Bug 1498673 - x86/mm: Found insecure W+X mapping at address ... [NEEDINFO]
Summary: x86/mm: Found insecure W+X mapping at address ...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: kernel
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: FE-ExcludeArch-x86, F-ExcludeArch-x86
TreeView+ depends on / blocked
 
Reported: 2017-10-04 22:33 UTC by Dominik 'Rathann' Mierzejewski
Modified: 2018-08-29 15:20 UTC (History)
27 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-08-29 15:20:38 UTC
Type: Bug
jforbes: needinfo?


Attachments (Terms of Use)
full dmesg (64.39 KB, text/plain)
2017-10-04 22:33 UTC, Dominik 'Rathann' Mierzejewski
no flags Details

Description Dominik 'Rathann' Mierzejewski 2017-10-04 22:33:52 UTC
Created attachment 1334493 [details]
full dmesg

Description of problem:
[    3.964072] NX-protecting the kernel data: 6588k
[    3.964314] x86/mm: Found insecure W+X mapping at address c00a0000/0xc00a0000
[    3.964334] ------------[ cut here ]------------
[    3.964348] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:236 note_page+0x629/0x7e0
[    3.964350] Modules linked in:
[    3.964358] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.12.14-200.fc25.i686+PAE #1
[    3.964431] Hardware name: ASUSTeK Computer INC. 1000H/1000H, BIOS 2102    07/21/2009
[    3.964497] task: f7103240 task.stack: f7108000
[    3.964612] EIP: note_page+0x629/0x7e0
[    3.964616] EFLAGS: 00010246 CPU: 0
[    3.964620] EAX: 00000041 EBX: f7109f50 ECX: 00000001 EDX: da075c68
[    3.964624] ESI: 80000000 EDI: 00000000 EBP: f7109f1c ESP: f7109ef0
[    3.964629]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[    3.964634] CR0: 80050033 CR2: b7741df4 CR3: 1a061000 CR4: 000006f0
[    3.964637] Call Trace:
[    3.964702]  ptdump_walk_pgd_level_core+0x1f4/0x2d0
[    3.964766]  ptdump_walk_pgd_level_checkwx+0x16/0x20
[    3.964830]  mark_rodata_ro+0xd5/0x100
[    3.964891]  ? rest_init+0x70/0x70
[    3.964948]  kernel_init+0x2e/0xf0
[    3.965005]  ret_from_fork+0x19/0x24
[    3.965061] Code: fe ff ff 83 c2 0c c7 43 18 00 00 00 00 89 53 14 e9 ed fc ff ff 8b 43 0c c6 05 66 60 f3 d9 01 50 50 68 e8 64 d9 d9 e8 da 21 11 00 <0f> ff 83 c4 0c e9 37 fa ff ff ff 72 10 68 86 d0 d9 d9 e8 c3 21
[    3.965236] ---[ end trace 60112c8922b3cf4c ]---
[    3.965445] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

Version-Release number of selected component (if applicable):
kernel-4.12.14-200.fc25.i686+PAE

How reproducible:
Always.

Steps to Reproduce:
This happens on every boot on this machine (Asus EeePC 1000H, Intel(R) Atom(TM) CPU N270   @ 1.60GHz)

Additional info:
At first I thought it might be a return of bug 1306885, but this machine is too old to have EFI firmware.

Comment 1 Xiao, Liang 2017-11-15 15:23:19 UTC
On my systems(LENOVO ThinkCentre M8500t-N000) with Fedora27 installed, I see the similar call trace.

......
[    1.424774] x86/mm: Found insecure W+X mapping at address ffff880000000000/0xffff880000000000
[    1.424779] ------------[ cut here ]------------
[    1.424782] WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:236 note_page+0x644/0x830
[    1.424783] Modules linked in:
[    1.424785] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.13.12-300.fc27.x86_64 #1
[    1.424785] Hardware name: LENOVO ThinkCentre M8500t-N000/SHARKBAY, BIOS FBKTCAAUS 08/29/2016
[    1.424786] task: ffff880402e44c80 task.stack: ffffc90003abc000
[    1.424787] RIP: e030:note_page+0x644/0x830
[    1.424787] RSP: e02b:ffffc90003abfdf8 EFLAGS: 00010282
[    1.424788] RAX: 0000000000000051 RBX: ffffc90003abfe90 RCX: ffffffff81e591c8
[    1.424788] RDX: 0000000000000000 RSI: 0000000000000087 RDI: 0000000000000201
[    1.424789] RBP: ffffc90003abfe30 R08: 0000000000000287 R09: 0000000000000004
[    1.424789] R10: 0000000000100000 R11: 0000000000000001 R12: 0010000000000067
[    1.424790] R13: 0000000000000004 R14: 0000000000000000 R15: ffffc90003abfe90
[    1.424796] FS:  0000000000000000(0000) GS:ffff880408e40000(0000) knlGS:0000000000000000
[    1.424797] CS:  e033 DS: 0000 ES: 0000 CR0: 0000000080050033
[    1.424797] CR2: 0000000000000000 CR3: 0000000001e09000 CR4: 0000000000042660
[    1.424798] Call Trace:
[    1.424801]  ptdump_walk_pgd_level_core+0x3b1/0x490
[    1.424802]  ? 0xffffffff81000000
[    1.424803]  ptdump_walk_pgd_level_checkwx+0x17/0x20
[    1.424805]  mark_rodata_ro+0xf4/0x100
[    1.424808]  ? rest_init+0xc0/0xc0
[    1.424808]  kernel_init+0x2f/0x101
[    1.424810]  ret_from_fork+0x25/0x30
[    1.424811] Code: c6 22 00 41 f7 c7 00 01 00 00 0f 85 33 fe ff ff e9 9f fc ff ff 48 89 f2 48 c7 c7 70 f1 c7 81 c6 05 1e a7 f9 00 01 e8 6d 83 09 00 <0f> ff 48 8b 73 10 e9 52 fa ff ff 4d 89 c8 b9 10 00 00 00 be 10 
[    1.424823] ---[ end trace 637ce764f57a9c24 ]---
[    1.439677] x86/mm: Checked W+X mappings: FAILED, 4602 W+X pages found.
......

# uname -a
Linux dhcp-3-6.nay.redhat.com 4.13.12-300.fc27.x86_64 #1 SMP Wed Nov 8 16:38:01 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Comment 2 Dr. David Alan Gilbert 2018-01-16 18:23:30 UTC
Dominik: Interestingly I have the same 0xc00a0000 range on a KVM guest with the f27 i686+PAE kernel and 96 pages.

Xiao, Liang's may be the EFI one?

Comment 3 Dominik 'Rathann' Mierzejewski 2018-01-16 22:26:02 UTC
By the way, this is still happening on every boot even with the latest 4.14.13-200.fc26 kernel.

Comment 4 Laura Abbott 2018-02-28 03:57:12 UTC
We apologize for the inconvenience.  There is a large number of bugs to go through and several of them have gone stale. The kernel moves very fast so bugs may get fixed as part of a kernel update. Due to this, we are doing a mass bug update across all of the Fedora 26 kernel bugs.
 
Fedora 26 has now been rebased to 4.15.4-200.fc26.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.
 
If you have moved on to Fedora 27, and are still experiencing this issue, please change the version to Fedora 27.
 
If you experience different issues, please open a new bug report for those.

Comment 5 Dominik 'Rathann' Mierzejewski 2018-03-12 00:40:49 UTC
Still happening with 4.15.7-200.fc26.i686+PAE:

[    4.607551] NX-protecting the kernel data: 6220k
[    4.607772] ------------[ cut here ]------------
[    4.607783] x86/mm: Found insecure W+X mapping at address 7d896a06/0xc00a0000
[    4.607809] WARNING: CPU: 1 PID: 1 at arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0x860
[    4.607811] Modules linked in:
[    4.607820] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 4.15.7-200.fc26.i686+PAE #1
[    4.607893] Hardware name: ASUSTeK Computer INC. 1000H/1000H, BIOS 2102    07/21/2009
[    4.607962] EIP: note_page+0x670/0x860
[    4.607965] EFLAGS: 00010296 CPU: 1
[    4.607968] EAX: 00000041 EBX: f4105f4c ECX: 00000001 EDX: ced05ea8
[    4.607971] ESI: 80000000 EDI: 00000000 EBP: f4105f18 ESP: f4105eec
[    4.607975]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[    4.607978] CR0: 80050033 CR2: b7f105ac CR3: 0ecf2000 CR4: 000006f0
[    4.607983] Call Trace:
[    4.608045]  ptdump_walk_pgd_level_core+0x204/0x2e0
[    4.608045]  ptdump_walk_pgd_level_checkwx+0x18/0x20
[    4.608212]  mark_rodata_ro+0xd5/0xf7
[    4.608212]  ? rest_init+0xa0/0xa0
[    4.608212]  kernel_init+0x2e/0xf0
[    4.608212]  ret_from_fork+0x19/0x38
[    4.608212] Code: ce e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 31 65 a1 ce e9 16 fe ff ff 52 52 68 e0 65 a1 ce c6 05 26 8e bb ce 01 e8 90 89 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 e1
[    4.608212] ---[ end trace c90b89bc730862a8 ]---
[    4.609786] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

Comment 6 Fedora End Of Life 2018-05-03 08:28:24 UTC
This message is a reminder that Fedora 26 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 26. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '26'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 26 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 8 Dominik 'Rathann' Mierzejewski 2018-05-09 21:14:29 UTC
Still happening after dnf system-upgrade to F27 (kernel 4.16.6-202.fc27.i686+PAE):
[    4.676935] ------------[ cut here ]------------
[    4.676945] x86/mm: Found insecure W+X mapping at address db81f162/0xc00a0000
[    4.676969] WARNING: CPU: 0 PID: 1 at arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0x860
[    4.676971] Modules linked in:
[    4.676979] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.16.6-202.fc27.i686+PAE #1
[    4.677014] Hardware name: ASUSTeK Computer INC. 1000H/1000H, BIOS 2102    07/21/2009
[    4.677014] EIP: note_page+0x670/0x860
[    4.677014] EFLAGS: 00010296 CPU: 0
[    4.677014] EAX: 00000041 EBX: f3d11f4c ECX: 00000001 EDX: c9928ea8
[    4.677014] ESI: 80000000 EDI: 00000000 EBP: f3d11f18 ESP: f3d11eec
[    4.677014]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[    4.677014] CR0: 80050033 CR2: b7f9082c CR3: 09915000 CR4: 000006f0
[    4.677014] Call Trace:
[    4.677014]  ptdump_walk_pgd_level_core+0x2ac/0x2e0
[    4.677014]  ptdump_walk_pgd_level_checkwx+0x18/0x20
[    4.677014]  mark_rodata_ro+0xd5/0xf7
[    4.677014]  ? rest_init+0xa0/0xa0
[    4.677014]  kernel_init+0x33/0x100
[    4.677014]  ret_from_fork+0x19/0x38
[    4.677014] Code: c9 e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 4d 51 63 c9 e9 16 fe ff ff 52 52 68 fc 51 63 c9 c6 05 a6 a3 7d c9 01 e8 a0 8a 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 fd
[    4.677014] ---[ end trace 8fe6e57806e5e2a6 ]---
[    4.678078] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

Comment 9 Dominik 'Rathann' Mierzejewski 2018-05-12 10:26:07 UTC
On F28 there are no PAE kernels anymore and after booting a non-PAE i686 kernel this doesn't occur anymore.

Comment 10 Jeff Backus 2018-07-02 17:15:29 UTC
Hi Dominik,

I apologize - just found this. So it sounds like you are no longer experiencing this issue after upgrading to a non-PAE kernel, correct? If so do you mind if I close this?

Thanks!
jeff

Comment 11 Roman Joost 2018-07-12 06:06:51 UTC
Hi,

found this error today on a test run against Fedora-28 Server x86_64 running on a bare metal machine:

Checking dmesg for specific failures!
[    2.668177] ------------[ cut here ]------------
[    2.672800] x86/mm: Found insecure W+X mapping at address 00000000525c134b/0xffff884740000000
[    2.681339] WARNING: CPU: 2 PID: 1 at arch/x86/mm/dump_pagetables.c:266 note_page+0x625/0x640
[    2.689856] Modules linked in:
[    2.692916] CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.16.3-301.fc28.x86_64 #1
[    2.700221] Hardware name: Dell Computer Corporation PowerEdge 1850/0D8266, BIOS A01 09/02/2004
[    2.708910] RIP: 0010:note_page+0x625/0x640
[    2.713095] RSP: 0018:ffffa59c4019be40 EFLAGS: 00010286
[    2.718321] RAX: 0000000000000000 RBX: ffffa59c4019bec8 RCX: ffffffff9b253e88
[    2.725455] RDX: 0000000000000001 RSI: 0000000000000082 RDI: 0000000000000246
[    2.732587] RBP: 0000000000000000 R08: 203a6d6d2f363878 R09: 000000000000022b
[    2.739711] R10: 46203a6d6d2f3638 R11: 736e6920646e756f R12: 0000000000000061
[    2.746837] R13: 0000000000000005 R14: ffffa59c4019bec8 R15: ffff88475fa848e8
[    2.753964] FS:  0000000000000000(0000) GS:ffff88477fd00000(0000) knlGS:0000000000000000
[    2.762051] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[    2.767796] CR2: 00007f3bf952d6a8 CR3: 000000001f20a000 CR4: 00000000000006e0
[    2.774922] Call Trace:
[    2.777382]  ? ptdump_walk_pgd_level_core+0x33a/0x480
[    2.782432]  ? rest_init+0xaa/0xaa
[    2.785835]  ? ptdump_walk_pgd_level_checkwx+0x15/0x20
[    2.790976]  ? kernel_init+0x2c/0x105
[    2.794644]  ? ret_from_fork+0x35/0x40
[    2.798394] Code: 4b 18 e9 b1 fb ff ff 4c 89 f8 25 00 01 00 00 48 89 04 24 eb c7 48 89 f2 48 c7 c7 c0 b0 09 9b c6 05 ab 41 2c 01 01 e8 95 81 03 00 <0f> 0b 48 8b 73 10 e9 64 fa ff ff 4c 8b 4b 18 e9 79 fb ff ff e9 
[    2.817273] ---[ end trace 8bd7cef00df20fd9 ]---

End of log.

Comment 13 Dr. David Alan Gilbert 2018-07-12 08:09:06 UTC
(In reply to Roman Joost from comment #11)
> Hi,
> 
> found this error today on a test run against Fedora-28 Server x86_64 running
> on a bare metal machine:
> 
> Checking dmesg for specific failures!
> [    2.668177] ------------[ cut here ]------------
> [    2.672800] x86/mm: Found insecure W+X mapping at address
> 00000000525c134b/0xffff884740000000
> [    2.681339] WARNING: CPU: 2 PID: 1 at arch/x86/mm/dump_pagetables.c:266
> note_page+0x625/0x640
> [    2.689856] Modules linked in:
> [    2.692916] CPU: 2 PID: 1 Comm: swapper/0 Not tainted
> 4.16.3-301.fc28.x86_64 #1
> [    2.700221] Hardware name: Dell Computer Corporation PowerEdge
> 1850/0D8266, BIOS A01 09/02/2004
> [    2.708910] RIP: 0010:note_page+0x625/0x640
> [    2.713095] RSP: 0018:ffffa59c4019be40 EFLAGS: 00010286
> [    2.718321] RAX: 0000000000000000 RBX: ffffa59c4019bec8 RCX:
> ffffffff9b253e88
> [    2.725455] RDX: 0000000000000001 RSI: 0000000000000082 RDI:
> 0000000000000246
> [    2.732587] RBP: 0000000000000000 R08: 203a6d6d2f363878 R09:
> 000000000000022b
> [    2.739711] R10: 46203a6d6d2f3638 R11: 736e6920646e756f R12:
> 0000000000000061
> [    2.746837] R13: 0000000000000005 R14: ffffa59c4019bec8 R15:
> ffff88475fa848e8
> [    2.753964] FS:  0000000000000000(0000) GS:ffff88477fd00000(0000)
> knlGS:0000000000000000
> [    2.762051] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [    2.767796] CR2: 00007f3bf952d6a8 CR3: 000000001f20a000 CR4:
> 00000000000006e0
> [    2.774922] Call Trace:
> [    2.777382]  ? ptdump_walk_pgd_level_core+0x33a/0x480
> [    2.782432]  ? rest_init+0xaa/0xaa
> [    2.785835]  ? ptdump_walk_pgd_level_checkwx+0x15/0x20
> [    2.790976]  ? kernel_init+0x2c/0x105
> [    2.794644]  ? ret_from_fork+0x35/0x40
> [    2.798394] Code: 4b 18 e9 b1 fb ff ff 4c 89 f8 25 00 01 00 00 48 89 04
> 24 eb c7 48 89 f2 48 c7 c7 c0 b0 09 9b c6 05 ab 41 2c 01 01 e8 95 81 03 00
> <0f> 0b 48 8b 73 10 e9 64 fa ff ff 4c 8b 4b 18 e9 79 fb ff ff e9 
> [    2.817273] ---[ end trace 8bd7cef00df20fd9 ]---
> 
> End of log.

All the other reports in this bz are i686+PAE; so I suspect that one is a different cause (it wouldn't totally surprise if this case was a bios problem?)

Comment 14 Laura Abbott 2018-07-12 16:47:44 UTC
Yes, please open a separate bug for x86_64 warnings. I also 100% agree this might be BIOS related.

Comment 15 Roman Joost 2018-07-12 23:39:39 UTC
Thanks for the reply. Filed it as Bug 1600742. Sorry for the inconvenience this may have caused.

Comment 16 Justin M. Forbes 2018-07-23 15:29:46 UTC
*********** MASS BUG UPDATE **************

We apologize for the inconvenience.  There are a large number of bugs to go through and several of them have gone stale.  Due to this, we are doing a mass bug update across all of the Fedora 27 kernel bugs.

Fedora 27 has now been rebased to 4.17.7-100.fc27.  Please test this kernel update (or newer) and let us know if you issue has been resolved or if it is still present with the newer kernel.

If you have moved on to Fedora 28, and are still experiencing this issue, please change the version to Fedora 28.

If you experience different issues, please open a new bug report for those.

Comment 17 Justin M. Forbes 2018-08-29 15:20:38 UTC
*********** MASS BUG UPDATE **************
This bug is being closed with INSUFFICIENT_DATA as there has not been a response in 5 weeks. If you are still experiencing this issue, please reopen and attach the relevant data from the latest kernel you are running and any data that might have been requested previously.


Note You need to log in before you can comment on or make changes to this bug.