[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.DEB.2.20.1705232243520.2409@nanos>
Date: Tue, 23 May 2017 22:48:19 +0200 (CEST)
From: Thomas Gleixner <tglx@...utronix.de>
To: Kees Cook <keescook@...omium.org>
cc: LKML <linux-kernel@...r.kernel.org>, x86@...nel.org,
Masami Hiramatsu <mhiramat@...nel.org>,
"Luis R. Rodriguez" <mcgrof@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Peter Zijlstra <peterz@...radead.org>
Subject: Re: [WARNING] x86/mm: Found insecure W+X mapping at address ..
On Tue, 23 May 2017, Thomas Gleixner wrote:
> On Tue, 23 May 2017, Kees Cook wrote:
> > On Tue, May 23, 2017 at 8:40 AM, Thomas Gleixner <tglx@...utronix.de> wrote:
> > > As of 4.12-rc1 one of my machines triggers the insecure W+X mapping.
> >
> > > It's consistenly 9 entries close to the beginning of the module space,
> > > before the first actual module starts. See below.
> > >
> > > Any ideas which avoid bisecting would be appreciated.
> >
> > Is this the same as:
> >
> > https://lkml.org/lkml/2017/5/19/899
> >
> > ?
> >
> > The location is very similar.
>
> CONFIG_KPROBES_SANITY_TEST=n does not make it go away, but I suspect it's
> something in that area, as I recently switched on all of these self tests.
>
> I'll dig into it later today. Need to walk the dogs first.
It's not KPROBES, it's the new fangled ftrace trampoline code. I added a
few printks. All the leaked W+X mappings are allocated via this callchain:
[ 2.620465] module_alloc+0x8e/0xa0
[ 2.620764] ? __fentry__+0x10/0x10
[ 2.621049] arch_ftrace_update_trampoline+0x9f/0x220
[ 2.621453] ? ftrace_caller+0x64/0x64
[ 2.621754] ? __fentry__+0x10/0x10
[ 2.622047] ftrace_startup+0x90/0x200
[ 2.622352] register_ftrace_function+0x50/0x70
[ 2.622725] function_trace_init+0x6d/0xa0
[ 2.623057] trace_selftest_startup_function+0x63/0x4a8
[ 2.623477] run_tracer_selftest+0xfe/0x16c
[ 2.623813] init_trace_selftests+0x5d/0x103
[ 2.624163] ? set_tracepoint_printk+0x3d/0x3d
[ 2.624525] do_one_initcall+0x44/0x170
[ 2.624845] kernel_init_freeable+0x1ff/0x287
[ 2.625199] ? rest_init+0x140/0x140
[ 2.625491] kernel_init+0xe/0x110
[ 2.625775] ret_from_fork+0x2e/0x40
Thanks,
tglx
Powered by blists - more mailing lists