arm32 insecure W+X mapping
Russell King (Oracle)
linux at armlinux.org.uk
Thu Aug 19 17:16:46 PDT 2021
On Thu, Aug 19, 2021 at 04:59:15PM -0700, Tim Harvey wrote:
> On Thu, Aug 19, 2021 at 2:28 PM Russell King (Oracle)
> <linux at armlinux.org.uk> wrote:
> >
> > On Thu, Aug 19, 2021 at 10:19:46AM -0700, Tim Harvey wrote:
> > > Greetings,
> > >
> > > Since commit a8e53c151fe7 "(ARM: 8737/1: mm: dump: add checking for
> > > writable and executable)" I've been seeing the following appear on my
> > > arm32 kernel:
> > >
> > > arm/mm: Found insecure W+X mapping at address 0xf087d000
> > > ...
> > > Checked W+X mappings: FAILED, 1 W+X pages found
> > >
> > > As I haven't seen others report this I assume it's something unique to
> > > my kernel configuration. How do I debug what is causing the insecure
> > > page?
> >
> > If you check /proc/vmallocinfo, it should tell you the physical
> > address that was mapped there, and the function that created the
> > mapping. That should give enough clues to track it down.
> >
>
> Russell,
>
> Thanks for the tip!
>
> # dmesg | grep insecure
> [ 13.219582] arm/mm: Found insecure W+X mapping at address 0xf087d000
> # cat /proc/vmallocinfo | grep 0xf0
> 0x5f3045dd-0xf0020e05 20480 imx6_pm_get_base+0x64/0x98 phys=0x020e0000 ioremap
> 0xf0020e05-0x6e748217 8192 dma_common_contiguous_remap+0x88/0xa4 dma-coherent
> 0x127639d7-0x334ee291 4096 iotable_init+0x0/0xf0 phys=0x00a00000 ioremap
Oh... the kernel's %p pointer munging (for security reasons) is
affecting your ability to debug your problem. Assuming this is a
recent kernel, you can disable this by passing "no_hash_pointers"
on the kernel command line. You should then see real addresses (and
a big fat message at boot time about it.
--
RMK's Patch system: https://www.armlinux.org.uk/developer/patches/
FTTP is here! 40Mbps down 10Mbps up. Decent connectivity at last!
More information about the linux-arm-kernel
mailing list