[x86/mm] e1a58320a3 WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page()

2017-02-17 Thread Fengguang Wu 
Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley 
AuthorDate: Mon Oct 5 12:55:20 2015 -0400
Commit: Ingo Molnar 
CommitDate: Tue Oct 6 11:11:48 2015 +0200

 x86/mm: Warn on W^X mappings
 
 Warn on any residual W+X mappings after setting NX
 if DEBUG_WX is enabled.  Introduce a separate
 X86_PTDUMP_CORE config that enables the code for
 dumping the page tables without enabling the debugfs
 interface, so that DEBUG_WX can be enabled without
 exposing the debugfs interface.  Switch EFI_PGT_DUMP
 to using X86_PTDUMP_CORE so that it also does not require
 enabling the debugfs interface.
 
 On success it prints this to the kernel log:
 
   x86/mm: Checked W+X mappings: passed, no W+X pages found.
 
 On failure it prints a warning and a count of the failed pages:
 
   [ cut here ]
   WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:226 
note_page+0x610/0x7b0()
   x86/mm: Found insecure W+X mapping at address 
81755000/__stop___ex_table+0xfa8/0xabfa8
   [...]
   Call Trace:
[] dump_stack+0x44/0x55
[] warn_slowpath_common+0x82/0xc0
[] warn_slowpath_fmt+0x5c/0x80
[] ? note_page+0x5c9/0x7b0
[] note_page+0x610/0x7b0
[] ptdump_walk_pgd_level_core+0x259/0x3c0
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
   ---[ end trace a1f23a1e42a2ac76 ]---
   x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
 
 Signed-off-by: Stephen Smalley 
 Acked-by: Kees Cook 
 Cc: Andy Lutomirski 
 Cc: Arjan van de Ven 
 Cc: Borislav Petkov 
 Cc: Brian Gerst 
 Cc: Denys Vlasenko 
 Cc: H. Peter Anvin 
 Cc: Linus Torvalds 
 Cc: Mike Galbraith 
 Cc: Peter Zijlstra 
 Cc: Thomas Gleixner 
 Cc: linux-kernel@vger.kernel.org
 Link: 
http://lkml.kernel.org/r/1444064120-11450-1-git-send-email-...@tycho.nsa.gov
 [ Improved the Kconfig help text and made the new option default-y
   if CONFIG_DEBUG_RODATA=y, because it already found buggy mappings,
   so we really want people to have this on by default. ]
 Signed-off-by: Ingo Molnar 

+---++++
|   | 38a413cbc2 | 
e1a58320a3 | 9cad9cbdbe |
+---++++
| boot_successes| 83 | 0
  | 8  |
| boot_failures | 0  | 27   
  | 27 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page() | 0  | 27   
  ||
| calltrace:mark_rodata_ro  | 0  | 27   
  ||
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page   | 0  | 0
  | 27 |
+---++++

[8.115747] Write protecting the kernel read-only data: 3280k
[8.116626] NX-protecting the kernel data: 7824k
[8.118416] [ cut here ]
[8.119156] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:225 
note_page+0x18f/0x51b()
[8.120705] x86/mm: Found insecure W+X mapping at address c00a/0xc00a
[8.121786] Modules linked in:
[8.122284] CPU: 0 PID: 1 Comm: swapper Not tainted 4.3.0-rc3-00013-ge1a5832 
#119
[8.123424]   d5081ed0 d5081ea8 c13bc54f d5081ec0 c107dae0 c106e078 
d5081f50
[8.124794]  0163 0002 d5081ed8 c107dbf5 0009 d5081ed0 c1ad925a 
d5081eec
[8.126149]  d5081f1c c106e078 c1ad9290 00e1 c1ad925a c00a c00a 

[8.127520] Call Trace:
[8.127919]  [] dump_stack+0x40/0x5e
[8.128606]  [] warn_slowpath_common+0xd4/0x115
[8.129425]  [] ? note_page+0x18f/0x51b
[8.130170]  [] warn_slowpath_fmt+0x42/0x54
[8.130956]  [] note_page+0x18f/0x51b
[8.131662]  [] ptdump_walk_pgd_level_core+0x2a6/0x46d
[8.132582]  [] ptdump_walk_pgd_level_checkwx+0x1f/0x2f
[8.133515]  [] mark_rodata_ro+0x1a4/0x1ba
[8.134287]  [] kernel_init+0x4f/0x1e7
[8.135000]  [] ret_from_kernel_thread+0x20/0x30
[8.135838]  []

[x86/mm] e1a58320a3 WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:225 note_page()

2017-02-17 Thread Fengguang Wu 
Greetings,

0day kernel testing robot got the below dmesg and the first bad commit is

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

commit e1a58320a38dfa72be48a0f1a3a92273663ba6db
Author: Stephen Smalley 
AuthorDate: Mon Oct 5 12:55:20 2015 -0400
Commit: Ingo Molnar 
CommitDate: Tue Oct 6 11:11:48 2015 +0200

 x86/mm: Warn on W^X mappings
 
 Warn on any residual W+X mappings after setting NX
 if DEBUG_WX is enabled.  Introduce a separate
 X86_PTDUMP_CORE config that enables the code for
 dumping the page tables without enabling the debugfs
 interface, so that DEBUG_WX can be enabled without
 exposing the debugfs interface.  Switch EFI_PGT_DUMP
 to using X86_PTDUMP_CORE so that it also does not require
 enabling the debugfs interface.
 
 On success it prints this to the kernel log:
 
   x86/mm: Checked W+X mappings: passed, no W+X pages found.
 
 On failure it prints a warning and a count of the failed pages:
 
   [ cut here ]
   WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:226 
note_page+0x610/0x7b0()
   x86/mm: Found insecure W+X mapping at address 
81755000/__stop___ex_table+0xfa8/0xabfa8
   [...]
   Call Trace:
[] dump_stack+0x44/0x55
[] warn_slowpath_common+0x82/0xc0
[] warn_slowpath_fmt+0x5c/0x80
[] ? note_page+0x5c9/0x7b0
[] note_page+0x610/0x7b0
[] ptdump_walk_pgd_level_core+0x259/0x3c0
[] ptdump_walk_pgd_level_checkwx+0x17/0x20
[] mark_rodata_ro+0xf5/0x100
[] ? rest_init+0x80/0x80
[] kernel_init+0x1d/0xe0
[] ret_from_fork+0x3f/0x70
[] ? rest_init+0x80/0x80
   ---[ end trace a1f23a1e42a2ac76 ]---
   x86/mm: Checked W+X mappings: FAILED, 171 W+X pages found.
 
 Signed-off-by: Stephen Smalley 
 Acked-by: Kees Cook 
 Cc: Andy Lutomirski 
 Cc: Arjan van de Ven 
 Cc: Borislav Petkov 
 Cc: Brian Gerst 
 Cc: Denys Vlasenko 
 Cc: H. Peter Anvin 
 Cc: Linus Torvalds 
 Cc: Mike Galbraith 
 Cc: Peter Zijlstra 
 Cc: Thomas Gleixner 
 Cc: linux-kernel@vger.kernel.org
 Link: 
http://lkml.kernel.org/r/1444064120-11450-1-git-send-email-...@tycho.nsa.gov
 [ Improved the Kconfig help text and made the new option default-y
   if CONFIG_DEBUG_RODATA=y, because it already found buggy mappings,
   so we really want people to have this on by default. ]
 Signed-off-by: Ingo Molnar 

+---++++
|   | 38a413cbc2 | 
e1a58320a3 | 9cad9cbdbe |
+---++++
| boot_successes| 83 | 0
  | 8  |
| boot_failures | 0  | 27   
  | 27 |
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page() | 0  | 27   
  ||
| calltrace:mark_rodata_ro  | 0  | 27   
  ||
| WARNING:at_arch/x86/mm/dump_pagetables.c:#note_page   | 0  | 0
  | 27 |
+---++++

[8.115747] Write protecting the kernel read-only data: 3280k
[8.116626] NX-protecting the kernel data: 7824k
[8.118416] [ cut here ]
[8.119156] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:225 
note_page+0x18f/0x51b()
[8.120705] x86/mm: Found insecure W+X mapping at address c00a/0xc00a
[8.121786] Modules linked in:
[8.122284] CPU: 0 PID: 1 Comm: swapper Not tainted 4.3.0-rc3-00013-ge1a5832 
#119
[8.123424]   d5081ed0 d5081ea8 c13bc54f d5081ec0 c107dae0 c106e078 
d5081f50
[8.124794]  0163 0002 d5081ed8 c107dbf5 0009 d5081ed0 c1ad925a 
d5081eec
[8.126149]  d5081f1c c106e078 c1ad9290 00e1 c1ad925a c00a c00a 

[8.127520] Call Trace:
[8.127919]  [] dump_stack+0x40/0x5e
[8.128606]  [] warn_slowpath_common+0xd4/0x115
[8.129425]  [] ? note_page+0x18f/0x51b
[8.130170]  [] warn_slowpath_fmt+0x42/0x54
[8.130956]  [] note_page+0x18f/0x51b
[8.131662]  [] ptdump_walk_pgd_level_core+0x2a6/0x46d
[8.132582]  [] ptdump_walk_pgd_level_checkwx+0x1f/0x2f
[8.133515]  [] mark_rodata_ro+0x1a4/0x1ba
[8.134287]  [] kernel_init+0x4f/0x1e7
[8.135000]  [] ret_from_kernel_thread+0x20/0x30
[8.135838]  [] ? rest_init+0x158/0x158
[8.136562] ---[ end trace 01b3950ee29e5eb2 ]---
[8.137417] x86/mm: Checked W+X mappings: FAILED, 6893 W+X pages found.

git bisect start v4.4 v4.3 --
git bisect  bad cd6caf550a2adc763c6301ecc0be01f422fb2aea  # 01:50  0-  
7  Merge tag 'for-linus-4.4' of