Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[kernel] riscv/mm: Found insecure W+X mapping at address #27

Closed
pdp7 opened this issue Apr 29, 2021 · 18 comments
Closed

[kernel] riscv/mm: Found insecure W+X mapping at address #27

pdp7 opened this issue Apr 29, 2021 · 18 comments
Assignees
Labels

Comments

@pdp7
Copy link
Collaborator

pdp7 commented Apr 29, 2021

Roman Shaposhnik (@rvs) reported in Slack:

this actually happens reliably on boot: (edited)

[   13.616195] ------------[ cut here ]------------
[   13.647751] riscv/mm: Found insecure W+X mapping at address (____ptrval____)/0xffffffdff8000000
[   13.683507] WARNING: CPU: 0 PID: 1 at arch/riscv/mm/ptdump.c:231 note_page+0x24c/0x252
[   13.718483] Modules linked in:
[   13.748632] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.10.6+ #26

@davidlt commented:

riscv/mm: Found insecure W+X mapping at address (____ptrval___)/0xffffffdff8000000 that is somewhat fine. It's one of CONFIG STRICT checks

@pdp7
Copy link
Collaborator Author

pdp7 commented Apr 29, 2021

@MichaelZhuxx @tekkamanninja please take a look

@pdp7 pdp7 changed the title kernel warning: riscv/mm: Found insecure W+X mapping at address [kernel] riscv/mm: Found insecure W+X mapping at address Apr 29, 2021
@davidlt
Copy link

davidlt commented Apr 29, 2021

It's probably CONFIG_STRICT_KERNEL_RWX. It might have been fixed in v5.11. There are still some patch being posted just recently related to CONFIG_STRICT_KERNEL_RWX. If you wan that warning gone, disable this option for now.

@rvs
Copy link

rvs commented Apr 29, 2021

@davidlt @pdp7 -- do you know if there are builds of 5.11 (or maybe even 5.12) available on the Fedora side some place? Or should I just bite the bullet and start building the kernels myself?

@pdp7
Copy link
Collaborator Author

pdp7 commented Apr 29, 2021

I believe @esmil has rebased on 5.12
https://github.com/esmil/linux/tree/starlight

@rvs
Copy link

rvs commented Apr 29, 2021

But I take it nobody re-packaged it as a nice rpm yet, correct @pdp7 ?

@esmil
Copy link

esmil commented Apr 29, 2021

But I take it nobody re-packaged it as a nice rpm yet, correct @pdp7 ?

I just did this:

make -j8 ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- starfive_vic7100_evb_sd_net_fedora_defconfig
make -j8 ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- nconfig # to disable CONFIG_BCMDHD because I don't know where to find fw_bcmdhd.bin and nvram.txt
make -j8 ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- rpm-pkg

..and here is the output: https://esmil.dk/starlight

@tommythorn
Copy link

quick update: my comment is out of context. The fault in mmc is probably not related to the W+X issue. I was commenting on the former.

@pdp7
Copy link
Collaborator Author

pdp7 commented Apr 29, 2021

quick update: my comment is out of context. The fault in mmc is probably not related to the W+X issue. I was commenting on the former.

Sorry about that, is it related to #26?

@tommythorn
Copy link

No worries, but yes, it applied to #26.

@rvs
Copy link

rvs commented Apr 30, 2021

Posting it here since at this point I'm suspecting everything on this current board/kernel config, but:

# rpm -i kernel-5.12.0+-1.riscv64.rpm
	package kernel-5.12.0+-1.riscv64 does not verify: Payload SHA256 ALT digest: BAD (Expected 366ad49f3cff712aaded543b013e500ba29dc6382fbfbec5692c21d85ae780c0 != c7df60dcaeb08a58dc469753fa31f6aa47c640544c0310039bee441069c7be38)

And, of course, running this off the board doesn't find anything too crazy:

$ rpm -Kv kernel-5.12.0+-1.riscv64.rpm
kernel-5.12.0+-1.riscv64.rpm:
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    MD5 digest: OK

@rvs
Copy link

rvs commented Apr 30, 2021

Ok, this is officially crazy at this point -- I put the kernel on a USB stick and if I run md5sum on that file on the board and off the board the md5's differ :-(

@rvs
Copy link

rvs commented Apr 30, 2021

And if anyone is curious -- it indeed appears that reading from USB on my board with a stock Fedora kernel produces random results:

[root@fedora-starfive ~]# mount /dev/sda2 /mnt
[root@fedora-starfive ~]# md5sum /mnt/kernel-5.12.0+-1.riscv64.rpm
fdfdba4264bf7a0343b355cf51559b9f  /mnt/kernel-5.12.0+-1.riscv64.rpm

AND if I plug it into a different USB socket:
[root@fedora-starfive ~]# mount /dev/sda2 /mnt
[root@fedora-starfive ~]# md5sum /mnt/kernel-5.12.0+-1.riscv64.rpm
cfa4ea2687344fbb2516637490fbb74b  /mnt/kernel-5.12.0+-1.riscv64.rpm

@rvs
Copy link

rvs commented Apr 30, 2021

And here's some more fun with this:

[root@fedora-starfive ~]# cd /root
[root@fedora-starfive ~]# cp /mnt/kernel-5.12.0+-1.riscv64.rpm 1
[root@fedora-starfive ~]# cp /mnt/kernel-5.12.0+-1.riscv64.rpm 2
[root@fedora-starfive ~]# cmp 1 2
1 2 differ: byte 442264320, line 1690479

Welp, at least it copied quite a bit of bytes before garbage kicked in

@AlexGhiti
Copy link

The address 0xffffffdff8000000 indicates it is in the "BPF region" and taking a look at how we used to map BPF programs in 5.11 (https://elixir.bootlin.com/linux/v5.11.19/source/arch/riscv/net/bpf_jit_comp64.c#L1148 and PAGE_KERNEL_EXEC definition https://elixir.bootlin.com/linux/v5.11.19/source/arch/riscv/include/asm/pgtable.h#L103), this warning is legitimate: this has just been fixed by commit fc8504765ec5 ("riscv: bpf: Avoid breaking W^X") which landed in 5.13.

@pdp7
Copy link
Collaborator Author

pdp7 commented May 12, 2021

And if anyone is curious -- it indeed appears that reading from USB on my board with a stock Fedora kernel produces random results:

[root@fedora-starfive ~]# mount /dev/sda2 /mnt
[root@fedora-starfive ~]# md5sum /mnt/kernel-5.12.0+-1.riscv64.rpm
fdfdba4264bf7a0343b355cf51559b9f  /mnt/kernel-5.12.0+-1.riscv64.rpm

AND if I plug it into a different USB socket:
[root@fedora-starfive ~]# mount /dev/sda2 /mnt
[root@fedora-starfive ~]# md5sum /mnt/kernel-5.12.0+-1.riscv64.rpm
cfa4ea2687344fbb2516637490fbb74b  /mnt/kernel-5.12.0+-1.riscv64.rpm

I have created a new issue in linux repo regarding USB disk corruption:
starfive-tech/linux#16

@pdp7
Copy link
Collaborator Author

pdp7 commented May 16, 2021

FYI - @atishp04 pointed out that this patch should fix the problem:
http://lists.infradead.org/pipermail/linux-riscv/2021-May/006400.html

@esmil reported in slack that it does fix this warning

@tekkamanninja
Copy link
Collaborator

tekkamanninja commented May 16, 2021 via email

@pdp7 pdp7 assigned pdp7 and tekkamanninja and unassigned pdp7 May 18, 2021
@pdp7 pdp7 added the kernel label May 18, 2021
@pdp7
Copy link
Collaborator Author

pdp7 commented May 18, 2021

@tekkamanninja thanks, once you pull it into the fedora kernel branch, I think this can be closed

@pdp7 pdp7 closed this as completed Jun 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

7 participants