x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Medium
|
Unassigned | ||
Cosmic |
Fix Released
|
Medium
|
Unassigned |
Bug Description
== SRU Justification ==
Booting an i386 Bionic kernel in a VM with a 64-bit CPU leads to:
[ 1.074702] Freeing unused kernel memory: 1092K
[ 1.084027] Write protecting the kernel text: 8836k
[ 1.085115] Write protecting the kernel read-only data: 3480k
[ 1.086361] NX-protecting the kernel data: 7548k
[ 1.087457] ------------[ cut here ]------------
[ 1.088400] x86/mm: Found insecure W+X mapping at address (ptrval)/0xc00a0000
[ 1.089738] WARNING: CPU: 0 PID: 1 at /build/
[ 1.091893] Modules linked in:
[ 1.092522] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.15.0-43-generic #46-Ubuntu
[ 1.094362] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
[ 1.096279] EIP: note_page+
[ 1.097012] EFLAGS: 00010282 CPU: 0
[ 1.097807] EAX: 00000041 EBX: df4fbf44 ECX: 000001ba EDX: 00000000
[ 1.099083] ESI: 80000000 EDI: 00000000 EBP: df4fbf10 ESP: df4fbee4
[ 1.100328] DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 1.101418] CR0: 80050033 CR2: b7d99092 CR3: 0ce16000 CR4: 000006f0
[ 1.102693] DR0: 00000000 DR1: 00000000 DR2: 00000000 DR3: 00000000
[ 1.103928] DR6: fffe0ff0 DR7: 00000400
[ 1.104733] Call Trace:
[ 1.105316] ptdump_
[ 1.106266] ptdump_
[ 1.107207] mark_rodata_
[ 1.107947] ? rest_init+0xa0/0xa0
[ 1.108627] kernel_
[ 1.109300] ret_from_
[ 1.110016] Code: cc e9 0c fb ff ff f7 c6 00 10 00 00 74 8c 68 fe ae ae cc e9 16 fe ff ff 52 52 68 ac af ae cc c6 05 a8 a8 cb cc 01 e8 40 74 00 00 <0f> 0b 8b 53 0c 83 c4 0c e9 38 fa ff ff 50 6a 08 52 6a 08 68 ae
[ 1.113395] ---[ end trace 0dce1996d96c40bb ]---
[ 1.114324] x86/mm: Checked W+X mappings: FAILED, 96 W+X pages found.
== Fix ==
Backport commit c200dac78fec ("x86/mm: Do not warn about PCI BIOS W+X mappings").
== Regression Potential ==
Low. The patch only modifies debugging output.
== Test Case ==
To reproduce, boot an i386 kernel in QEMU with '-cpu qemu64' and check the kernel logs.
CVE References
Changed in linux (Ubuntu): | |
status: | New → Confirmed |
status: | Confirmed → New |
description: | updated |
Changed in linux (Ubuntu Cosmic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in linux (Ubuntu Cosmic): | |
status: | New → Fix Committed |
tags: |
added: verification-done-bionic removed: verification-needed-bionic |
tags: |
added: verification-done-cosmic removed: verification-needed-cosmic |
Changed in linux (Ubuntu): | |
status: | Incomplete → Invalid |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1813532
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.