arm32 insecure W+X mapping
Tim Harvey
tharvey at gateworks.com
Wed Sep 15 08:07:39 PDT 2021
On Wed, Sep 15, 2021 at 2:45 AM Fabio Estevam <festevam at gmail.com> wrote:
>
> Hi Tim,
>
> [Adding the NXP folks]
>
> On Tue, Sep 7, 2021 at 2:49 PM Tim Harvey <tharvey at gateworks.com> wrote:
>
> > Shawn, Fabio and Pengutronix Kernel team,
> >
> > Do you know why we get 'Checked W+X mappings: FAILED, 1 W+X pages
> > found' messages for IMX6 with CONFIG_SUSPEND and CONFIG_DEBUG_WX
> > enabled due to to __arm_ioremap_exec call remapping ocram? [1]
>
> Not sure if this is related or not to the following behavior that I am seeing.
>
> On 5.15-rc1 I see the following on an imx6dl based board:
>
> [ 0.123336] imx6q_suspend_init: failed to find ocram device!
>
> Also, suspend/resume is not working as expected:
>
> # echo enabled > /sys/class/tty/ttymxc0/power/wakeup
> # echo mem > /sys/power/state
>
> (Sometimes it reboots the board, sometimes it does not enter in suspend).
>
> I haven't had a chance to debug this but just wanted to report it.
>
Fabio,
I don't see how this would be related. The warning and kernel dump are
a security warning that a page is left writable which could be used as
an attack vector. It doesn't constitute a bug necessarily but it is a
possible security hole that should be fixed. As Russell mentions there
would need to be some functions created to deal with it properly.
Best regards,
Tim
More information about the linux-arm-kernel
mailing list