Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp6590811ybi;
        Wed, 5 Jun 2019 03:25:40 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxOzCicjVS38m+xO73I0QJjqb2SA+Q8wYOFpjJdEiypzpwvTLUV5sPwR9rtEX+OO5utHreF
X-Received: by 2002:a17:902:158b:: with SMTP id m11mr36258981pla.268.1559730340636;
        Wed, 05 Jun 2019 03:25:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1559730340; cv=none;
        d=google.com; s=arc-20160816;
        b=wxcaR+vJdGn2obKknoWoPta7iZa2MOXEZ5fOpvp0jNJV9n4F8N299NZRLOoX0VFKeF
         Zg3F8i4/iE6/H5p0QSeyTkXGf7pRQF7icKUbL69M1C/nYfsqaU8khPajQBHJPw6/qKf7
         mxEaUUqDHswmrd5kVj/qE2Co7Y0G8prQZZzG7R0Y6dNN08OzYOWz05Mal5wdCJiJ4u+Q
         mTjr+BqDMjxLs46h/AvgCz44Jaj8UzqcOTgZURuaP6UHoGvUHWS302QviYGG0nPYuv3i
         cMiseAfff5Op2kiRXl/Yto3JVfOUtFuzqhTF2HVJkLataMo1Je7WM1UyWV8VWfDR/Xiq
         J2Dw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:mime-version:user-agent:date:message-id:subject
         :from:cc:to;
        bh=/fysUbmnH1vxTAlIkqbbYivJc8Kiv8vSXHZMgrBAC7s=;
        b=obViaMZJUKyPOSKZilGh0vmrtpnpop8oyK1oCZC2sZXhrUi2mcJHgrJqDvvZXHTQph
         j7fkeeMovQNNh7c+XAaefYKQ4KSi6FF2Oiwr4RJSA194dsxcgBnHxM/9S1rbBQYlMYPu
         Nsz+yDNrQRgbBWioq1C4Ok/Cj2pHdHYQx2+/pFgaIR4RidovVnQro/OiLnUtg4Gf2JWK
         JWe/O/WnMkLhv5PUZ0hAKpvo/QVHkcaJzHpt06zWLZjtpn1v+cs65ICuRLPOtsj4Z22a
         a5BRDRrPy4FOZRN81QONmLiV4cPcXkDF/g27VL6Xi/qxeChXVb4bn125qlGvCnWEiHnY
         zIuw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f3si26426928pgs.135.2019.06.05.03.25.23;
        Wed, 05 Jun 2019 03:25:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alibaba.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727139AbfFEKXu (ORCPT <rfc822;israelpgz17@gmail.com>
        + 99 others); Wed, 5 Jun 2019 06:23:50 -0400
Received: from out30-44.freemail.mail.aliyun.com ([115.124.30.44]:34689 "EHLO
        out30-44.freemail.mail.aliyun.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1727055AbfFEKXu (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 5 Jun 2019 06:23:50 -0400
X-Alimail-AntiSpam: AC=PASS;BC=-1|-1;BR=01201311R971e4;CH=green;DM=||false|;FP=0|-1|-1|-1|0|-1|-1|-1;HT=e01e07487;MF=joseph.qi@linux.alibaba.com;NM=1;PH=DS;RN=8;SR=0;TI=SMTPD_---0TTUFliu_1559730220;
Received: from JosephdeMacBook-Pro.local(mailfrom:joseph.qi@linux.alibaba.com fp:SMTPD_---0TTUFliu_1559730220)
          by smtp.aliyun-inc.com(127.0.0.1);
          Wed, 05 Jun 2019 18:23:41 +0800
To:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        x86@kernel.org, Nadav Amit <namit@vmware.com>,
        "Peter Zijlstra (Intel)" <peterz@infradead.org>,
        Ingo Molnar <mingo@kernel.org>,
        Greg KH <gregkh@linuxfoundation.org>
Cc:     Caspar Zhang <caspar@linux.alibaba.com>,
        jiufei Xue <jiufei.xue@linux.alibaba.com>
From:   Joseph Qi <joseph.qi@linux.alibaba.com>
Subject: [bug report][stable] kernel tried to execute NX-protected page -
 exploit attempt? (uid: 0)
Message-ID: <5817eaac-29cc-6331-af3b-b9d85a7c1cd7@linux.alibaba.com>
Date:   Wed, 5 Jun 2019 18:23:40 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:60.0)
 Gecko/20100101 Thunderbird/60.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

I have encountered a kernel BUG when running ltp ftrace-stress-test
on 4.19.48.

[  209.704855] LTP: starting ftrace-stress-test (ftrace_stress_test.sh 90)
[  209.739412] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
[  212.054506] kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
[  212.055595] BUG: unable to handle kernel paging request at ffffffffc0349000
[  212.056589] PGD d00c067 P4D d00c067 PUD d00e067 PMD 23673e067 PTE 800000023457f061
[  212.057759] Oops: 0011 [#1] SMP PTI
[  212.058303] CPU: 0 PID: 0 Comm: swapper/0 Kdump: loaded Not tainted 4.19.48 #112

After some investigation I have found that it is introduced by commit
8715ce033eb3 ("x86/modules: Avoid breaking W^X while loading modules"),
and then revert this commit the issue is gone.

I have also tested the same case on 5.2-rc3 as well as right at
upstream commit f2c65fb3221a ("x86/modules: Avoid breaking W^X while
loading modules"), which has been merged in 5.2-rc1, it doesn't
happen.

So I don't know why only stable has this issue while upstream doesn't.

Thanks,
Joseph