Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, Today I faced again the same isse with the same error. Searching web by term "x86/mm: Checked W+X mappings: FAILED" I stumbled upon this bug again. And no answers. After some hours working in my VM to try to fix this issue, I found the root cause. It is some bug between xen and grub. My VM is running on Stretch now, but it has been running Debian and been upgraded for a very long time. So it was running on grub version 1. After all the troubleshooting, I copied everything from a running rescue disk: kernel, initramfs, modules, etc. The only missing part was grub. So I upgraded to grub2 and... fixed! So this nasty problem is some bug on xen and grub version1, which can't handle something the new kernels have. I'm attaching the screenshot since the crash is to fast to save as text. Color blue wasn't intended, but made it very alike a BSD :) Vänliga hälsningar/Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro Note: if you failed to reach me, try my alternative mail " helio.loure...@gmail.com". I'm implementing DKIM on my mail server, so some disturbance is expected. On Wed, 26 Jul 2017 20:55:05 +0200 Helio Loureiro wrote: > Hi, > > I don't owe the server. Just have a VM that was running flawless with > Debian since Squeeze. > > And for the first time Debian became a sour option. > > I was going to compile another kernel when I found also kernel-package > isn't released because of unwatched issues. > > Best Regards, > Helio
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, I don't owe the server. Just have a VM that was running flawless with Debian since Squeeze. And for the first time Debian became a sour option. I was going to compile another kernel when I found also kernel-package isn't released because of unwatched issues. Best Regards, Helio
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
On Wed, 2017-07-26 at 19:23 +0200, Helio Loureiro wrote: > Hi, > > I already sent. Please provide a full serial log when booting with the bad kernel. Also please let us know what version of Xen you are running and whether this was running as a guest or as dom0. > And in the first post in this bug it says: > > " > When I boot my system with Xen, I get the following section in dmesg: [ 13.588386] WARNING: CPU: 18 PID: 1 at /build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 note_page+0x5e8/0x790 > [...] > [ 13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted 4.8.0-2-amd64 #1 > Debian 4.8.15-2 > [...] > But when I boot my system 'normally', ie without Xen, the error does > not > show up." > He clearly states it isn't booting. It is crashing. The original bug report was running the same kernel as the splat at the point where reportbug was run, so it is booting at least far enough to do that. See the "Kernel: Linux 4.8.0-2-amd64" in the original report, which is also in the warning message. There is no suggestion anywhere that it isn't booting in the original report, just that when it does boot this message appears in the logs. All he says is that this warning (he says "error", but that doesn't imply a boot failure either) doesn't appear with the normal kernel. See also the logs at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug= 852324#25 which show the system continuing to successfully boot after the splat. > How could that not be related? Because you are experiencing some other bug later on, or perhaps the check which resulting in a WARNING for the original poster has a bug in it which is causing a hang for you, please provide us with the information we need in order to diagnose which it is rather than continuing to assert that it is the same issue, otherwise no progress is going to happen here. Ian.
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, I already sent. And in the first post in this bug it says: " When I boot my system with Xen, I get the following section in dmesg: [ 13.588381] [ cut here ] [ 13.588386] WARNING: CPU: 18 PID: 1 at /build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 note_page+0x5e8/0x790 [ 13.588388] x86/mm: Found insecure W+X mapping at address 8800/0x8800 [ 13.588388] Modules linked in: [ 13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted 4.8.0-2-amd64 #1 Debian 4.8.15-2 [ 13.588392] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8 Series/Z10PA-D8 Series, BIOS 3202 04/18/2016 [ 13.588394] 0200 043f1514 8131f925 8802806b3de0 [ 13.588397] 81074ffe 8802806b3ed0 8802806b3e38 [ 13.588399] 0004 8802806b3ed0 [ 13.588401] Call Trace: [ 13.588406] [] ? dump_stack+0x5c/0x77 [ 13.588409] [] ? __warn+0xbe/0xe0 [ 13.588412] [] ? warn_slowpath_fmt+0x5f/0x80 [ 13.588415] [] ? vprintk_emit+0x349/0x530 [ 13.588417] [] ? note_page+0x5e8/0x790 [ 13.588419] [] ? ptdump_walk_pgd_level_core+0x2d5/0x400 [ 13.588423] [] ? kernel_init+0x26/0x100 [ 13.588425] [] ? ret_from_fork+0x1f/0x40 [ 13.588427] [] ? rest_init+0x80/0x80 [ 13.588428] ---[ end trace 98efce8be234f5b3 ]--- [ 13.608867] x86/mm: Checked W+X mappings: FAILED, 4602 W+X pages found. But when I boot my system 'normally', ie without Xen, the error does not show up." He clearly states it isn't booting. It is crashing. How could that not be related? Abs, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
On Wed, 2017-07-26 at 18:51 +0200, Helio Loureiro wrote: > Hi, > > It can't be. It is the same bug as describe in this one. > > If you read the first post, it can't boot and shows the same content > as in the bug I detected now on my system. Nowhere there does it say anything about failing to boot. Please boot a working kernel and use reportbug to file a new bug, describing your configuration (e.g. version of Xen etc) and please then attach your serial logs of the issue occurring. > So it isn't a new bug. Yes, it is. Ian.
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, It can't be. It is the same bug as describe in this one. If you read the first post, it can't boot and shows the same content as in the bug I detected now on my system. So it isn't a new bug. It was introduced since kernel 4.4 became available on upstream and not handled. Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, And `reportbug kernel` won't work cause it requires the system or kernel to be up and running. It isn't the case. This bug is leading the system to an outage on boot. Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
This option does not (per its intent) present booting, it is just a check & warning. There may be a bug with the check which is causing a failure to boot, but you are the first to report that aspect and that isn't what #852324 was about until now. Please use `reportbug kernel` to report a fresh bug describing your specific circumstances and your failure mode. Ian. On Wed, 2017-07-26 at 18:32 +0200, Helio Loureiro wrote: > Hi, > > VM doesn't boot with this parameter enabled, as confirmed by Linus > mail. So my upgraded to Stretch leaded to a complete system outage > because of this parameter. > > I held on kernel 3.19 from Jessie meanwhile. > > Best Regards, > Helio Loureiro > http://helio.loureiro.eng.br > https://se.linkedin.com/in/helioloureiro > http://twitter.com/helioloureiro > > > 2017-07-26 17:56 GMT+02:00 Ian Campbell: > > On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote: > > > Hi, > > > > > > As much it sounds correct to protect systems in this way, you > > broke > > > compatibility. I'm back to kernel 3.19 until this is fixed. > > > > > > So in order to have such parameter enabled, you should at the > > least > > > provide a bootparam option to toggle enabled or not. > > > > > > From my point of view as user, you should never break backward > > > compatibility, as bad is sounds in terms of security. And you > > should > > > never enforce it to users. > > > > Other than a single warning printed to dmesg during boot, what is > > actually broken for you? > > > > Ian. > > > >
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, VM doesn't boot with this parameter enabled, as confirmed by Linus mail. So my upgraded to Stretch leaded to a complete system outage because of this parameter. I held on kernel 3.19 from Jessie meanwhile. Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro 2017-07-26 17:56 GMT+02:00 Ian Campbell: > On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote: > > Hi, > > > > As much it sounds correct to protect systems in this way, you broke > > compatibility. I'm back to kernel 3.19 until this is fixed. > > > > So in order to have such parameter enabled, you should at the least > > provide a bootparam option to toggle enabled or not. > > > > From my point of view as user, you should never break backward > > compatibility, as bad is sounds in terms of security. And you should > > never enforce it to users. > > Other than a single warning printed to dmesg during boot, what is > actually broken for you? > > Ian. >
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote: > Hi, > > As much it sounds correct to protect systems in this way, you broke > compatibility. I'm back to kernel 3.19 until this is fixed. > > So in order to have such parameter enabled, you should at the least > provide a bootparam option to toggle enabled or not. > > From my point of view as user, you should never break backward > compatibility, as bad is sounds in terms of security. And you should > never enforce it to users. Other than a single warning printed to dmesg during boot, what is actually broken for you? Ian.
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote: > Hi, > > As much it sounds correct to protect systems in this way, you broke > compatibility. I'm back to kernel 3.19 until this is fixed. > > So in order to have such parameter enabled, you should at the least provide > a bootparam option to toggle enabled or not. > > From my point of view as user, you should never break backward > compatibility, as bad is sounds in terms of security. And you should never > enforce it to users. Whatever compatibility problem you're talking about, I don't believe it's related to CONFIG_DEBUG_WX. That only enables a warning at boot. Ben. -- Ben Hutchings Reality is just a crutch for people who can't handle science fiction. signature.asc Description: This is a digitally signed message part
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, As much it sounds correct to protect systems in this way, you broke compatibility. I'm back to kernel 3.19 until this is fixed. So in order to have such parameter enabled, you should at the least provide a bootparam option to toggle enabled or not. >From my point of view as user, you should never break backward compatibility, as bad is sounds in terms of security. And you should never enforce it to users. Best Regards, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro 2017-07-26 16:20 GMT+02:00 Ben Hutchings: > On Mon, 2017-07-24 at 20:18 +0200, Helio Loureiro wrote: > > Hi, > > > > First an errata: I don't see messages since March, not January as I > stated > > wrongly before. > > > > And I tracked similar messages on other distros and found a message from > > Linus himself about a way to avoid such error: > > > > https://lkml.org/lkml/2015/12/14/670 > > > > Checking standard Debian kernel settings, I can see it is indeed enabled. > > > > # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64 > > CONFIG_DEBUG_WX=y > > > > So is possible to delivery a correction kernel package with such > parameter > > disabled? > > This check catches a real security weakness in Xen. We won't disable > checking for it. Note that I did downgrade the severity of the warning > when running on Xen, since we know about it and don't expect it to be > fixed soon. > > Ben. > > -- > Ben Hutchings > Reality is just a crutch for people who can't handle science fiction. > >
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
On Mon, 2017-07-24 at 20:18 +0200, Helio Loureiro wrote: > Hi, > > First an errata: I don't see messages since March, not January as I stated > wrongly before. > > And I tracked similar messages on other distros and found a message from > Linus himself about a way to avoid such error: > > https://lkml.org/lkml/2015/12/14/670 > > Checking standard Debian kernel settings, I can see it is indeed enabled. > > # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64 > CONFIG_DEBUG_WX=y > > So is possible to delivery a correction kernel package with such parameter > disabled? This check catches a real security weakness in Xen. We won't disable checking for it. Note that I did downgrade the severity of the warning when running on Xen, since we know about it and don't expect it to be fixed soon. Ben. -- Ben Hutchings Reality is just a crutch for people who can't handle science fiction. signature.asc Description: This is a digitally signed message part
Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.
Hi, First an errata: I don't see messages since March, not January as I stated wrongly before. And I tracked similar messages on other distros and found a message from Linus himself about a way to avoid such error: https://lkml.org/lkml/2015/12/14/670 Checking standard Debian kernel settings, I can see it is indeed enabled. # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64 CONFIG_DEBUG_WX=y So is possible to delivery a correction kernel package with such parameter disabled? Thanks in advance, Helio Loureiro http://helio.loureiro.eng.br https://se.linkedin.com/in/helioloureiro http://twitter.com/helioloureiro