| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <57b68f5b.cjwJlOz7hC0viMnJ%fengguang.wu@intel.com>
Date: Fri, 19 Aug 2016 12:47:23 +0800
From: kernel test robot <fengguang.wu@...el.com>
To: Stephen Smalley <sds@...ho.nsa.gov>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
Ingo Molnar <mingo@...nel.org>, wfg@...ux.intel.com
Subject: [x86/mm] e1a58320a3: WARNING: CPU: 1 PID: 1 at
arch/x86/mm/dump_pagetables.c:225 note_page()
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
commit e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley <sds@...ho.nsa.gov>
AuthorDate: Mon Oct 5 12:55:20 2015 -0400
Commit: Ingo Molnar <mingo@...nel.org>
CommitDate: Tue Oct 6 11:11:48 2015 +0200
x86/mm: Warn on W^X mappings
Warn on any residual W+X mappings after setting NX
if DEBUG_WX is enabled. Introduce a separate
X86_PTDUMP_CORE config that enables the code for
dumping the page tables without enabling the debugfs
interface, so that DEBUG_WX can be enabled without
exposing the debugfs interface. Switch EFI_PGT_DUMP
to using X86_PTDUMP_CORE so that it also does not require
enabling the debugfs interface.
On success it prints this to the kernel log:
x86/mm: Checked W+X mappings: passed, no W+X pages found.
On failure it prints a warning and a count of the failed pages:
------------[ cut here ]------------
WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:226 note_page+0x610/0x7b0()
x86/mm: Found insecure W+X mapping at address ffffffff81755000/__stop___ex_table+0xfa8/0xabfa8
[...]
Call Trace:
[<ffffffff81380a5f>] dump_stack+0x44/0x55
[<ffffffff8109d3f2>] warn_slowpath_common+0x82/0xc0
[<ffffffff8109d48c>] warn_slowpath_fmt+0x5c/0x80
[<ffffffff8106cfc9>] ? note_page+0x5c9/0x7b0
[<ffffffff8106d010>] note_page+0x610/0x7b0
[<ffffffff8106d409>] ptdump_walk_pgd_level_core+0x259/0x3c0
[<ffffffff8106d5a7>] ptdump_walk_pgd_level_checkwx+0x17/0x20
[<ffffffff81063905>] mark_rodata_ro+0xf5/0x100
[<ffffffff817415a0>] ? rest_init+0x80/0x80
[<ffffffff817415bd>] kernel_init+0x1d/0xe0
[<ffffffff8174cd1f>] ret_from_fork+0x3f/0x70
[<ffffffff817415a0>] ? rest_init+0x80/0x80
---[ end trace a1f23a1e42a2ac76 ]---
x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
Signed-off-by: Stephen Smalley <sds@...ho.nsa.gov>
Acked-by: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...capital.net>
Cc: Arjan van de Ven <arjan@...ux.intel.com>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Brian Gerst <brgerst@...il.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: H. Peter Anvin <hpa@...or.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Mike Galbraith <efault@....de>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Thomas Gleixner <tglx@...utronix.de>
Cc: linux-kernel@...r.kernel.org
Link: http://lkml.kernel.org/r/1444064120-11450-1-git-send-email-sds@tycho.nsa.gov
[ Improved the Kconfig help text and made the new option default-y
if CONFIG_DEBUG_RODATA=y, because it already found buggy mappings,
so we really want people to have this on by default. ]
Signed-off-by: Ingo Molnar <mingo@...nel.org>
+-------------------------------------------------------+------------+------------+------+
| | 38a413cbc2 | e1a58320a3 | v4.4 |
+-------------------------------------------------------+------------+------------+------+
| boot_successes | 63 | 0 | 0 |
| boot_failures | 0 | 22 | 45 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page() | 0 | 22 | 45 |
| calltrace:mark_rodata_ro | 0 | 22 | 45 |
+-------------------------------------------------------+------------+------------+------+
[ 50.648376] debug: unmapping init [mem 0xffff8800139e9000-0xffff8800139fffff]
[ 50.652158] debug: unmapping init [mem 0xffff880013d38000-0xffff880013dfffff]
[ 50.654923] ------------[ cut here ]------------
[ 50.655544] WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page+0x334/0x340()
[ 50.664908] x86/mm: Found insecure W+X mapping at address ffffffffc00f6000/0xffffffffc00f6000
[ 50.665893] Modules linked in:
[ 50.666282] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.3.0-rc3-00013-ge1a5832 #1
[ 50.667144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 50.680247] 00000000000000e1 ffff88000019fce8 ffffffff93698935 ffff880000198000
[ 50.681279] ffff88000019fd38 ffff88000019fd28 ffffffff93495f2d 0000000000000000
[ 50.682318] ffff88000019fe88 0000000000000000 0000000000000000 0000000000000004
[ 50.683342] Call Trace:
[ 50.683668] [<ffffffff93698935>] dump_stack+0x4c/0x67
[ 50.690347] [<ffffffff93495f2d>] warn_slowpath_common+0x8d/0xd0
[ 50.691179] [<ffffffff93496011>] warn_slowpath_fmt+0x41/0x50
[ 50.696101] [<ffffffff93448144>] note_page+0x334/0x340
[ 50.696723] [<ffffffff9344828a>] walk_pmd_level+0x13a/0x1c0
[ 50.697382] [<ffffffff9344840e>] walk_pud_level+0xfe/0x110
[ 50.698034] [<ffffffff934484d1>] ptdump_walk_pgd_level_core+0xb1/0x130
[ 50.698788] [<ffffffff93448572>] ptdump_walk_pgd_level_checkwx+0x12/0x20
[ 50.699680] [<ffffffff9343f6bc>] mark_rodata_ro+0xec/0x100
[ 50.708648] [<ffffffff939dc700>] ? rest_init+0x150/0x150
[ 50.709400] [<ffffffff939dc718>] kernel_init+0x18/0xe0
[ 50.712290] [<ffffffff939e3faf>] ret_from_fork+0x3f/0x70
[ 50.712991] [<ffffffff939dc700>] ? rest_init+0x150/0x150
[ 50.713686] ---[ end trace 77c60916b05835a9 ]---
[ 50.714324] x86/mm: Checked W+X mappings: FAILED, 2 W+X pages found.
git bisect start v4.4 v4.3 --
git bisect bad cd6caf550a2adc763c6301ecc0be01f422fb2aea # 10:51 0- 17 Merge tag 'for-linus-4.4' of git://git.code.sf.net/p/openipmi/linux-ipmi
git bisect bad 713009809681e5a7871e96e6992692c805b4480b # 10:58 0- 9 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4
git bisect bad ccf21b69a83afaee4d5499e0d03eacf23946e08c # 11:05 0- 5 Merge branch 'for-4.4/reservations' of git://git.kernel.dk/linux-block
git bisect good b831ef2cad979912850e34f82415c0c5d59de8cb # 11:19 22+ 0 Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad ccc9d4a6d640cbde05d519edeb727881646cf71b # 11:31 0- 22 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
git bisect good f323c49b300baf89e2cb4050b0def1856c0b1852 # 11:36 21+ 0 Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 4302d506d5f3419109abdd0d6e400ed6e8148209 # 11:47 22+ 0 Merge branch 'x86-headers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect bad 639ab3eb38c6e92e27e061551dddee6dd3bbb5d2 # 11:53 0- 7 Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
git bisect good 34437e67a6727885bdf6cbfd8441b1ac43a1ee65 # 12:00 22+ 0 x86/mm: Fix slow_virt_to_phys() to handle large PAT bit
git bisect good d551aaa2f7e1387fa66093ce9914c2e91f283a50 # 12:07 22+ 0 x86/mm: Fix __split_large_page() to handle large PAT bit
git bisect good 38a413cbc2b2834683b21823d964bc2d2f0abb82 # 12:18 21+ 0 Merge tag 'v4.3-rc3' into x86/mm, to pick up fixes before applying new changes
git bisect bad e1a58320a38dfa72be48a0f1a3a92273663ba6db # 12:25 0- 7 x86/mm: Warn on W^X mappings
# first bad commit: [e1a58320a38dfa72be48a0f1a3a92273663ba6db] x86/mm: Warn on W^X mappings
git bisect good 38a413cbc2b2834683b21823d964bc2d2f0abb82 # 12:29 63+ 0 Merge tag 'v4.3-rc3' into x86/mm, to pick up fixes before applying new changes
# extra tests with CONFIG_DEBUG_INFO_REDUCED
git bisect bad e1a58320a38dfa72be48a0f1a3a92273663ba6db # 12:38 0- 1 x86/mm: Warn on W^X mappings
# extra tests on HEAD of linus/master
# extra tests on tree/branch linus/master
# extra tests on tree/branch linus/master
# extra tests on tree/branch linux-next/master
This script may reproduce the error.
----------------------------------------------------------------------------
#!/bin/bash
kernel=$1
initrd=quantal-core-x86_64.cgz
wget --no-clobber https://github.com/fengguang/reproduce-kernel-bug/raw/master/initrd/$initrd
kvm=(
qemu-system-x86_64
-enable-kvm
-cpu kvm64
-kernel $kernel
-initrd $initrd
-m 512
-smp 2
-device e1000,netdev=net0
-netdev user,id=net0
-boot order=nc
-no-reboot
-watchdog i6300esb
-watchdog-action debug
-rtc base=localtime
-serial stdio
-display none
-monitor null
)
append=(
root=/dev/ram0
hung_task_panic=1
debug
apic=debug
sysrq_always_enabled
rcupdate.rcu_cpu_stall_timeout=100
panic=-1
softlockup_panic=1
nmi_watchdog=panic
oops=panic
load_ramdisk=2
prompt_ramdisk=0
systemd.log_level=err
ignore_loglevel
earlyprintk=ttyS0,115200
console=ttyS0,115200
console=tty0
vga=normal
rw
drbd.minor_count=8
)
"${kvm[@]}" --append "${append[*]}"
----------------------------------------------------------------------------
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-intel12-16:20160819122601:x86_64-randconfig-w0-08190929:4.3.0-rc3-00013-ge1a5832:1.gz" of type "application/gzip" (17859 bytes)
View attachment "config-4.3.0-rc3-00013-ge1a5832" of type "text/plain" (83685 bytes)
Powered by blists - more mailing lists