[linux] 01/01: [amd64] Don't WARN about expected W+X pages on Xen (see #852324)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Thu Mar 16 04:15:43 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch sid
in repository linux.

commit 4c224533637adbf34ea6bc814d83fbecd4a899fd
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Thu Mar 16 03:13:13 2017 +0000

    [amd64] Don't WARN about expected W+X pages on Xen (see #852324)
---
 debian/changelog                                   |  1 +
 ...on-t-warn-about-expected-w+x-pages-on-xen.patch | 32 ++++++++++++++++++++++
 debian/patches/series                              |  3 ++
 3 files changed, 36 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 050fd60..1359e22 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -147,6 +147,7 @@ linux (4.9.14-1) UNRELEASED; urgency=medium
   * Ignore ABI changes in rds and ufshcd, not useful to OOT modules
   * ucount: Remove the atomicity from ucount->count (CVE-2017-6874)
   * userns: Avoid ABI change for CVE-2017-6874 fix
+  * [amd64] Don't WARN about expected W+X pages on Xen (see #852324)
 
   [ Salvatore Bonaccorso ]
   * ACPI / EC: Use busy polling mode when GPE is not enabled.
diff --git a/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
new file mode 100644
index 0000000..e6225da
--- /dev/null
+++ b/debian/patches/debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
@@ -0,0 +1,32 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Thu, 16 Mar 2017 03:05:43 +0000
+Subject: [amd64] Don't WARN about expected W+X pages on Xen
+Bug-Debian: https://bugs.debian.org/852324
+Forwarded: not-needed
+
+Currently Xen PV domains (or at least dom0) on amd64 tend to have a
+large number of low kernel pages with W+X permissions.  It's not
+obvious how to fix this, and we're not going to get any new
+information by WARNing about this, but we do still want to hear about
+other W+X cases.  So add a condition to the WARN_ON.
+
+---
+--- a/arch/x86/mm/dump_pagetables.c
++++ b/arch/x86/mm/dump_pagetables.c
+@@ -17,6 +17,7 @@
+ #include <linux/init.h>
+ #include <linux/sched.h>
+ #include <linux/seq_file.h>
++#include <xen/xen.h>
+ 
+ #include <asm/pgtable.h>
+ 
+@@ -220,7 +221,7 @@ static void note_page(struct seq_file *m
+ 		pgprotval_t pr = pgprot_val(st->current_prot);
+ 
+ 		if (st->check_wx && (pr & _PAGE_RW) && !(pr & _PAGE_NX)) {
+-			WARN_ONCE(1,
++			WARN_ONCE(!(IS_ENABLED(CONFIG_X86_64) && xen_pv_domain()),
+ 				  "x86/mm: Found insecure W+X mapping at address %p/%pS\n",
+ 				  (void *)st->start_address,
+ 				  (void *)st->start_address);
diff --git a/debian/patches/series b/debian/patches/series
index e2f635a..9bb5e6b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -46,6 +46,9 @@ bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
 # Taint if dangerous features are used
 debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
 
+# Reduce noise for bug #852324
+debian/amd64-don-t-warn-about-expected-w+x-pages-on-xen.patch
+
 # Arch bug fixes
 bugfix/x86/asoc-intel-select-dw_dmac_core-since-it-s-mandatory.patch
 bugfix/x86/platform-x86-acer-wmi-setup-accelerometer-when-machi.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list