RE: hv_hypercall_pg page permissios

From: Dexuan Cui
Date: Mon Jun 15 2020 - 15:50:11 EST

Next message: Emil Velikov: "Re: [PATCH] alpha: Fix build around srm_sysrq_reboot_op"
Previous message: Linus Torvalds: "Re: Linux 5.8-rc1 BUG unable to handle page fault (snd_pcm)"
In reply to: Dexuan Cui: "RE: hv_hypercall_pg page permissios"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> From: linux-hyperv-owner@xxxxxxxxxxxxxxx
> <linux-hyperv-owner@xxxxxxxxxxxxxxx> On Behalf Of Dexuan Cui
> Sent: Monday, June 15, 2020 10:42 AM
> > >
> > > Hi hch,
> > > The patch is merged into the mainine recently, but unluckily we noticed
> > > a warning with CONFIG_DEBUG_WX=y
> > >
> > > Should we revert this patch, or figure out a way to ask the DEBUG_WX
> > > code to ignore this page?
> >
> > Are you sure it is hv_hypercall_pg?
> Yes, 100% sure. I printed the value of hv_hypercall_pg and and it matched the
> address in the warning line " x86/mm: Found insecure W+X mapping at
> address".

I did this experiment:
1. export vmalloc_exec and ptdump_walk_pgd_level_checkwx.
2. write a test module that calls them.
3. It turns out that every call of vmalloc_exec() triggers such a warning.

vmalloc_exec() uses PAGE_KERNEL_EXEC, which is defined as
(__PP|__RW| 0|___A| 0|___D| 0|___G)

It looks the logic in note_page() is: for_each_RW_page, if the NX bit is unset,
then report the page as an insecure W+X mapping. IMO this explains the
warning?

Thanks,
-- Dexuan

Next message: Emil Velikov: "Re: [PATCH] alpha: Fix build around srm_sysrq_reboot_op"
Previous message: Linus Torvalds: "Re: Linux 5.8-rc1 BUG unable to handle page fault (snd_pcm)"
In reply to: Dexuan Cui: "RE: hv_hypercall_pg page permissios"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]