Bug#1016317: linux-image-5.10.0-16-armmp: insecure W+X mapping
Control: tags -1 + moreinfo
On Fri, Jul 29, 2022 at 08:04:56PM +0200, Rainer Dorsch wrote:
> Package: src:linux
> Version: 5.10.127-2
> Severity: normal
>
> Dear Maintainer,
>
> I just noticed after booting into the kernel 5.10.0-16-armmp #1 SMP Debian
> 5.10.127-2 (2022-07-23) armv7l GNU/Linux (on a SolidRun Cubox-i with an NXP iMX6) that I get an
>
> insecure W+X mapping at address 0xf0879000
>
> on a serial console and a backtrace during the boot process:
>
> [ 5.377591] Registering SWP/SWPB emulation handler
> [ 5.382640] registered taskstats version 1
> [ 5.386784] Loading compiled-in X.509 certificates
> [ 5.787454] Loaded X.509 cert 'Debian Secure Boot CA:
> 6ccece7e4c6c0d1f6149f3dd27dfcc5cbb419ea1'
> [ 5.796311] Loaded X.509 cert 'Debian Secure Boot Signer 2021 - linux:
> 4b6ef5abca669825178e052c84667ccbc0531f8c'
> [ 5.806849] zswap: loaded using pool lzo/zbud
> [ 5.812253] Key type ._fscrypt registered
> [ 5.816352] Key type .fscrypt registered
> [ 5.820314] Key type fscrypt-provisioning registered
> [ 5.825722] AppArmor: AppArmor sha1 policy hashing enabled
> [ 5.865627] vcc_3v3: supplied by v_5v0
> [ 5.895845] Freeing unused kernel memory: 2048K
> [ 5.913843] ------------[ cut here ]------------
> [ 5.918527] WARNING: CPU: 0 PID: 1 at arch/arm/mm/dump.c:248
> note_page+0x3d0/0x3dc
> [ 5.926143] arm/mm: Found insecure W+X mapping at address 0xf0879000
> [ 5.932529] Modules linked in:
> [ 5.935629] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.0-16-armmp #1
> Debian 5.10.127-2
> [ 5.943912] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
> [ 5.950457] Backtrace:
> [ 5.952938] [<c0cf9890>] (dump_backtrace) from [<c0cf9c3c>]
> (show_stack+0x20/0x24)
> [ 5.960532] r7:000000f8 r6:60000013 r5:00000000 r4:c14cdda8
> [ 5.966215] [<c0cf9c1c>] (show_stack) from [<c0cfeec4>]
> (dump_stack+0xc8/0xdc)
> [ 5.973469] [<c0cfedfc>] (dump_stack) from [<c034ddb0>] (__warn+0xfc/0x158)
> [ 5.980449] r7:000000f8 r6:00000009 r5:c031fa38 r4:c0fbe5c8
> [ 5.986130] [<c034dcb4>] (__warn) from [<c0cfaa18>]
> (warn_slowpath_fmt+0xa4/0xe4)
> [ 5.993633] r7:c031fa38 r6:000000f8 r5:c0fbe5c8 r4:c0fbe594
> [ 5.999311] [<c0cfa978>] (warn_slowpath_fmt) from [<c031fa38>]
> (note_page+0x3d0/0x3dc)
> [ 6.007251] r8:00000000 r7:00000000 r6:00000005 r5:c140c4e0 r4:c197ff28
> [ 6.013971] [<c031f668>] (note_page) from [<c031fb2c>]
> (walk_pmd+0xe8/0x1a4)
> [ 6.021042] r10:c197ff28 r9:c0207c20 r8:c1900800 r7:00000000 r6:c0fbe610
> r5:f087b000
> [ 6.028888] r4:c19001ec
> [ 6.031437] [<c031fa44>] (walk_pmd) from [<c031fd2c>]
> (ptdump_check_wx+0x88/0x104)
> [ 6.039030] r10:00000000 r9:00000000 r8:00000000 r7:00000000 r6:c0208000
> r5:f0800000
> [ 6.046878] r4:c0207c28
> [ 6.049435] [<c031fca4>] (ptdump_check_wx) from [<c0319c14>]
> (mark_rodata_ro+0x3c/0x40)
> [ 6.057459] r6:00000000 r5:c0d092cc r4:00000000
> [ 6.062103] [<c0319bd8>] (mark_rodata_ro) from [<c0d09310>]
> (kernel_init+0x44/0x130)
> [ 6.069873] [<c0d092cc>] (kernel_init) from [<c03001a8>]
> (ret_from_fork+0x14/0x2c)
> [ 6.077459] Exception stack(0xc197ffb0 to 0xc197fff8)
> [ 6.082528] ffa0: 00000000 00000000
> 00000000 00000000
> [ 6.090726] ffc0: 00000000 00000000 00000000 00000000 00000000 00000000
> 00000000 00000000
> [ 6.098924] ffe0: 00000000 00000000 00000000 00000000 00000013 00000000
> [ 6.105553] r5:c0d092cc r4:00000000
> [ 6.109187] ---[ end trace 36d095f56a800b3c ]---
> [ 6.114076] Checked W+X mappings: FAILED, 1 W+X pages found
> [ 6.119751] Run /init as init process
> [ 6.847313] gpio_mxc: module verification failed: signature and/or required
> key missing - tainting kernel
> [ 6.859257] vdd1p1: supplied by regulator-dummy
> [ 6.871900] v_usb2: supplied by v_5v0
> [ 6.876972] vdd3p0: supplied by regulator-dummy
> [ 6.882630] vdd2p5: supplied by regulator-dummy
> [ 6.887949] vddarm: supplied by regulator-dummy
> [ 6.893661] vddpu: supplied by regulator-dummy
> [ 6.898847] vddsoc: supplied by regulator-dummy
>
> I do not observe any functional issue so far though.
>
> Since I have not checked the output of the serial console for a while, I cannot tell when
> the issue started to appear.
>
> There is a similar report for the same hardware platform, but is reported on a 5.13 kernel:
> https://lore.kernel.org/all/YUn2qpc5iBAIvCsd@shell.armlinux.org.uk/T/
>
> I am not sure if it was already present in 5.10, if it got backported or if it is
> entirely unrelated.
>
> Many thanks for the great support of many hardware platforms
Would it be possible that you try to cherry-pick upstream 4aede550f104
("ARM: imx6: mark OCRAM mapping read-only") to see if it solves the
issue?
Can you alternatively test the package from bullseye-backports which
would have the fix included and see if the issue goes away?
Regards,
Salvatore
Reply to: