Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2018-08-15 Thread Helio Loureiro 
Hi,

Today I faced again the same isse with the same error.  Searching web by
term "x86/mm: Checked W+X mappings: FAILED" I stumbled upon this bug
again.  And no answers.

After some hours working in my  VM to try to fix this issue, I found the
root cause.  It is some bug between xen and grub.

My VM is running on Stretch now, but it has been running Debian and been
upgraded for a very long time.  So it was running on grub version 1.

After all the troubleshooting, I copied everything from a running rescue
disk: kernel, initramfs, modules, etc.  The only missing part was grub.  So
I upgraded to grub2 and... fixed!

So this nasty problem is some bug on xen and grub version1, which can't
handle something the new kernels have.

I'm attaching the screenshot since the crash is to fast to save as text.
Color blue wasn't intended, but made it very alike a BSD :)


Vänliga hälsningar/Best Regards,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro

Note: if you failed to reach me, try my alternative mail "
helio.loure...@gmail.com".
I'm implementing DKIM on my mail server, so some disturbance is expected.

On Wed, 26 Jul 2017 20:55:05 +0200 Helio Loureiro 
wrote:
> Hi,
>
> I don't owe the server. Just have a VM that was running flawless with
> Debian since Squeeze.
>
> And for the first time Debian became a sour option.
>
> I was going to compile another kernel when I found also kernel-package
> isn't released because of unwatched issues.
>
> Best Regards,
> Helio

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

I don't owe the server.  Just have a VM that was running flawless with
Debian since Squeeze.

And for the first time Debian became a sour option.

I was going to compile another kernel when I found also kernel-package
isn't released because of unwatched issues.

Best Regards,
Helio

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ian Campbell 
On Wed, 2017-07-26 at 19:23 +0200, Helio Loureiro wrote:
> Hi,
> 
> I already sent.

Please provide a full serial log when booting with the bad kernel.

Also please let us know what version of Xen you are running and whether
this was running as a guest or as dom0.

> And in the first post in this bug it says:
> 
> "
> When I boot my system with Xen, I get the following section in dmesg:
[   13.588386] WARNING: CPU: 18 PID: 1 at 
/build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225 
note_page+0x5e8/0x790
> [...]
> [   13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted 4.8.0-2-amd64 #1 
> Debian 4.8.15-2
> [...]
> But when I boot my system 'normally', ie without Xen, the error does
> not
> show up."
> He clearly states it isn't booting.  It is crashing.

The original bug report was running the same kernel as the splat at the
point where reportbug was run, so it is booting at least far enough to
do that. See the "Kernel: Linux 4.8.0-2-amd64" in the original report,
which is also in the warning message.

There is no suggestion anywhere that it isn't booting in the original
report, just that when it does boot this message appears in the logs.
All he says is that this warning (he says "error", but that doesn't
imply a boot failure either) doesn't appear with the normal kernel.

See also the logs at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=
852324#25 which show the system continuing to successfully boot after
the splat.

> How could that not be related?

Because you are experiencing some other bug later on, or perhaps the
check which resulting in a WARNING for the original poster has a bug in
it which is causing a hang for you, please provide us with the
information we need in order to diagnose which it is rather than
continuing to assert that it is the same issue, otherwise no progress
is going to happen here.

Ian.

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

I already sent.

And in the first post in this bug it says:

"

When I boot my system with Xen, I get the following section in dmesg:

[   13.588381] [ cut here ]
[   13.588386] WARNING: CPU: 18 PID: 1 at
/build/linux-zDY19G/linux-4.8.15/arch/x86/mm/dump_pagetables.c:225
note_page+0x5e8/0x790
[   13.588388] x86/mm: Found insecure W+X mapping at address
8800/0x8800
[   13.588388] Modules linked in:
[   13.588392] CPU: 18 PID: 1 Comm: swapper/0 Not tainted
4.8.0-2-amd64 #1 Debian 4.8.15-2
[   13.588392] Hardware name: ASUSTeK COMPUTER INC. Z10PA-D8
Series/Z10PA-D8 Series, BIOS 3202 04/18/2016
[   13.588394]  0200 043f1514 8131f925
8802806b3de0
[   13.588397]   81074ffe 8802806b3ed0
8802806b3e38
[   13.588399]  0004  8802806b3ed0

[   13.588401] Call Trace:
[   13.588406]  [] ? dump_stack+0x5c/0x77
[   13.588409]  [] ? __warn+0xbe/0xe0
[   13.588412]  [] ? warn_slowpath_fmt+0x5f/0x80
[   13.588415]  [] ? vprintk_emit+0x349/0x530
[   13.588417]  [] ? note_page+0x5e8/0x790
[   13.588419]  [] ? ptdump_walk_pgd_level_core+0x2d5/0x400
[   13.588423]  [] ? kernel_init+0x26/0x100
[   13.588425]  [] ? ret_from_fork+0x1f/0x40
[   13.588427]  [] ? rest_init+0x80/0x80
[   13.588428] ---[ end trace 98efce8be234f5b3 ]---
[   13.608867] x86/mm: Checked W+X mappings: FAILED, 4602 W+X pages found.

But when I boot my system 'normally', ie without Xen, the error does not
show up."

He clearly states it isn't booting.  It is crashing.

How could that not be related?

Abs,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ian Campbell 
On Wed, 2017-07-26 at 18:51 +0200, Helio Loureiro wrote:
> Hi,
> 
> It can't be.  It is the same bug as describe in this one.
> 
> If you read the first post, it can't boot and shows the same content
> as in the bug I detected now on my system.

Nowhere there does it say anything about failing to boot.

Please boot a working kernel and use reportbug to file a new bug,
describing your configuration (e.g. version of Xen etc) and please then
attach your serial logs of the issue occurring.

> So it isn't a new bug.

Yes, it is.

Ian.

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

It can't be.  It is the same bug as describe in this one.

If you read the first post, it can't boot and shows the same content as in
the bug I detected now on my system.

So it isn't a new bug.  It was introduced since kernel 4.4 became available
on upstream and not handled.

Best Regards,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

And `reportbug  kernel` won't work cause it requires the system or kernel
to be up and running.  It isn't the case.  This bug is leading the system
to an outage on boot.

Best Regards,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ian Campbell 
This option does not (per its intent) present booting, it is just a
check & warning.

There may be a bug with the check which is causing a failure to boot,
but you are the first to report that aspect and that isn't what #852324
was about until now.

Please use `reportbug kernel` to report a fresh bug describing your
specific circumstances and your failure mode.

Ian.

On Wed, 2017-07-26 at 18:32 +0200, Helio Loureiro wrote:
> Hi,
> 
> VM doesn't boot with this parameter enabled, as confirmed by Linus
> mail.  So my upgraded to Stretch leaded to a complete system outage
> because of this parameter.
> 
> I held on kernel 3.19 from Jessie meanwhile.
> 
> Best Regards,
> Helio Loureiro
> http://helio.loureiro.eng.br
> https://se.linkedin.com/in/helioloureiro
> http://twitter.com/helioloureiro
> 
> 
> 2017-07-26 17:56 GMT+02:00 Ian Campbell :
> > On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote:
> > > Hi,
> > >
> > > As much it sounds correct to protect systems in this way, you
> > broke
> > > compatibility.  I'm back to kernel 3.19 until this is fixed.
> > >
> > > So in order to have such parameter enabled, you should at the
> > least
> > > provide a bootparam option to toggle enabled or not.
> > >
> > > From my point of view as user, you should never break backward
> > > compatibility, as bad is sounds in terms of security.  And you
> > should
> > > never enforce it to users.
> > 
> > Other than a single warning printed to dmesg during boot, what is
> > actually broken for you?
> > 
> > Ian.
> > 
> 
>

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

VM doesn't boot with this parameter enabled, as confirmed by Linus mail.
So my upgraded to Stretch leaded to a complete system outage because of
this parameter.

I held on kernel 3.19 from Jessie meanwhile.

Best Regards,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro


2017-07-26 17:56 GMT+02:00 Ian Campbell :

> On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote:
> > Hi,
> >
> > As much it sounds correct to protect systems in this way, you broke
> > compatibility.  I'm back to kernel 3.19 until this is fixed.
> >
> > So in order to have such parameter enabled, you should at the least
> > provide a bootparam option to toggle enabled or not.
> >
> > From my point of view as user, you should never break backward
> > compatibility, as bad is sounds in terms of security.  And you should
> > never enforce it to users.
>
> Other than a single warning printed to dmesg during boot, what is
> actually broken for you?
>
> Ian.
>

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ian Campbell 
On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote:
> Hi,
> 
> As much it sounds correct to protect systems in this way, you broke
> compatibility.  I'm back to kernel 3.19 until this is fixed.
> 
> So in order to have such parameter enabled, you should at the least
> provide a bootparam option to toggle enabled or not.
> 
> From my point of view as user, you should never break backward
> compatibility, as bad is sounds in terms of security.  And you should
> never enforce it to users.

Other than a single warning printed to dmesg during boot, what is
actually broken for you?

Ian.

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ben Hutchings 
On Wed, 2017-07-26 at 17:13 +0200, Helio Loureiro wrote:
> Hi,
> 
> As much it sounds correct to protect systems in this way, you broke
> compatibility.  I'm back to kernel 3.19 until this is fixed.
> 
> So in order to have such parameter enabled, you should at the least provide
> a bootparam option to toggle enabled or not.
> 
> From my point of view as user, you should never break backward
> compatibility, as bad is sounds in terms of security.  And you should never
> enforce it to users.

Whatever compatibility problem you're talking about, I don't believe
it's related to CONFIG_DEBUG_WX.  That only enables a warning at boot.

Ben.

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.



signature.asc
Description: This is a digitally signed message part

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Helio Loureiro 
Hi,

As much it sounds correct to protect systems in this way, you broke
compatibility.  I'm back to kernel 3.19 until this is fixed.

So in order to have such parameter enabled, you should at the least provide
a bootparam option to toggle enabled or not.

>From my point of view as user, you should never break backward
compatibility, as bad is sounds in terms of security.  And you should never
enforce it to users.

Best Regards,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro


2017-07-26 16:20 GMT+02:00 Ben Hutchings :

> On Mon, 2017-07-24 at 20:18 +0200, Helio Loureiro wrote:
> > Hi,
> >
> > First an errata: I don't see messages since March, not January as I
> stated
> > wrongly before.
> >
> > And I tracked similar messages on other distros and found a message from
> > Linus himself about a way to avoid such error:
> >
> > https://lkml.org/lkml/2015/12/14/670
> >
> > Checking standard Debian kernel settings, I can see it is indeed enabled.
> >
> > # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64
> > CONFIG_DEBUG_WX=y
> >
> > So is possible to delivery a correction kernel package with such
> parameter
> > disabled?
>
> This check catches a real security weakness in Xen.  We won't disable
> checking for it.  Note that I did downgrade the severity of the warning
> when running on Xen, since we know about it and don't expect it to be
> fixed soon.
>
> Ben.
>
> --
> Ben Hutchings
> Reality is just a crutch for people who can't handle science fiction.
>
>

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-26 Thread Ben Hutchings 
On Mon, 2017-07-24 at 20:18 +0200, Helio Loureiro wrote:
> Hi,
> 
> First an errata: I don't see messages since March, not January as I stated
> wrongly before.
> 
> And I tracked similar messages on other distros and found a message from
> Linus himself about a way to avoid such error:
> 
> https://lkml.org/lkml/2015/12/14/670
> 
> Checking standard Debian kernel settings, I can see it is indeed enabled.
> 
> # grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64
> CONFIG_DEBUG_WX=y
> 
> So is possible to delivery a correction kernel package with such parameter
> disabled?

This check catches a real security weakness in Xen.  We won't disable
checking for it.  Note that I did downgrade the severity of the warning
when running on Xen, since we know about it and don't expect it to be
fixed soon.

Ben.

-- 
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.



signature.asc
Description: This is a digitally signed message part

Bug#852324: Disable CONFIG_DEBUG_WX in order to avoid this issue.

2017-07-24 Thread Helio Loureiro 
Hi,

First an errata: I don't see messages since March, not January as I stated
wrongly before.

And I tracked similar messages on other distros and found a message from
Linus himself about a way to avoid such error:

https://lkml.org/lkml/2015/12/14/670

Checking standard Debian kernel settings, I can see it is indeed enabled.

# grep CONFIG_DEBUG_WX /boot/config-4.9.0-3-amd64
CONFIG_DEBUG_WX=y

So is possible to delivery a correction kernel package with such parameter
disabled?

Thanks in advance,
Helio Loureiro
http://helio.loureiro.eng.br
https://se.linkedin.com/in/helioloureiro
http://twitter.com/helioloureiro