2019-01-28 07:56:15 |
Juerg Haefliger |
bug |
|
|
added bug |
2019-01-28 07:56:24 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Bionic |
|
2019-01-28 07:56:30 |
Juerg Haefliger |
linux (Ubuntu): status |
New |
Confirmed |
|
2019-01-28 07:56:35 |
Juerg Haefliger |
linux (Ubuntu): status |
Confirmed |
New |
|
2019-01-28 08:00:06 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
2019-01-28 08:00:07 |
Ubuntu Kernel Bot |
tags |
|
bionic |
|
2019-01-28 12:59:12 |
Juerg Haefliger |
description |
Booting an i386 Bionic kernel in a VM leads to:
[ 1.074702] Freeing unused kernel memory: 1092K
[ 1.084027] Write protecting the kernel text: 8836k
[ 1.085115] Write protecting the kernel read-only data: 3480k
[ 1.086361] NX-protecting the kernel data: 7548k
[ 1.087457] ------------[ cut here ]------------
[ 1.088400] x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
[ 1.089738] WARNING: CPU: 0 PID: 1 at /build/linux-bnzN1b/linux-4.15.0/arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0x860
[ 1.091893] Modules linked in:
[ 1.092522] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-43-generic #46-Ubuntu
[ 1.094362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 1.096279] EIP: note_page+0x670/0x860
[ 1.097012] EFLAGS: 00010282 CPU: 0
[ 1.097807] EAX: 00000041 EBX: df4fbf44 ECX: 000001ba EDX: 00000000
[ 1.099083] ESI: 80000000 EDI: 00000000 EBP: df4fbf10 ESP: df4fbee4
[ 1.100328] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1.101418] CR0: 80050033 CR2: b7d99092 CR3: 0ce16000 CR4: 000006f0
[ 1.102693] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1.103928] DR6: fffe0ff0 DR7: 00000400
[ 1.104733] Call Trace:
[ 1.105316] ptdump_walk_pgd_level_core+0x2ac/0x2e0
[ 1.106266] ptdump_walk_pgd_level_checkwx+0x18/0x20
[ 1.107207] mark_rodata_ro+0xf5/0x117
[ 1.107947] ? rest_init+0xa0/0xa0
[ 1.108627] kernel_init+0x33/0xf0
[ 1.109300] ret_from_fork+0x2e/0x38
[ 1.110016] Code: cc e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 fe ae ae cc e9 16 fe ff ff 52 52 68 ac af ae cc c6 05 a8 a8 cb cc 01 e8 40 74 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 ae
[ 1.113395] ---[ end trace 0dce1996d96c40bb ]---
[ 1.114324] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found. |
== SRU Justification ==
Booting an i386 Bionic kernel in a VM with a 64-bit CPU leads to:
[ 1.074702] Freeing unused kernel memory: 1092K
[ 1.084027] Write protecting the kernel text: 8836k
[ 1.085115] Write protecting the kernel read-only data: 3480k
[ 1.086361] NX-protecting the kernel data: 7548k
[ 1.087457] ------------[ cut here ]------------
[ 1.088400] x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
[ 1.089738] WARNING: CPU: 0 PID: 1 at /build/linux-bnzN1b/linux-4.15.0/arch/x86/mm/dump_pagetables.c:266 note_page+0x670/0x860
[ 1.091893] Modules linked in:
[ 1.092522] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-43-generic #46-Ubuntu
[ 1.094362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 1.096279] EIP: note_page+0x670/0x860
[ 1.097012] EFLAGS: 00010282 CPU: 0
[ 1.097807] EAX: 00000041 EBX: df4fbf44 ECX: 000001ba EDX: 00000000
[ 1.099083] ESI: 80000000 EDI: 00000000 EBP: df4fbf10 ESP: df4fbee4
[ 1.100328] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1.101418] CR0: 80050033 CR2: b7d99092 CR3: 0ce16000 CR4: 000006f0
[ 1.102693] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1.103928] DR6: fffe0ff0 DR7: 00000400
[ 1.104733] Call Trace:
[ 1.105316] ptdump_walk_pgd_level_core+0x2ac/0x2e0
[ 1.106266] ptdump_walk_pgd_level_checkwx+0x18/0x20
[ 1.107207] mark_rodata_ro+0xf5/0x117
[ 1.107947] ? rest_init+0xa0/0xa0
[ 1.108627] kernel_init+0x33/0xf0
[ 1.109300] ret_from_fork+0x2e/0x38
[ 1.110016] Code: cc e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 fe ae ae cc e9 16 fe ff ff 52 52 68 ac af ae cc c6 05 a8 a8 cb cc 01 e8 40 74 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 ae
[ 1.113395] ---[ end trace 0dce1996d96c40bb ]---
[ 1.114324] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.
== Fix ==
Backport commit c200dac78fec ("x86/mm: Do not warn about PCI BIOS W+X mappings").
== Regression Potential ==
Low. The patch only modifies debugging output.
== Test Case ==
To reproduce, boot an i386 kernel in QEMU with '-cpu qemu64' and check the kernel logs. |
|
2019-01-28 14:18:15 |
Stefan Bader |
nominated for series |
|
Ubuntu Cosmic |
|
2019-01-28 14:18:15 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Cosmic) |
|
2019-01-28 14:18:20 |
Stefan Bader |
bug task added |
|
linux (Ubuntu Bionic) |
|
2019-01-28 14:18:27 |
Stefan Bader |
linux (Ubuntu Cosmic): importance |
Undecided |
Medium |
|
2019-01-28 14:18:31 |
Stefan Bader |
linux (Ubuntu Bionic): importance |
Undecided |
Medium |
|
2019-01-29 06:42:52 |
Khaled El Mously |
linux (Ubuntu Bionic): status |
New |
Fix Committed |
|
2019-02-04 05:47:46 |
Khaled El Mously |
linux (Ubuntu Cosmic): status |
New |
Fix Committed |
|
2019-02-11 11:06:11 |
Brad Figg |
tags |
bionic |
bionic verification-needed-cosmic |
|
2019-02-15 14:42:53 |
Brad Figg |
tags |
bionic verification-needed-cosmic |
bionic verification-needed-bionic verification-needed-cosmic |
|
2019-02-18 10:43:15 |
Juerg Haefliger |
tags |
bionic verification-needed-bionic verification-needed-cosmic |
bionic verification-done-bionic verification-needed-cosmic |
|
2019-02-18 10:46:01 |
Juerg Haefliger |
tags |
bionic verification-done-bionic verification-needed-cosmic |
bionic verification-done-bionic verification-done-cosmic |
|
2019-03-05 15:00:44 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2018-18397 |
|
2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2018-19854 |
|
2019-03-05 15:00:44 |
Launchpad Janitor |
cve linked |
|
2019-6133 |
|
2019-03-06 10:49:37 |
Launchpad Janitor |
linux (Ubuntu Cosmic): status |
Fix Committed |
Fix Released |
|
2019-03-06 10:49:37 |
Launchpad Janitor |
cve linked |
|
2018-16880 |
|
2019-06-13 07:09:29 |
Juerg Haefliger |
linux (Ubuntu): status |
Incomplete |
Invalid |
|