x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000

Bug #1813532 reported by Juerg Haefliger on 2019-01-28
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Unassigned
Cosmic
Medium
Unassigned

Bug Description

== SRU Justification ==

Booting an i386 Bionic kernel in a VM with a 64-bit CPU leads to:

[ 1.074702] Freeing unused kernel memory: 1092K
[ 1.084027] Write protecting the kernel text: 8836k
[ 1.085115] Write protecting the kernel read-only data: 3480k
[ 1.086361] NX-protecting the kernel data: 7548k
[ 1.087457] ------------[ cut here ]------------
[ 1.088400] x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
[ 1.089738] WARNING: CPU: 0 PID: 1 at /build/linux-bnzN1b/linux-4.15.0/arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0x860
[ 1.091893] Modules linked in:
[ 1.092522] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-43-generic #46-Ubuntu
[ 1.094362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 1.096279] EIP: note_page+0x670/0x860
[ 1.097012] EFLAGS: 00010282 CPU: 0
[ 1.097807] EAX: 00000041 EBX: df4fbf44 ECX: 000001ba EDX: 00000000
[ 1.099083] ESI: 80000000 EDI: 00000000 EBP: df4fbf10 ESP: df4fbee4
[ 1.100328] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1.101418] CR0: 80050033 CR2: b7d99092 CR3: 0ce16000 CR4: 000006f0
[ 1.102693] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1.103928] DR6: fffe0ff0 DR7: 00000400
[ 1.104733] Call Trace:
[ 1.105316] ptdump_walk_pgd_level_core+0x2ac/0x2e0
[ 1.106266] ptdump_walk_pgd_level_checkwx+0x18/0x20
[ 1.107207] mark_rodata_ro+0xf5/0x117
[ 1.107947] ? rest_init+0xa0/0xa0
[ 1.108627] kernel_init+0x33/0xf0
[ 1.109300] ret_from_fork+0x2e/0x38
[ 1.110016] Code: cc e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 fe ae ae cc e9 16 fe ff ff 52 52 68 ac af ae cc c6 05 a8 a8 cb cc 01 e8 40 74 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 ae
[ 1.113395] ---[ end trace 0dce1996d96c40bb ]---
[ 1.114324] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.

== Fix ==

Backport commit c200dac78fec ("x86/mm: Do not warn about PCI BIOS W+X mappings").

== Regression Potential ==

Low. The patch only modifies debugging output.

== Test Case ==

To reproduce, boot an i386 kernel in QEMU with '-cpu qemu64' and check the kernel logs.

Juerg Haefliger (juergh) on 2019-01-28
Changed in linux (Ubuntu):
status: New → Confirmed
status: Confirmed → New

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1813532

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: bionic
Juerg Haefliger (juergh) on 2019-01-28
description: updated
Stefan Bader (smb) on 2019-01-28
Changed in linux (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
status: New → Fix Committed
Changed in linux (Ubuntu Cosmic):
status: New → Fix Committed
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
Brad Figg (brad-figg) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Juerg Haefliger (juergh) on 2019-02-18
tags: added: verification-done-bionic
removed: verification-needed-bionic
tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Juerg Haefliger (juergh) wrote :

Successfully tested both kernels.

Launchpad Janitor (janitor) wrote :
Download full text (11.4 KiB)

This bug was fixed in the package linux - 4.15.0-46.49

---------------
linux (4.15.0-46.49) bionic; urgency=medium

  * linux: 4.15.0-46.49 -proposed tracker (LP: #1814726)

  * mprotect fails on ext4 with dax (LP: #1799237)
    - x86/speculation/l1tf: Exempt zeroed PTEs from inversion

  * kernel BUG at /build/linux-vxxS7y/linux-4.15.0/mm/slub.c:296! (LP: #1812086)
    - iscsi target: fix session creation failure handling
    - scsi: iscsi: target: Set conn->sess to NULL when iscsi_login_set_conn_values
      fails
    - scsi: iscsi: target: Fix conn_ops double free

  * user_copy in user from ubuntu_kernel_selftests failed on KVM kernel
    (LP: #1812198)
    - selftests: user: return Kselftest Skip code for skipped tests
    - selftests: kselftest: change KSFT_SKIP=4 instead of KSFT_PASS
    - selftests: kselftest: Remove outdated comment

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * SRU: Fix thinkpad 11e 3rd boot hang (LP: #1804604)
    - ACPI / LPSS: Force LPSS quirks on boot

  * Bionic update: upstream stable patchset 2019-01-17 (LP: #1812229)
    - scsi: sd_zbc: Fix variable type and bogus comment
    - KVM/Eventfd: Avoid crash when assign and deassign specific eventfd in
      parallel.
    - x86/apm: Don't access __preempt_count with zeroed fs
    - x86/events/intel/ds: Fix bts_interrupt_threshold alignment
    - x86/MCE: Remove min interval polling limitation
    - fat: fix memory allocation failure handling of match_strdup()
    - ALSA: hda/realtek - Add Panasonic CF-SZ6 headset jack quirk
    - ARCv2: [plat-hsdk]: Save accl reg pair by default
    - ARC: Fix CONFIG_SWAP
    - ARC: configs: Remove CONFIG_INITRAMFS_SOURCE from defconfigs
    - ARC: mm: allow mprotect to make stack mappings executable
    - mm: memcg: fix use after free in mem_cgroup_iter()
    - mm/huge_memory.c: fix data loss when splitting a file pmd
    - cpufreq: intel_pstate: Register when ACPI PCCH is present
    - vfio/pci: Fix potential Spectre v1
    - stop_machine: Disable preemption when waking two stopper threads
    - drm/i915: Fix hotplug irq ack on i965/g4x
    - drm/nouveau: Use drm_connector_list_iter_* for iterating connectors
    - drm/nouveau: Avoid looping through fake MST connectors
    - gen_stats: Fix netl...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package linux - 4.18.0-16.17

---------------
linux (4.18.0-16.17) cosmic; urgency=medium

  * linux: 4.18.0-16.17 -proposed tracker (LP: #1814749)

  * Packaging resync (LP: #1786013)
    - [Packaging] update helper scripts

  * CVE-2018-16880
    - vhost: fix OOB in get_rx_bufs()

  * RTL8822BE WiFi Disabled in Kernel 4.18.0-12 (LP: #1806472)
    - SAUCE: staging: rtlwifi: allow RTLWIFI_DEBUG_ST to be disabled
    - [Config] CONFIG_RTLWIFI_DEBUG_ST=n
    - SAUCE: Add r8822be to signature inclusion list

  * kernel oops in bcache module (LP: #1793901)
    - SAUCE: bcache: never writeback a discard operation

  * CVE-2018-18397
    - userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
    - userfaultfd: shmem: allocate anonymous memory for MAP_PRIVATE shmem
    - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas
    - userfaultfd: shmem: add i_size checks
    - userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

  * Ignore "incomplete report" from Elan touchpanels (LP: #1813733)
    - HID: i2c-hid: Ignore input report if there's no data present on Elan
      touchpanels

  * Vsock connect fails with ENODEV for large CID (LP: #1813934)
    - vhost/vsock: fix vhost vsock cid hashing inconsistent

  * Fix non-working pinctrl-intel (LP: #1811777)
    - pinctrl: intel: Do pin translation in other GPIO operations as well

  * ip6_gre: fix tunnel list corruption for x-netns (LP: #1812875)
    - ip6_gre: fix tunnel list corruption for x-netns

  * Backported commit breaks audio (fixed upstream) (LP: #1811566)
    - ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Clapper
    - ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook
      Gnawty

  * kvm_stat : missing python dependency (LP: #1798776)
    - tools/kvm_stat: switch to python3

  * [SRU] Fix Xorg crash with nomodeset when BIOS enable 64-bit fb addr
    (LP: #1812797)
    - vgaarb: Add support for 64-bit frame buffer address
    - vgaarb: Keep adding VGA device in queue

  * Fix non-working QCA Rome Bluetooth after S3 (LP: #1812812)
    - USB: Add new USB LPM helpers
    - USB: Consolidate LPM checks to avoid enabling LPM twice

  * [SRU] IO's are issued with incorrect Scatter Gather Buffer (LP: #1795453)
    - scsi: megaraid_sas: Use 63-bit DMA addressing

  * x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
    (LP: #1813532)
    - x86/mm: Do not warn about PCI BIOS W+X mappings

  * CVE-2019-6133
    - fork: record start_time late

  * Fix not working Goodix touchpad (LP: #1811929)
    - HID: i2c-hid: Disable runtime PM on Goodix touchpad

  * bluetooth controller not detected with 4.15 kernel (LP: #1810797)
    - SAUCE: btqcomsmd: introduce BT_QCOMSMD_HACK
    - [Config] arm64: snapdragon: BT_QCOMSMD_HACK=y

  * X1 Extreme: only one of the two SSDs is loaded (LP: #1811755)
    - nvme-core: rework a NQN copying operation
    - nvme: pad fake subsys NQN vid and ssvid with zeros
    - nvme: introduce NVME_QUIRK_IGNORE_DEV_SUBNQN

  * Crash on "ip link add f...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers