[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <5b6cc146.lVmfvLKHKgZxC5d8%lkp@intel.com>
Date: Fri, 10 Aug 2018 06:33:42 +0800
From: kernel test robot <lkp@...el.com>
To: Joerg Roedel <jroedel@...e.de>
Cc: LKP <lkp@...org>, linux-kernel@...r.kernel.org,
Thomas Gleixner <tglx@...utronix.de>
Subject: a13c600e15 ("x86/mm/pti: Move user W+X check into .."): WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page
Greetings,
0day kernel testing robot got the below dmesg and the first bad commit is
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git x86/pti
commit a13c600e15de44ccf03df28d3311ef3cb754ed9b
Author: Joerg Roedel <jroedel@...e.de>
AuthorDate: Wed Aug 8 13:16:40 2018 +0200
Commit: Thomas Gleixner <tglx@...utronix.de>
CommitDate: Thu Aug 9 20:42:07 2018 +0200
x86/mm/pti: Move user W+X check into pti_finalize()
The user page-table gets the updated kernel mappings in pti_finalize(),
which runs after the RO+X permissions got applied to the kernel page-table
in mark_readonly().
But with CONFIG_DEBUG_WX enabled, the user page-table is already checked in
mark_readonly() for insecure mappings. This causes false-positive
warnings, because the user page-table did not get the updated mappings yet.
Move the W+X check for the user page-table into pti_finalize() after it
updated all required mappings.
Signed-off-by: Joerg Roedel <jroedel@...e.de>
Signed-off-by: Thomas Gleixner <tglx@...utronix.de>
Cc: "H . Peter Anvin" <hpa@...or.com>
Cc: linux-mm@...ck.org
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andy Lutomirski <luto@...nel.org>
Cc: Dave Hansen <dave.hansen@...el.com>
Cc: Josh Poimboeuf <jpoimboe@...hat.com>
Cc: Juergen Gross <jgross@...e.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Borislav Petkov <bp@...en8.de>
Cc: Jiri Kosina <jkosina@...e.cz>
Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
Cc: Brian Gerst <brgerst@...il.com>
Cc: David Laight <David.Laight@...lab.com>
Cc: Denys Vlasenko <dvlasenk@...hat.com>
Cc: Eduardo Valentin <eduval@...zon.com>
Cc: Greg KH <gregkh@...uxfoundation.org>
Cc: Will Deacon <will.deacon@....com>
Cc: aliguori@...zon.com
Cc: daniel.gruss@...k.tugraz.at
Cc: hughd@...gle.com
Cc: keescook@...gle.com
Cc: Andrea Arcangeli <aarcange@...hat.com>
Cc: Waiman Long <llong@...hat.com>
Cc: Pavel Machek <pavel@....cz>
Cc: "David H . Gutteridge" <dhgutteridge@...patico.ca>
Cc: joro@...tes.org
Link: https://lkml.kernel.org/r/1533727000-9172-1-git-send-email-joro@8bytes.org
a29dba161a x86/relocs: Add __end_rodata_aligned to S_REL
a13c600e15 x86/mm/pti: Move user W+X check into pti_finalize()
81540b5937 Merge branch 'x86/pti'
+-----------------------------------------------------+------------+------------+------------+
| | a29dba161a | a13c600e15 | 81540b5937 |
+-----------------------------------------------------+------------+------------+------------+
| boot_successes | 64 | 0 | 0 |
| boot_failures | 0 | 43 | 35 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page | 0 | 43 | 35 |
| EIP:note_page | 0 | 43 | 35 |
+-----------------------------------------------------+------------+------------+------------+
[ 9.633348] Write protecting the kernel read-only data: 2560k
[ 9.634304] rodata_test: all tests were successful
[ 9.635329] x86/mm: Checking user space page tables
[ 9.636271] ------------[ cut here ]------------
[ 9.637045] x86/mm: Found insecure W+X mapping at address (ptrval)/0xffc01000
[ 9.638228] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:283 note_page+0x66b/0x870
[ 9.639857] Modules linked in:
[ 9.640375] CPU: 0 PID: 1 Comm: swapper Not tainted 4.18.0-rc8-00061-ga13c600 #870
[ 9.641608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
[ 9.642970] EIP: note_page+0x66b/0x870
[ 9.643589] Code: c6 00 10 00 00 75 d4 e9 0b fc ff ff 8b 43 0c c7 04 24 84 f4 7c 79 c6 05 82 ff 8f 79 01 89 44 24 08 89 44 24 04 e8 15 4d 00 00 <0f> 0b e9 bb fd ff ff 83 c2 0c 89 53 14 c7 43 18 00 00 00 00 e9 0d
[ 9.646710] EAX: 00000041 EBX: 8d037f4c ECX: 790332c0 EDX: 00000201
[ 9.647727] ESI: 00000000 EDI: 00000000 EBP: 8d037f24 ESP: 8d037ef4
[ 9.648745] DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068 EFLAGS: 00210286
[ 9.649861] CR0: 80050033 CR2: 7961fd7c CR3: 019c2000 CR4: 00000690
[ 9.650889] Call Trace:
[ 9.651304] ptdump_walk_pgd_level_core+0x25c/0x380
[ 9.652109] ? 0x79000000
[ 9.652548] ptdump_walk_user_pgd_level_checkwx+0x35/0x40
[ 9.653316] pti_finalize+0x68/0x70
[ 9.653702] ? rest_init+0xb0/0xb0
[ 9.654142] kernel_init+0x3b/0x110
[ 9.654526] ? schedule_tail_wrapper+0x9/0xc
[ 9.654999] ret_from_fork+0x2e/0x38
[ 9.655392] irq event stamp: 1756564
[ 9.655891] hardirqs last enabled at (1756563): [<79080c75>] console_unlock+0x405/0x590
[ 9.657293] hardirqs last disabled at (1756564): [<7960a964>] common_exception+0xf6/0x116
[ 9.658747] softirqs last enabled at (1755714): [<7960b091>] __do_softirq+0x1d1/0x205
[ 9.660065] softirqs last disabled at (1755707): [<79012997>] call_on_stack+0x47/0x60
[ 9.661267] ---[ end trace 77b3d4fa5b464bc9 ]---
[ 9.662063] x86/mm: Checked W+X mappings: FAILED, 8 W+X pages found.
# HH:MM RESULT GOOD BAD GOOD_BUT_DIRTY DIRTY_NOT_BAD
git bisect start e85b2d7cff5935e546bde680af031a845e540b3e 1ffaddd029c867d134a1dde39f540dcc8c52e274 --
git bisect bad fd42d9639f95a4efc31454eac7cfe528977460d4 # 03:24 B 0 1 29 13 Merge 'linux-review/zhouxianrong/zsmalloc-fix-linking-bug-in-init_zspage/20180810-024718' into devel-catchup-201808100258
git bisect good 33112e036381aaea4d96b0a3597d05ac8c0056c7 # 03:55 G 10 0 0 2 0day base guard for 'devel-catchup-201808100258'
git bisect bad 8db8f8032e729ba40be9d4dfef0729c9c4ac47ba # 04:05 B 0 1 18 2 Merge 'tip/x86/pti' into devel-catchup-201808100258
git bisect good b976690f5db26fbc7c2be413bfa0fbd270547a94 # 04:39 G 10 0 10 40 x86/mm/pti: Introduce pti_finalize()
git bisect good 6863ea0cda8725072522cd78bda332d9a0b73150 # 04:58 G 11 0 11 18 x86/mm: Remove in_nmi() warning from vmalloc_fault()
git bisect good 315706049c343794ad0d3e5b6f6b60b900457b11 # 05:06 G 11 0 1 1 Merge branch 'x86/pti-urgent' into x86/pti
git bisect good 16a3fe634f6a568c6234b8747e5d50487fed3526 # 05:15 G 11 0 1 1 x86/mm/pti: Clone kernel-image on PTE level for 32 bit
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 05:23 B 0 2 21 4 x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e # 05:39 G 10 0 0 0 x86/relocs: Add __end_rodata_aligned to S_REL
# first bad commit: [a13c600e15de44ccf03df28d3311ef3cb754ed9b] x86/mm/pti: Move user W+X check into pti_finalize()
git bisect good a29dba161ad1a01bbfbc80aa184b089ddd169a4e # 05:43 G 31 0 1 1 x86/relocs: Add __end_rodata_aligned to S_REL
# extra tests with debug options
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 05:49 B 0 1 16 0 x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests on HEAD of linux-devel/devel-catchup-201808100258
git bisect bad e85b2d7cff5935e546bde680af031a845e540b3e # 05:54 B 0 34 53 0 0day head guard for 'devel-catchup-201808100258'
# extra tests on tree/branch tip/x86/pti
git bisect bad a13c600e15de44ccf03df28d3311ef3cb754ed9b # 06:07 B 0 42 57 0 x86/mm/pti: Move user W+X check into pti_finalize()
# extra tests with first bad commit reverted
git bisect good ada51a550192bf1d3842d0e8b9335a56d062049a # 06:22 G 11 0 0 0 Revert "x86/mm/pti: Move user W+X check into pti_finalize()"
# extra tests on tree/branch tip/master
git bisect bad 81540b5937465348e9e623555e1c1e9dc7cf4434 # 06:27 B 0 3 36 18 Merge branch 'x86/pti'
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/lkp Intel Corporation
Download attachment "dmesg-quantal-ivb41-100:20180810052309:i386-randconfig-a0-201831:4.18.0-rc8-00061-ga13c600:870.gz" of type "application/gzip" (18072 bytes)
Download attachment "dmesg-yocto-ivb41-48:20180810054140:i386-randconfig-a0-201831:4.18.0-rc8-00060-ga29dba1:874.gz" of type "application/gzip" (21651 bytes)
View attachment "reproduce-quantal-ivb41-100:20180810052309:i386-randconfig-a0-201831:4.18.0-rc8-00061-ga13c600:870" of type "text/plain" (907 bytes)
View attachment "config-4.18.0-rc8-00061-ga13c600" of type "text/plain" (114076 bytes)
Powered by blists - more mailing lists