How to debug "insecure W+X mapping"?
Laura Abbott
labbott at redhat.com
Tue Dec 12 15:30:00 PST 2017
On 12/12/2017 02:57 PM, Timur Tabi wrote:
> We have a 4.10-based kernel that occasionally displays an insecure W+X mapping (courtesy of CONFIG_DEBUG_WX):
>
> [ 7.151680] arm64/mm: Found insecure W+X mapping at address 0000345a049d2000/0x345a049d2000
> ...
> [ 7.435481] Checked W+X mappings: FAILED, 4 W+X pages found, 0 non-UXN pages found
>
> The number of actual W+X pages varies, e.g. sometimes it says 6 pages.
>
> How do I go about debugging this? How do I identify the source of 0000345a049d2000?
>
That's a funny address. The check was written to scan the init_mm
page table but that's not a kernel address on arm64. It almost looks
like something set up a userspace mapping very early in the boot process?
I'd start by dumping the physical address at that address to
see if that gives a suggestion where the mapping came from.
Thanks,
Laura
More information about the linux-arm-kernel
mailing list