Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping

To: Rainer Dorsch <ml@bokomoko.de>, 1016317@bugs.debian.org
Subject: Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 13 Aug 2022 15:23:52 +0200
Message-id: <[🔎] Yvel6M1O8Md2UOVm@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1016317@bugs.debian.org
In-reply-to: <165911789677.13163.10460281148647088832.reportbug@home.bokomoko.de>
References: <165911789677.13163.10460281148647088832.reportbug@home.bokomoko.de> <165911789677.13163.10460281148647088832.reportbug@home.bokomoko.de>

Control: tags -1 + moreinfo

On Fri, Jul 29, 2022 at 08:04:56PM +0200, Rainer Dorsch wrote:
> Package: src:linux
> Version: 5.10.127-2
> Severity: normal
> 
> Dear Maintainer,
> 
> I just noticed after booting into the kernel 5.10.0-16-armmp #1 SMP Debian 
> 5.10.127-2 (2022-07-23) armv7l GNU/Linux (on a SolidRun Cubox-i with an NXP iMX6) that I get an 
> 
> insecure W+X mapping  at address 0xf0879000
> 
> on a serial console and a backtrace during the boot process:
> 
> [    5.377591] Registering SWP/SWPB emulation handler
> [    5.382640] registered taskstats version 1
> [    5.386784] Loading compiled-in X.509 certificates
> [    5.787454] Loaded X.509 cert 'Debian Secure Boot CA: 
> 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
> [    5.796311] Loaded X.509 cert 'Debian Secure Boot Signer 2021 - linux: 
> 4b6ef5abca669825178e052c84667ccbc0531f8c'
> [    5.806849] zswap: loaded using pool lzo/zbud
> [    5.812253] Key type ._fscrypt registered
> [    5.816352] Key type .fscrypt registered
> [    5.820314] Key type fscrypt-provisioning registered
> [    5.825722] AppArmor: AppArmor sha1 policy hashing enabled
> [    5.865627] vcc_3v3: supplied by v_5v0
> [    5.895845] Freeing unused kernel memory: 2048K
> [    5.913843] ------------[ cut here ]------------
> [    5.918527] WARNING: CPU: 0 PID: 1 at arch/arm/mm/dump.c:248 
> note_page+0x3d0/0x3dc
> [    5.926143] arm/mm: Found insecure W+X mapping at address 0xf0879000
> [    5.932529] Modules linked in:
> [    5.935629] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-16-armmp #1 
> Debian 5.10.127-2
> [    5.943912] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
> [    5.950457] Backtrace: 
> [    5.952938] [<c0cf9890>] (dump_backtrace) from [<c0cf9c3c>] 
> (show_stack+0x20/0x24)
> [    5.960532]  r7:000000f8 r6:60000013 r5:00000000 r4:c14cdda8
> [    5.966215] [<c0cf9c1c>] (show_stack) from [<c0cfeec4>] 
> (dump_stack+0xc8/0xdc)
> [    5.973469] [<c0cfedfc>] (dump_stack) from [<c034ddb0>] (__warn+0xfc/0x158)
> [    5.980449]  r7:000000f8 r6:00000009 r5:c031fa38 r4:c0fbe5c8
> [    5.986130] [<c034dcb4>] (__warn) from [<c0cfaa18>] 
> (warn_slowpath_fmt+0xa4/0xe4)
> [    5.993633]  r7:c031fa38 r6:000000f8 r5:c0fbe5c8 r4:c0fbe594
> [    5.999311] [<c0cfa978>] (warn_slowpath_fmt) from [<c031fa38>] 
> (note_page+0x3d0/0x3dc)
> [    6.007251]  r8:00000000 r7:00000000 r6:00000005 r5:c140c4e0 r4:c197ff28
> [    6.013971] [<c031f668>] (note_page) from [<c031fb2c>] 
> (walk_pmd+0xe8/0x1a4)
> [    6.021042]  r10:c197ff28 r9:c0207c20 r8:c1900800 r7:00000000 r6:c0fbe610 
> r5:f087b000
> [    6.028888]  r4:c19001ec
> [    6.031437] [<c031fa44>] (walk_pmd) from [<c031fd2c>] 
> (ptdump_check_wx+0x88/0x104)
> [    6.039030]  r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:c0208000 
> r5:f0800000
> [    6.046878]  r4:c0207c28
> [    6.049435] [<c031fca4>] (ptdump_check_wx) from [<c0319c14>] 
> (mark_rodata_ro+0x3c/0x40)
> [    6.057459]  r6:00000000 r5:c0d092cc r4:00000000
> [    6.062103] [<c0319bd8>] (mark_rodata_ro) from [<c0d09310>] 
> (kernel_init+0x44/0x130)
> [    6.069873] [<c0d092cc>] (kernel_init) from [<c03001a8>] 
> (ret_from_fork+0x14/0x2c)
> [    6.077459] Exception stack(0xc197ffb0 to 0xc197fff8)
> [    6.082528] ffa0:                                     00000000 00000000 
> 00000000 00000000
> [    6.090726] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 
> 00000000 00000000
> [    6.098924] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
> [    6.105553]  r5:c0d092cc r4:00000000
> [    6.109187] ---[ end trace 36d095f56a800b3c ]---
> [    6.114076] Checked W+X mappings: FAILED, 1 W+X pages found
> [    6.119751] Run /init as init process
> [    6.847313] gpio_mxc: module verification failed: signature and/or required 
> key missing - tainting kernel
> [    6.859257] vdd1p1: supplied by regulator-dummy
> [    6.871900] v_usb2: supplied by v_5v0
> [    6.876972] vdd3p0: supplied by regulator-dummy
> [    6.882630] vdd2p5: supplied by regulator-dummy
> [    6.887949] vddarm: supplied by regulator-dummy
> [    6.893661] vddpu: supplied by regulator-dummy
> [    6.898847] vddsoc: supplied by regulator-dummy
> 
> I do not observe any functional issue so far though.
> 
> Since I have not checked the output of the serial console for a while, I cannot tell when 
> the issue started to appear.
> 
> There is a similar report for the same hardware platform, but is reported on a 5.13 kernel:
> https://lore.kernel.org/all/YUn2qpc5iBAIvCsd@shell.armlinux.org.uk/T/
> 
> I am not sure if it was already present in 5.10, if it got backported or if it is 
> entirely unrelated.
> 
> Many thanks for the great support of many hardware platforms

Would it be possible that you try to cherry-pick upstream 4aede550f104
("ARM: imx6: mark OCRAM mapping read-only") to see if it solves the
issue?

Can you alternatively test the package from bullseye-backports which
would have the fix included and see if the issue goes away?

Regards,
Salvatore

Reply to:

Follow-Ups:
- Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping
  - From: Rainer Dorsch <ml@bokomoko.de>

Prev by Date: Processed: reassign 1015167 to src:linux
Next by Date: Processed: Re: Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping
Previous by thread: Processed: reassign 1015167 to src:linux
Next by thread: Processed: Re: Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping
Index(es):
- Date
- Thread