	Mon, 5 Oct 2015 15:14:26 -0400
Received: from emvm-gh1-uea08.nsa.gov ([63.239.67.9]:51468 "EHLO
	emvm-gh1-uea08.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751928AbbJETOY (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 5 Oct 2015 15:14:24 -0400
X-TM-IMSS-Message-ID: <05e274ff0000bd4f@nsa.gov>
Subject: Re: [PATCH v2] x86/mm: warn on W+x mappings
To: Ingo Molnar <mingo@kernel.org>
References: <1443814185-21552-1-git-send-email-sds@tycho.nsa.gov>
 <20151003112701.GA4531@gmail.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org, keescook@chromium.org
From: Stephen Smalley <sds@tycho.nsa.gov>
X-Enigmail-Draft-Status: N1110
Organization: National Security Agency
Message-ID: <5612CBE8.2010504@tycho.nsa.gov>
Date: Mon, 5 Oct 2015 15:13:44 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.1.0
MIME-Version: 1.0
In-Reply-To: <20151003112701.GA4531@gmail.com>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-TM-AS-MML: disable
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 10/03/2015 07:27 AM, Ingo Molnar wrote:
> 
> * Stephen Smalley <sds@tycho.nsa.gov> wrote:
> 
>> diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
>> index 30564e2..f8b1573 100644
>> --- a/arch/x86/mm/init_64.c
>> +++ b/arch/x86/mm/init_64.c
>> @@ -1150,6 +1150,8 @@ void mark_rodata_ro(void)
>>  	free_init_pages("unused kernel",
>>  			(unsigned long) __va(__pa_symbol(rodata_end)),
>>  			(unsigned long) __va(__pa_symbol(_sdata)));
>> +
>> +	debug_checkwx();
> 
> Any reason to not do this on NX capable 32-bit kernels as well?

Done in v3.  However, I do see lots of W+X mappings there.

[    1.012796] WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x65d/0x840()
[    1.012803] x86/mm: Found insecure W+X mapping at address f4a00000/0xf4a00000
[    1.012805] Modules linked in:
[    1.012833] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.3.0-rc4+ #2
[    1.012837] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140709_153950- 04/01/2014
[    1.012844]  c0d32967 173b7da7 00000000 f7105e7c c0713490 f7105ebc f7105eac c045d077
[    1.012848]  c0c47ef8 f7105edc 00000001 c0c4de42 000000e1 c04551fd c04551fd f7105f3c
[    1.012851]  00000002 00000000 f7105ec8 c045d0ee 00000009 f7105ebc c0c47ef8 f7105edc
[    1.012855] Call Trace:
[    1.012868]  [<c0713490>] dump_stack+0x41/0x61
[    1.012871]  [<c045d077>] warn_slowpath_common+0x87/0xc0
[    1.012873]  [<c04551fd>] ? note_page+0x65d/0x840
[    1.012875]  [<c04551fd>] ? note_page+0x65d/0x840
[    1.012877]  [<c045d0ee>] warn_slowpath_fmt+0x3e/0x60
[    1.012878]  [<c04551fd>] note_page+0x65d/0x840
[    1.012880]  [<c04555b6>] ptdump_walk_pgd_level_core+0x1d6/0x2d0
[    1.012883]  [<c04557a6>] ptdump_walk_pgd_level_checkwx+0x16/0x20
[    1.012886]  [<c044ba15>] mark_rodata_ro+0x135/0x160
[    1.012898]  [<c0a9b33f>] kernel_init+0x1f/0xe0
[    1.012906]  [<c0484b41>] ? schedule_tail+0x11/0x50
[    1.012909]  [<c0aa0bc1>] ret_from_kernel_thread+0x21/0x30
[    1.012910]  [<c0a9b320>] ? rest_init+0x70/0x70
[    1.012912] ---[ end trace 40a4f3d5e8fb70ac ]---
[    1.012954] x86/mm: Checked W+X mappings: FAILED, 6556 W+X pages found.