lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 10 Aug 2018 06:33:42 +0800
From:   kernel test robot <lkp@...el.com>
To:     Joerg Roedel <jroedel@...e.de>
Cc:     LKP <lkp@...org>, linux-kernel@...r.kernel.org,
        Thomas Gleixner <tglx@...utronix.de>
Subject: a13c600e15 ("x86/mm/pti: Move user W+X check into .."):  WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page

Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/pti

commit a13c600e15de44ccf03df28d3311ef3cb754ed9b
Author:     Joerg Roedel <jroedel@...e.de>
AuthorDate: Wed Aug 8 13:16:40 2018 +0200
Commit:     Thomas Gleixner <tglx@...utronix.de>
CommitDate: Thu Aug 9 20:42:07 2018 +0200

    x86/mm/pti: Move user W+X check into pti_finalize()
    
    The user page-table gets the updated kernel mappings in pti_finalize(),
    which runs after the RO+X permissions got applied to the kernel page-table
    in mark_readonly().
    
    But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in
    mark_readonly() for insecure mappings.  This causes false-positive
    warnings, because the user page-table did not get the updated mappings yet.
    
    Move the W+X check for the user page-table into pti_finalize() after it
    updated all required mappings.
    
    Signed-off-by: Joerg Roedel <jroedel@...e.de>
    Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
    Cc: "H . Peter Anvin" <hpa@...or.com>
    Cc: linux-mm@...ck.org
    Cc: Linus Torvalds <torvalds@...ux-foundation.org>
    Cc: Andy Lutomirski <luto@...nel.org>
    Cc: Dave Hansen <dave.hansen@...el.com>
    Cc: Josh Poimboeuf <jpoimboe@...hat.com>
    Cc: Juergen Gross <jgross@...e.com>
    Cc: Peter Zijlstra <peterz@...radead.org>
    Cc: Borislav Petkov <bp@...en8.de>
    Cc: Jiri Kosina <jkosina@...e.cz>
    Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
    Cc: Brian Gerst <brgerst@...il.com>
    Cc: David Laight <David.Laight@...lab.com>
    Cc: Denys Vlasenko <dvlasenk@...hat.com>
    Cc: Eduardo Valentin <eduval@...zon.com>
    Cc: Greg KH <gregkh@...uxfoundation.org>
    Cc: Will Deacon <will.deacon@....com>
    Cc: aliguori@...zon.com
    Cc: daniel.gruss@...k.tugraz.at
    Cc: hughd@...gle.com
    Cc: keescook@...gle.com
    Cc: Andrea Arcangeli <aarcange@...hat.com>
    Cc: Waiman Long <llong@...hat.com>
    Cc: Pavel Machek <pavel@....cz>
    Cc: "David H . Gutteridge" <dhgutteridge@...patico.ca>
    Cc: joro@...tes.org
    Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org

a29dba161a  x86/relocs: Add __end_rodata_aligned to S_REL
a13c600e15  x86/mm/pti: Move user W+X check into pti_finalize()
81540b5937  Merge branch 'x86/pti'
+-----------------------------------------------------+------------+------------+------------+
|                                                     | a29dba161a | a13c600e15 | 81540b5937 |
+-----------------------------------------------------+------------+------------+------------+
| boot_successes                                      | 64         | 0          | 0          |
| boot_failures                                       | 0          | 43         | 35         |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 0          | 43         | 35         |
| EIP:note_page                                       | 0          | 43         | 35         |
+-----------------------------------------------------+------------+------------+------------+

[    9.633348] Write protecting the kernel read-only data: 2560k
[    9.634304] rodata_test: all tests were successful
[    9.635329] x86/mm: Checking user space page tables
[    9.636271] ------------[ cut here ]------------
[    9.637045] x86/mm: Found insecure W+X mapping at address (ptrval)/0xffc01000
[    9.638228] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page+0x66b/0x870
[    9.639857] Modules linked in:
[    9.640375] CPU: 0 PID: 1 Comm: swapper Not tainted 4.18.0-rc8-00061-ga13c600 #870
[    9.641608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[    9.642970] EIP: note_page+0x66b/0x870
[    9.643589] Code: c6 00 10 00 00 75 d4 e9 0b fc ff ff 8b 43 0c c7 04 24 84 f4 7c 79 c6 05 82 ff 8f 79 01 89 44 24 08 89 44 24 04 e8 15 4d 00 00 <0f> 0b e9 bb fd ff ff 83 c2 0c 89 53 14 c7 43 18 00 00 00 00 e9 0d 
[    9.646710] EAX: 00000041 EBX: 8d037f4c ECX: 790332c0 EDX: 00000201
[    9.647727] ESI: 00000000 EDI: 00000000 EBP: 8d037f24 ESP: 8d037ef4
[    9.648745] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210286
[    9.649861] CR0: 80050033 CR2: 7961fd7c CR3: 019c2000 CR4: 00000690
[    9.650889] Call Trace:
[    9.651304]  ptdump_walk_pgd_level_core+0x25c/0x380
[    9.652109]  ? 0x79000000
[    9.652548]  ptdump_walk_user_pgd_level_checkwx+0x35/0x40
[    9.653316]  pti_finalize+0x68/0x70
[    9.653702]  ? rest_init+0xb0/0xb0
[    9.654142]  kernel_init+0x3b/0x110
[    9.654526]  ? schedule_tail_wrapper+0x9/0xc
[    9.654999]  ret_from_fork+0x2e/0x38
[    9.655392] irq event stamp: 1756564
[    9.655891] hardirqs last  enabled at (1756563): [<79080c75>] console_unlock+0x405/0x590
[    9.657293] hardirqs last disabled at (1756564): [<7960a964>] common_exception+0xf6/0x116
[    9.658747] softirqs last  enabled at (1755714): [<7960b091>] __do_softirq+0x1d1/0x205
[    9.660065] softirqs last disabled at (1755707): [<79012997>] call_on_stack+0x47/0x60
[    9.661267] ---[ end trace 77b3d4fa5b464bc9 ]---
[    9.662063] x86/mm: Checked W+X mappings: FAILED, 8 W+X pages found.

                                                          # HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start e85b2d7cff5935e546bde680af031a845e540b3e 1ffaddd029c867d134a1dde39f540dcc8c52e274 --
git bisect  bad fd42d9639f95a4efc31454eac7cfe528977460d4  # 03:24  B      0     1   29  13  Merge 'linux-review/zhouxianrong/zsmalloc-fix-linking-bug-in-init_zspage/20180810-024718' into devel-catchup-201808100258
git bisect good 33112e036381aaea4d96b0a3597d05ac8c0056c7  # 03:55  G     10     0    0   2  0day base guard for 'devel-catchup-201808100258'
git bisect  bad 8db8f8032e729ba40be9d4dfef0729c9c4ac47ba  # 04:05  B      0     1   18   2  Merge 'tip/x86/pti' into devel-catchup-201808100258
git bisect good b976690f5db26fbc7c2be413bfa0fbd270547a94  # 04:39  G     10     0   10  40  x86/mm/pti: Introduce pti_finalize()
git bisect good 6863ea0cda8725072522cd78bda332d9a0b73150  # 04:58  G     11     0   11  18  x86/mm: Remove in_nmi() warning from vmalloc_fault()
git bisect good 315706049c343794ad0d3e5b6f6b60b900457b11  # 05:06  G     11     0    1   1  Merge branch 'x86/pti-urgent' into x86/pti
git bisect good 16a3fe634f6a568c6234b8747e5d50487fed3526  # 05:15  G     11     0    1   1  x86/mm/pti: Clone kernel-image on PTE level for 32 bit
git bisect  bad a13c600e15de44ccf03df28d3311ef3cb754ed9b  # 05:23  B      0     2   21   4  x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e  # 05:39  G     10     0    0   0  x86/relocs: Add __end_rodata_aligned to S_REL
# first bad commit: [a13c600e15de44ccf03df28d3311ef3cb754ed9b] x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e  # 05:43  G     31     0    1   1  x86/relocs: Add __end_rodata_aligned to S_REL
# extra tests with debug options
git bisect  bad a13c600e15de44ccf03df28d3311ef3cb754ed9b  # 05:49  B      0     1   16   0  x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests on HEAD of linux-devel/devel-catchup-201808100258
git bisect  bad e85b2d7cff5935e546bde680af031a845e540b3e  # 05:54  B      0    34   53   0  0day head guard for 'devel-catchup-201808100258'
# extra tests on tree/branch tip/x86/pti
git bisect  bad a13c600e15de44ccf03df28d3311ef3cb754ed9b  # 06:07  B      0    42   57   0  x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests with first bad commit reverted
git bisect good ada51a550192bf1d3842d0e8b9335a56d062049a  # 06:22  G     11     0    0   0  Revert "x86/mm/pti: Move user W+X check into pti_finalize()"
# extra tests on tree/branch tip/master
git bisect  bad 81540b5937465348e9e623555e1c1e9dc7cf4434  # 06:27  B      0     3   36  18  Merge branch 'x86/pti'

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/lkp                          Intel Corporation

Download attachment "dmesg-quantal-ivb41-100:20180810052309:i386-randconfig-a0-201831:4.18.0-rc8-00061-ga13c600:870.gz" of type "application/gzip" (18072 bytes)

Download attachment "dmesg-yocto-ivb41-48:20180810054140:i386-randconfig-a0-201831:4.18.0-rc8-00060-ga29dba1:874.gz" of type "application/gzip" (21651 bytes)

View attachment "reproduce-quantal-ivb41-100:20180810052309:i386-randconfig-a0-201831:4.18.0-rc8-00061-ga13c600:870" of type "text/plain" (907 bytes)

View attachment "config-4.18.0-rc8-00061-ga13c600" of type "text/plain" (114076 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ