lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20160119100503.GA13617@al>
Date:	Tue, 19 Jan 2016 11:05:03 +0100
From:	Peter Wu <peter@...ensteyn.nl>
To:	x86@...nel.org
Cc:	linux-kernel@...r.kernel.org, keescook@...omium.org,
	Stephen Smalley <sds@...ho.nsa.gov>
Subject: x86/mm: Found insecure W+X mapping at address
 ffff880001800000/0xffff880001800000

Hi,

On bootup of kernel 4.4.0 (and also current master) I get a report
with a large number of W+X pages.

Partial dmesg (for the Arch Linux kernel) below:

[    0.448748] Freeing unused kernel memory: 1188K (ffffffff818ee000 - ffffffff81a17000)
[    0.448749] Write protecting the kernel read-only data: 8192k
[    0.449564] Freeing unused kernel memory: 408K (ffff88000159a000 - ffff880001600000)
[    0.450100] Freeing unused kernel memory: 228K (ffff8800017c7000 - ffff880001800000)
[    0.450110] ------------[ cut here ]------------
[    0.450112] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x5e1/0x780()
[    0.450113] x86/mm: Found insecure W+X mapping at address ffff880001800000/0xffff880001800000
[    0.450114] Modules linked in:
[    0.450116] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.4.0-3-ARCH #1
[    0.450117] Hardware name: Notebook                         P65_P67RGRERA/P65_P67RGRERA, BIOS 1.05.07 10/12/2015
[    0.450118]  0000000000000000 00000000df3c3635 ffff880872287d48 ffffffff812c8a99
[    0.450119]  ffff880872287d90 ffff880872287d80 ffffffff810771c2 ffff880872287e90
[    0.450121]  0000000000000163 0000000000000004 0000000000000000 0000000000000000
[    0.450122] Call Trace:
[    0.450126]  [<ffffffff812c8a99>] dump_stack+0x4b/0x72
[    0.450127]  [<ffffffff810771c2>] warn_slowpath_common+0x82/0xc0
[    0.450129]  [<ffffffff8107725c>] warn_slowpath_fmt+0x5c/0x80
[    0.450130]  [<ffffffff8106c4c1>] note_page+0x5e1/0x780
[    0.450132]  [<ffffffff8106c967>] ptdump_walk_pgd_level_core+0x307/0x450
[    0.450133]  [<ffffffff8106cae7>] ptdump_walk_pgd_level_checkwx+0x17/0x20
[    0.450135]  [<ffffffff8106278f>] mark_rodata_ro+0xef/0x100
[    0.450136]  [<ffffffff81586350>] ? rest_init+0x90/0x90
[    0.450138]  [<ffffffff8158636d>] kernel_init+0x1d/0xe0
[    0.450139]  [<ffffffff8159290f>] ret_from_fork+0x3f/0x70
[    0.450140]  [<ffffffff81586350>] ? rest_init+0x90/0x90
[    0.450141] ---[ end trace 60aa063fb3587a14 ]---
[    0.454696] x86/mm: Checked W+X mappings: FAILED, 164057 W+X pages found.

This is a new Clevo P651RA laptop (Skylake) booted via UEFI. A full
dmesg for v4.4-8855-ga200dcb is attached as well as the contents of
/sys/kernel/debug/kernel_page_tables.
-- 
Kind regards,
Peter Wu
https://lekensteyn.nl

View attachment "dmesg-4.4.0-debug-08855-ga200dcb.txt" of type "text/plain" (73337 bytes)

View attachment "kernel_page_tables.txt" of type "text/plain" (158967 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ