Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S964877AbbLOJkZ (ORCPT <rfc822;w@1wt.eu>);
	Tue, 15 Dec 2015 04:40:25 -0500
Received: from atrey.karlin.mff.cuni.cz ([195.113.26.193]:37448 "EHLO
	atrey.karlin.mff.cuni.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S933340AbbLOJkT (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Tue, 15 Dec 2015 04:40:19 -0500
Date: Tue, 15 Dec 2015 10:40:15 +0100
From: Pavel Machek <pavel@ucw.cz>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Arjan van de Ven <arjan@linux.intel.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Borislav Petkov <bp@alien8.de>,
        kernel list <linux-kernel@vger.kernel.org>,
        Stephen Smalley <sds@tycho.nsa.gov>, Brian Gerst <brgerst@gmail.com>,
        Denys Vlasenko <dvlasenk@redhat.com>, Peter Anvin <hpa@zytor.com>,
        Mike Galbraith <efault@gmx.de>, Peter Zijlstra <peterz@infradead.org>,
        Thomas Gleixner <tglx@linutronix.de>
Subject: Re: 4.4-rc5: ugly warn on: 5 W+X pages found
Message-ID: <20151215094015.GA3677@amd>
References: <20151115070022.GA15417@amd>
 <20151214080403.GA3708@amd>
 <20151214085803.GA10520@pd.tnic>
 <20151214090726.GA6472@amd>
 <CA+55aFwivS6pnNKqy6aFrh4H5HC2izW_Rw0GL1hV9EdbV+HhkA@mail.gmail.com>
 <20151214202627.GA15104@amd>
 <CALCETrX6DrW2AJz=WGjMW+nNTsq08+Cte0m=CF_Q9+uzsuR1vA@mail.gmail.com>
 <566F3378.8070009@linux.intel.com>
 <CALCETrW60DfZs-v_W46sYFUmBXspa3BXWY-=dpuSF9iMaeLGFQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CALCETrW60DfZs-v_W46sYFUmBXspa3BXWY-=dpuSF9iMaeLGFQ@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1794
Lines: 48

On Mon 2015-12-14 14:25:10, Andy Lutomirski wrote:
> On Mon, Dec 14, 2015 at 1:24 PM, Arjan van de Ven <arjan@linux.intel.com> wrote:
> >
> >> That's weird.  The only API to do that seems to be manually setting
> >> kmap_prot to _PAGE_KERNEL_EXEC, and nothing does that.  (Why is
> >> kmap_prot a variable on x86 at all?  It has exactly one writer, and
> >> that's the code that initializes it in the first place.  Shouldn't we
> >> #define kmap_prot _PAGE_KERNEL?
> >
> >
> > iirc it changes based on runtime detection of NX capability
> >
> 
> Maybe it did, but if it still does, I can't find the code.
> 
> What *does* change is __supported_pte_mask.  If we're willing to make
> disable_nx work a little less well, we could try to initialize
> __supported_pte_mask from the very beginning.  (We currently seem to
> detect and enable NX even before we enable paging.)  I suspect that
> Pavel is seeing a kmap mapping left over from so early that it didn't
> have NX set (killed by massage_pgprot).

I tried applying:

[PATCH 1/2] x86_32/mm: Set NX in __supported_pte_mask before enabling
paging

but I still get

[    2.685402] ------------[ cut here ]------------
[    2.688649] WARNING: CPU: 0 PID: 1 at
arch/x86/mm/dump_pagetables.c:225 note_
page+0x5ec/0x790()
[    2.691897] x86/mm: Found insecure W+X mapping at address
ffe69000/0xffe69000
[    2.695090] Modules linked in:

Best regards,
									Pavel

-- 
(english) http://www.livejournal.com/~pavelmachek
(cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/