NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Moderators: spender, PaX Team

NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Postby x14sg1 » Fri Jan 27, 2017 1:33 am

Hello,

A kernel running with grsecurity-3.1-4.8.17-201701151620.patch crashes when installing NVIDIA-Linux-x86_64-378.09-custom.run with:

./NVIDIA-Linux-x86_64-378.09-no-compat32-custom.run --no-network --no-backup --no-precompiled-interface --silent --no-check-for-alternate-installs -k 4.8.17-grsec --no-kernel-module-source --no-nvidia-modprobe

The NVIDIA executable is patched with http://grsecurity.org/~paxguy1/nvidia-d ... -pax.patch (with some offsets and fuzz) and appeared to patch okay.

I tested these configurations:


NVIDIA
CONFIG_ OPTION
PAX_ NO- DOES
MEMORY_ UNIFIED- KERNEL
PATCH UDEREF MEMORY CRASH
-------------------------------------------------------- -------------- ------------- ----------
grsecurity-3.1-4.8.17-201701151620.patch yes no yes
grsecurity-3.1-4.8.17-201701151620.patch yes yes no
grsecurity-3.1-4.8.17-201701151620.patch no no no

grsecurity-3.1-4.8.17-201701121950.patch yes no yes
grsecurity-3.1-4.8.17-201701090823.patch yes no yes
grsecurity-3.1-4.8.17-201701062021.patch yes no yes

None N/A no no


[ NVIDIA-Linux-x86_64-375.26-no-compat32.run installs fine with grsecurity-3.1-4.8.17-201701151620.patch ]


The kernel crash (from netconsole with latest grsecurity patch and NVIDIA software):

Jan 26 21:58:05 pc104 [ 518.956239] BUG: unable to handle kernel
Jan 26 21:58:05 pc104 paging request
Jan 26 21:58:05 pc104 at ffffffffa1a47348
Jan 26 21:58:05 pc104 [ 518.957274] IP:
Jan 26 21:58:05 pc104 [<ffffffff813d9886>] memcpy_erms+0x6/0x10
Jan 26 21:58:05 pc104 [ 518.958292] PGD 2f75067
Jan 26 21:58:05 pc104 PUD 2f77063
Jan 26 21:58:05 pc104 PMD 2548c7063
Jan 26 21:58:05 pc104 PTE 254897161
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 518.959309] Oops: 0003 [#1] SMP
Jan 26 21:58:05 pc104 [ 518.960305] Modules linked in:
Jan 26 21:58:05 pc104 nvidia_uvm(PO+)
Jan 26 21:58:05 pc104 nvidia_drm(PO)
Jan 26 21:58:05 pc104 nvidia_modeset(PO)
Jan 26 21:58:05 pc104 nvidia(PO)
Jan 26 21:58:05 pc104 xt_set
Jan 26 21:58:05 pc104 ip_set_hash_net
Jan 26 21:58:05 pc104 ip_set
Jan 26 21:58:05 pc104 nfnetlink
Jan 26 21:58:05 pc104 nf_log_ipv4
Jan 26 21:58:05 pc104 nf_log_common
Jan 26 21:58:05 pc104 xt_tcpudp
Jan 26 21:58:05 pc104 iptable_nat
Jan 26 21:58:05 pc104 nf_conntrack_ipv4
Jan 26 21:58:05 pc104 nf_defrag_ipv4
Jan 26 21:58:05 pc104 nf_nat_ipv4
Jan 26 21:58:05 pc104 nf_nat
Jan 26 21:58:05 pc104 xt_HL
Jan 26 21:58:05 pc104 xt_DSCP
Jan 26 21:58:05 pc104 xt_TCPMSS
Jan 26 21:58:05 pc104 xt_LOG
Jan 26 21:58:05 pc104 ipt_REJECT
Jan 26 21:58:05 pc104 nf_reject_ipv4
Jan 26 21:58:05 pc104 iptable_mangle
Jan 26 21:58:05 pc104 xt_multiport
Jan 26 21:58:05 pc104 xt_state
Jan 26 21:58:05 pc104 xt_limit
Jan 26 21:58:05 pc104 xt_conntrack
Jan 26 21:58:05 pc104 nf_conntrack_ftp
Jan 26 21:58:05 pc104 nf_conntrack
Jan 26 21:58:05 pc104 iptable_filter
Jan 26 21:58:05 pc104 ip_tables
Jan 26 21:58:05 pc104 x_tables
Jan 26 21:58:05 pc104 nls_iso8859_1
Jan 26 21:58:05 pc104 nls_cp437
Jan 26 21:58:05 pc104 vfat
Jan 26 21:58:05 pc104 fat
Jan 26 21:58:05 pc104 fuse
Jan 26 21:58:05 pc104 hid_generic
Jan 26 21:58:05 pc104 usbhid
Jan 26 21:58:05 pc104 hid
Jan 26 21:58:05 pc104 snd_hda_codec_hdmi
Jan 26 21:58:05 pc104 snd_hda_codec_realtek
Jan 26 21:58:05 pc104 snd_hda_codec_generic
Jan 26 21:58:05 pc104 coretemp
Jan 26 21:58:05 pc104 hwmon
Jan 26 21:58:05 pc104 iwlmvm
Jan 26 21:58:05 pc104 i915
Jan 26 21:58:05 pc104 kvm_intel
Jan 26 21:58:05 pc104 mac80211
Jan 26 21:58:05 pc104 kvm
Jan 26 21:58:05 pc104 iwlwifi
Jan 26 21:58:05 pc104 intel_gtt
Jan 26 21:58:05 pc104 i2c_algo_bit
Jan 26 21:58:05 pc104 drm_kms_helper
Jan 26 21:58:05 pc104 cfg80211
Jan 26 21:58:05 pc104 syscopyarea
Jan 26 21:58:05 pc104 sysfillrect
Jan 26 21:58:05 pc104 i2c_dev
Jan 26 21:58:05 pc104 psmouse
Jan 26 21:58:05 pc104 mxm_wmi
Jan 26 21:58:05 pc104 sysimgblt
Jan 26 21:58:05 pc104 fb_sys_fops
Jan 26 21:58:05 pc104 irqbypass
Jan 26 21:58:05 pc104 dcdbas
Jan 26 21:58:05 pc104 crc32_pclmul
Jan 26 21:58:05 pc104 evdev
Jan 26 21:58:05 pc104 efivars
Jan 26 21:58:05 pc104 crc32c_intel
Jan 26 21:58:05 pc104 rfkill
Jan 26 21:58:05 pc104 serio_raw
Jan 26 21:58:05 pc104 thermal
Jan 26 21:58:05 pc104 fan
Jan 26 21:58:05 pc104 drm
Jan 26 21:58:05 pc104 tpm_tis
Jan 26 21:58:05 pc104 battery
Jan 26 21:58:05 pc104 snd_hda_intel
Jan 26 21:58:05 pc104 snd_hda_codec
Jan 26 21:58:05 pc104 snd_hwdep
Jan 26 21:58:05 pc104 mei_me
Jan 26 21:58:05 pc104 xhci_pci
Jan 26 21:58:05 pc104 tpm_tis_core
Jan 26 21:58:05 pc104 shpchp
Jan 26 21:58:05 pc104 i2c_i801
Jan 26 21:58:05 pc104 xhci_hcd
Jan 26 21:58:05 pc104 snd_hda_core
Jan 26 21:58:05 pc104 snd_pcm
Jan 26 21:58:05 pc104 video
Jan 26 21:58:05 pc104 agpgart
Jan 26 21:58:05 pc104 button
Jan 26 21:58:05 pc104 snd_timer
Jan 26 21:58:05 pc104 i2c_smbus
Jan 26 21:58:05 pc104 i2c_core
Jan 26 21:58:05 pc104 tpm
Jan 26 21:58:05 pc104 mei
Jan 26 21:58:05 pc104 snd
Jan 26 21:58:05 pc104 fjes
Jan 26 21:58:05 pc104 soundcore
Jan 26 21:58:05 pc104 wmi
Jan 26 21:58:05 pc104 loop
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 518.966119] CPU: 3 PID: 6607 Comm: modprobe Tainted: P O 4.8.17-grsec #201701151621
Jan 26 21:58:05 pc104 [ 518.967272] Hardware name: Dell Inc. Inspiron 7559/0H0CC0, BIOS 1.2.0 09/22/2016
Jan 26 21:58:05 pc104 [ 518.968402] task: ffff880271c06e00 task.stack: ffffc900002f8000
Jan 26 21:58:05 pc104 [ 518.969542] RIP: 0010:[<ffffffff813d9886>]
Jan 26 21:58:05 pc104 [<ffffffff813d9886>] memcpy_erms+0x6/0x10
Jan 26 21:58:05 pc104 [ 518.970695] RSP: 0018:ffffc900002fbbe8 EFLAGS: 00010246
Jan 26 21:58:05 pc104 [ 518.971727] RAX: ffffffffa1a47348 RBX: ffffffffa1a47348 RCX: 0000000000000008
Jan 26 21:58:05 pc104 [ 518.972732] RDX: 0000000000000008 RSI: ffffffffa1a472c8 RDI: ffffffffa1a47348
Jan 26 21:58:05 pc104 [ 518.973742] RBP: ffffc900002fbc20 R08: 0000000000000000 R09: 0000000000000000
Jan 26 21:58:05 pc104 [ 518.974751] R10: 0000000000000001 R11: ffffffffa12dbdb0 R12: 0000000000000001
Jan 26 21:58:05 pc104 [ 518.975756] R13: ffffffffa1a473a8 R14: ffffffffa1a47348 R15: ffffffffa1a472c8
Jan 26 21:58:05 pc104 [ 518.976743] FS: 00000368914e5040(0000) GS:ffff880281cc0000(0000) knlGS:0000000000000000
Jan 26 21:58:05 pc104 [ 518.977748] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Jan 26 21:58:05 pc104 [ 518.978740] CR2: ffffffffa1a47348 CR3: 0000000002d72000 CR4: 00000000003606f0
Jan 26 21:58:05 pc104 [ 518.979739] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
Jan 26 21:58:05 pc104 [ 518.980740] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Jan 26 21:58:05 pc104 [ 518.981720] Stack:
Jan 26 21:58:05 pc104 [ 518.982725] ffffffffa19deb02
Jan 26 21:58:05 pc104 0000000000000000
Jan 26 21:58:05 pc104 0000000000000000
Jan 26 21:58:05 pc104 000000000ef00000
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 518.983715] ffff880277a41fc0
Jan 26 21:58:05 pc104 ffff880272ea5d50
Jan 26 21:58:05 pc104 ffffffffa04938d0
Jan 26 21:58:05 pc104 ffffc900002fbc48
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 518.984743] ffffffffa19d50be
Jan 26 21:58:05 pc104 0000000000000000
Jan 26 21:58:05 pc104 000000000ef00000
Jan 26 21:58:05 pc104 ffff880277a41fc0
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 518.985745] Call Trace:
Jan 26 21:58:05 pc104 [ 518.986742] [<ffffffffa19deb02>] ? uvm_hal_init_table+0x112/0x500 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.987734] [<ffffffffa19d50be>] uvm_gpu_init+0xe/0x90 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.988718] [<ffffffffa19d2b7b>] uvm_global_init+0x1fb/0x6b0 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.989702] [<ffffffffa19cf135>] uvm8_init+0x15/0x1e0 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.990655] [<ffffffff811db0e5>] ? alloc_chrdev_region+0x25/0x50
Jan 26 21:58:05 pc104 [ 518.991629] [<ffffffffa0499000>] ? 0xffffffffa0499000
Jan 26 21:58:05 pc104 [ 518.992600] [<ffffffffa04990ff>] uvm_init+0xff/0x17bb0 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.993575] [<ffffffffa0499000>] ? 0xffffffffa0499000
Jan 26 21:58:05 pc104 [ 518.994542] [<ffffffff81000567>] do_one_initcall+0x47/0x150
Jan 26 21:58:05 pc104 [ 518.995512] [<ffffffff811630e4>] do_init_module+0x61/0x1ed
Jan 26 21:58:05 pc104 [ 518.996508] [<ffffffff8111aadb>] load_module+0x241b/0x25c0
Jan 26 21:58:05 pc104 [ 518.997481] [<ffffffff81117880>] ? __symbol_put+0x50/0x50
Jan 26 21:58:05 pc104 [ 518.998453] [<ffffffffa04a5388>] ? uvm_init+0xc388/0x17bb0 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 518.999433] [<ffffffffa04992c8>] ? uvm_init+0x2c8/0x17bb0 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.000400] [<ffffffff8111b07a>] SYSC_finit_module+0xca/0xf0
Jan 26 21:58:05 pc104 [ 519.001396] [<ffffffff8111b0ee>] sys_finit_module+0x1e/0x30
Jan 26 21:58:05 pc104 [ 519.002361] [<ffffffff8182576d>] entry_SYSCALL_64_fastpath+0x17/0xac
Jan 26 21:58:05 pc104 [ 519.003318] Code:
Jan 26 21:58:05 pc104 90
Jan 26 21:58:05 pc104 last message repeated 4 times
Jan 26 21:58:05 pc104 eb
Jan 26 21:58:05 pc104 1e
Jan 26 21:58:05 pc104 0f
Jan 26 21:58:05 pc104 1f
Jan 26 21:58:05 pc104 00
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 f8
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 d1
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 c1
Jan 26 21:58:05 pc104 e9
Jan 26 21:58:05 pc104 03
Jan 26 21:58:05 pc104 83
Jan 26 21:58:05 pc104 e2
Jan 26 21:58:05 pc104 07
Jan 26 21:58:05 pc104 f3
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 a5
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 d1
Jan 26 21:58:05 pc104 f3
Jan 26 21:58:05 pc104 a4
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 0f
Jan 26 21:58:05 pc104 ba
Jan 26 21:58:05 pc104 2c
Jan 26 21:58:05 pc104 24
Jan 26 21:58:05 pc104 3f
Jan 26 21:58:05 pc104 c3
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 f8
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 d1
Jan 26 21:58:05 pc104 <f3>
Jan 26 21:58:05 pc104 a4
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 0f
Jan 26 21:58:05 pc104 ba
Jan 26 21:58:05 pc104 2c
Jan 26 21:58:05 pc104 24
Jan 26 21:58:05 pc104 3f
Jan 26 21:58:05 pc104 c3
Jan 26 21:58:05 pc104 90
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 89
Jan 26 21:58:05 pc104 f8
Jan 26 21:58:05 pc104 48
Jan 26 21:58:05 pc104 83
Jan 26 21:58:05 pc104 fa
Jan 26 21:58:05 pc104 20
Jan 26 21:58:05 pc104 72
Jan 26 21:58:05 pc104 7e
Jan 26 21:58:05 pc104 40
Jan 26 21:58:05 pc104 38
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 519.004549] RIP
Jan 26 21:58:05 pc104 [<ffffffff813d9886>] memcpy_erms+0x6/0x10
Jan 26 21:58:05 pc104 [ 519.005562] RSP <ffffc900002fbbe8>
Jan 26 21:58:05 pc104 [ 519.006562] CR2: ffffffffa1a47348
Jan 26 21:58:05 pc104 [ 519.007546] ---[ end trace ee35c324486742b3 ]---
Jan 26 21:58:05 pc104 [ 519.008544] Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
Jan 26 21:58:05 pc104 [ 519.009650] Kernel Offset: disabled
Jan 26 21:58:05 pc104 [ 519.010753] ---[ end Kernel panic - not syncing: grsec: halting the system due to suspicious kernel crash caused by root
Jan 26 21:58:05 pc104 [ 519.011870] ------------[ cut here ]------------
Jan 26 21:58:05 pc104 [ 519.012980] WARNING: CPU: 3 PID: 6607 at arch/x86/kernel/smp.c:125 native_smp_send_reschedule+0x53/0x60
Jan 26 21:58:05 pc104 [ 519.014105] Modules linked in:
Jan 26 21:58:05 pc104 nvidia_uvm(PO+)
Jan 26 21:58:05 pc104 nvidia_drm(PO)
Jan 26 21:58:05 pc104 nvidia_modeset(PO)
Jan 26 21:58:05 pc104 nvidia(PO)
Jan 26 21:58:05 pc104 xt_set
Jan 26 21:58:05 pc104 ip_set_hash_net
Jan 26 21:58:05 pc104 ip_set
Jan 26 21:58:05 pc104 nfnetlink
Jan 26 21:58:05 pc104 nf_log_ipv4
Jan 26 21:58:05 pc104 nf_log_common
Jan 26 21:58:05 pc104 xt_tcpudp
Jan 26 21:58:05 pc104 iptable_nat
Jan 26 21:58:05 pc104 nf_conntrack_ipv4
Jan 26 21:58:05 pc104 nf_defrag_ipv4
Jan 26 21:58:05 pc104 nf_nat_ipv4
Jan 26 21:58:05 pc104 nf_nat
Jan 26 21:58:05 pc104 xt_HL
Jan 26 21:58:05 pc104 xt_DSCP
Jan 26 21:58:05 pc104 xt_TCPMSS
Jan 26 21:58:05 pc104 xt_LOG
Jan 26 21:58:05 pc104 ipt_REJECT
Jan 26 21:58:05 pc104 nf_reject_ipv4
Jan 26 21:58:05 pc104 iptable_mangle
Jan 26 21:58:05 pc104 xt_multiport
Jan 26 21:58:05 pc104 xt_state
Jan 26 21:58:05 pc104 xt_limit
Jan 26 21:58:05 pc104 xt_conntrack
Jan 26 21:58:05 pc104 nf_conntrack_ftp
Jan 26 21:58:05 pc104 nf_conntrack
Jan 26 21:58:05 pc104 iptable_filter
Jan 26 21:58:05 pc104 ip_tables
Jan 26 21:58:05 pc104 x_tables
Jan 26 21:58:05 pc104 nls_iso8859_1
Jan 26 21:58:05 pc104 nls_cp437
Jan 26 21:58:05 pc104 vfat
Jan 26 21:58:05 pc104 fat
Jan 26 21:58:05 pc104 fuse
Jan 26 21:58:05 pc104 hid_generic
Jan 26 21:58:05 pc104 usbhid
Jan 26 21:58:05 pc104 hid
Jan 26 21:58:05 pc104 snd_hda_codec_hdmi
Jan 26 21:58:05 pc104 snd_hda_codec_realtek
Jan 26 21:58:05 pc104 snd_hda_codec_generic
Jan 26 21:58:05 pc104 coretemp
Jan 26 21:58:05 pc104 hwmon
Jan 26 21:58:05 pc104 iwlmvm
Jan 26 21:58:05 pc104 i915
Jan 26 21:58:05 pc104 kvm_intel
Jan 26 21:58:05 pc104 mac80211
Jan 26 21:58:05 pc104 kvm
Jan 26 21:58:05 pc104 iwlwifi
Jan 26 21:58:05 pc104 intel_gtt
Jan 26 21:58:05 pc104 i2c_algo_bit
Jan 26 21:58:05 pc104 drm_kms_helper
Jan 26 21:58:05 pc104 cfg80211
Jan 26 21:58:05 pc104 syscopyarea
Jan 26 21:58:05 pc104 sysfillrect
Jan 26 21:58:05 pc104 i2c_dev
Jan 26 21:58:05 pc104 psmouse
Jan 26 21:58:05 pc104 mxm_wmi
Jan 26 21:58:05 pc104 sysimgblt
Jan 26 21:58:05 pc104 fb_sys_fops
Jan 26 21:58:05 pc104 irqbypass
Jan 26 21:58:05 pc104 dcdbas
Jan 26 21:58:05 pc104 crc32_pclmul
Jan 26 21:58:05 pc104 evdev
Jan 26 21:58:05 pc104 efivars
Jan 26 21:58:05 pc104 crc32c_intel
Jan 26 21:58:05 pc104 rfkill
Jan 26 21:58:05 pc104 serio_raw
Jan 26 21:58:05 pc104 thermal
Jan 26 21:58:05 pc104 fan
Jan 26 21:58:05 pc104 drm
Jan 26 21:58:05 pc104 tpm_tis
Jan 26 21:58:05 pc104 battery
Jan 26 21:58:05 pc104 snd_hda_intel
Jan 26 21:58:05 pc104 snd_hda_codec
Jan 26 21:58:05 pc104 snd_hwdep
Jan 26 21:58:05 pc104 mei_me
Jan 26 21:58:05 pc104 xhci_pci
Jan 26 21:58:05 pc104 tpm_tis_core
Jan 26 21:58:05 pc104 shpchp
Jan 26 21:58:05 pc104 i2c_i801
Jan 26 21:58:05 pc104 xhci_hcd
Jan 26 21:58:05 pc104 snd_hda_core
Jan 26 21:58:05 pc104 snd_pcm
Jan 26 21:58:05 pc104 video
Jan 26 21:58:05 pc104 agpgart
Jan 26 21:58:05 pc104 button
Jan 26 21:58:05 pc104 snd_timer
Jan 26 21:58:05 pc104 i2c_smbus
Jan 26 21:58:05 pc104 i2c_core
Jan 26 21:58:05 pc104 tpm
Jan 26 21:58:05 pc104 mei
Jan 26 21:58:05 pc104 snd
Jan 26 21:58:05 pc104 fjes
Jan 26 21:58:05 pc104 soundcore
Jan 26 21:58:05 pc104 wmi
Jan 26 21:58:05 pc104 loop
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 519.020768] CPU: 3 PID: 6607 Comm: modprobe Tainted: P D O 4.8.17-grsec #201701151621
Jan 26 21:58:05 pc104 [ 519.022028] Hardware name: Dell Inc. Inspiron 7559/0H0CC0, BIOS 1.2.0 09/22/2016
Jan 26 21:58:05 pc104 [ 519.023300] ffffffff822048c3
Jan 26 21:58:05 pc104 0000000000000086
Jan 26 21:58:05 pc104 0000000000000000
Jan 26 21:58:05 pc104 ffffc9000001bd78
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 519.024617] ffffffff813c9e9d
Jan 26 21:58:05 pc104 0000000000000000
Jan 26 21:58:05 pc104 last message repeated 2 times
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 519.025909] ffffc9000001bdb8
Jan 26 21:58:05 pc104 ffffffff8109c947
Jan 26 21:58:05 pc104 0000007d00000034
Jan 26 21:58:05 pc104 ffffffff81c3518a
Jan 26 21:58:05 pc104
Jan 26 21:58:05 pc104 [ 519.027231] Call Trace:
Jan 26 21:58:05 pc104 [ 519.028501] <IRQ>
Jan 26 21:58:05 pc104 [<ffffffff813c9e9d>] dump_stack+0x58/0x7b
Jan 26 21:58:05 pc104 [ 519.029783] [<ffffffff8109c947>] __warn+0xc7/0xe0
Jan 26 21:58:05 pc104 [ 519.031085] [<ffffffff8109ca67>] warn_slowpath_null+0x27/0x40
Jan 26 21:58:05 pc104 [ 519.032356] [<ffffffff8103f673>] native_smp_send_reschedule+0x53/0x60
Jan 26 21:58:05 pc104 [ 519.033598] [<ffffffff810d930e>] trigger_load_balance+0x13e/0x200
Jan 26 21:58:05 pc104 [ 519.034826] [<ffffffff810c7f42>] scheduler_tick+0xb2/0xf0
Jan 26 21:58:05 pc104 [ 519.035993] [<ffffffff81100653>] update_process_times+0x43/0x60
Jan 26 21:58:05 pc104 [ 519.037129] [<ffffffff81110391>] tick_sched_handle.isra.14+0x41/0x60
Jan 26 21:58:05 pc104 [ 519.038229] [<ffffffff81110958>] tick_sched_timer+0x38/0x70
Jan 26 21:58:05 pc104 [ 519.039345] [<ffffffff8110130f>] __hrtimer_run_queues+0xcf/0x170
Jan 26 21:58:05 pc104 [ 519.040422] [<ffffffff81101626>] hrtimer_interrupt+0xa6/0x190
Jan 26 21:58:05 pc104 [ 519.041497] [<ffffffff81101580>] ? hrtimer_get_next_event+0x70/0x70
Jan 26 21:58:05 pc104 [ 519.042567] [<ffffffff81101580>] ? hrtimer_get_next_event+0x70/0x70
Jan 26 21:58:05 pc104 [ 519.043636] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.044692] [<ffffffff8104256c>] smp_trace_apic_timer_interrupt+0x7c/0xb0
Jan 26 21:58:05 pc104 [ 519.045748] [<ffffffff810425b0>] smp_apic_timer_interrupt+0x10/0x20
Jan 26 21:58:05 pc104 [ 519.046836] [<ffffffff8182635b>] apic_timer_interrupt+0x8b/0x90
Jan 26 21:58:05 pc104 [ 519.047945] <EOI>
Jan 26 21:58:05 pc104 [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.049010] [<ffffffff81162a89>] ? panic+0x1e2/0x22b
Jan 26 21:58:05 pc104 [ 519.050059] [<ffffffff81162a86>] ? panic+0x1df/0x22b
Jan 26 21:58:05 pc104 [ 519.051095] [<ffffffff81162ba0>] ? printk+0x5c/0x6d
Jan 26 21:58:05 pc104 [ 519.052129] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.053188] [<ffffffff813b9cfa>] gr_handle_kernel_exploit+0x16a/0x180
Jan 26 21:58:05 pc104 [ 519.054224] [<ffffffff810206a5>] oops_end+0x95/0xe0
Jan 26 21:58:05 pc104 [ 519.055252] [<ffffffff810528ae>] no_context+0x10e/0x4c0
Jan 26 21:58:05 pc104 [ 519.056274] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.057292] [<ffffffff81052ce8>] __bad_area_nosemaphore+0x88/0x220
Jan 26 21:58:05 pc104 [ 519.058444] [<ffffffffa12b5683>] ? _nv019476rm+0x23/0x70 [nvidia]
Jan 26 21:58:05 pc104 [ 519.059597] [<ffffffffa12b5407>] ? _nv019482rm+0x17/0x30 [nvidia]
Jan 26 21:58:05 pc104 [ 519.060610] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.061581] [<ffffffff81052eae>] bad_area_nosemaphore+0x2e/0x40
Jan 26 21:58:05 pc104 [ 519.062616] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.063621] [<ffffffffa1a473a8>] ? ce_table+0xe8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.064614] [<ffffffff810535a4>] __do_page_fault+0xb4/0x5e0
Jan 26 21:58:05 pc104 [ 519.065694] [<ffffffffa12d9391>] ? _nv000221rm+0x21/0x70 [nvidia]
Jan 26 21:58:05 pc104 [ 519.066773] [<ffffffffa12fc839>] ? _nv003766rm+0x2429/0x25d0 [nvidia]
Jan 26 21:58:05 pc104 [ 519.067775] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.068777] [<ffffffffa1a473a8>] ? ce_table+0xe8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.069774] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.070795] [<ffffffffa1a472c8>] ? ce_table+0x8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.071776] [<ffffffff81053b1b>] do_page_fault+0x1b/0x30
Jan 26 21:58:05 pc104 [ 519.072757] [<ffffffff81826dd2>] page_fault+0x22/0x30
Jan 26 21:58:05 pc104 [ 519.073743] [<ffffffffa1a472c8>] ? ce_table+0x8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.074729] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.075713] [<ffffffffa1a473a8>] ? ce_table+0xe8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.076693] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.077721] [<ffffffffa12dbdb0>] ? _nv000845rm+0x10/0x10 [nvidia]
Jan 26 21:58:05 pc104 [ 519.078631] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.079537] [<ffffffffa1a472c8>] ? ce_table+0x8/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.080443] [<ffffffffa1a47348>] ? ce_table+0x88/0x200 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.081339] [<ffffffff813d9886>] ? memcpy_erms+0x6/0x10
Jan 26 21:58:05 pc104 [ 519.082234] [<ffffffffa19deb02>] ? uvm_hal_init_table+0x112/0x500 [nvidia_uvm]
Jan 26 21:58:05 pc104 [ 519.083124] [<ffffffffa19d50be>] uvm_gpu_init+0xe/0x90 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.083997] [<ffffffffa19d2b7b>] uvm_global_init+0x1fb/0x6b0 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.084861] [<ffffffffa19cf135>] uvm8_init+0x15/0x1e0 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.085706] [<ffffffff811db0e5>] ? alloc_chrdev_region+0x25/0x50
Jan 26 21:58:06 pc104 [ 519.086518] [<ffffffffa0499000>] ? 0xffffffffa0499000
Jan 26 21:58:06 pc104 [ 519.087270] [<ffffffffa04990ff>] uvm_init+0xff/0x17bb0 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.088009] [<ffffffffa0499000>] ? 0xffffffffa0499000
Jan 26 21:58:06 pc104 [ 519.088717] [<ffffffff81000567>] do_one_initcall+0x47/0x150
Jan 26 21:58:06 pc104 [ 519.089390] [<ffffffff811630e4>] do_init_module+0x61/0x1ed
Jan 26 21:58:06 pc104 [ 519.090020] [<ffffffff8111aadb>] load_module+0x241b/0x25c0
Jan 26 21:58:06 pc104 [ 519.090669] [<ffffffff81117880>] ? __symbol_put+0x50/0x50
Jan 26 21:58:06 pc104 [ 519.091377] [<ffffffffa04a5388>] ? uvm_init+0xc388/0x17bb0 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.092029] [<ffffffffa04992c8>] ? uvm_init+0x2c8/0x17bb0 [nvidia_uvm]
Jan 26 21:58:06 pc104 [ 519.092644] [<ffffffff8111b07a>] SYSC_finit_module+0xca/0xf0
Jan 26 21:58:06 pc104 [ 519.093282] [<ffffffff8111b0ee>] sys_finit_module+0x1e/0x30
Jan 26 21:58:06 pc104 [ 519.093919] [<ffffffff8182576d>] entry_SYSCALL_64_fastpath+0x17/0xac
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Postby PaX Team » Fri Jan 27, 2017 10:40 pm

this is a page fault triggered by writing to a read-only variable, probably some ops structure that got constified. if you know how to use readelf/objdump/etc then you can find out which symbol the faulting address corresponds to, otherwise feel free to send your nvidia kernel driver to me and i'll take a look. the solution in any case will probably be to add __no_const to whatever is being modified here.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Postby x14sg1 » Sat Jan 28, 2017 1:45 am

Hello,

I do not know how to use readelf/objdump but I was able to play around with your patch and if I do not apply this one, my machine does not crash while installing NVIDIA/loading nvidia-uvm


diff -urp kernel/nvidia-uvm/uvm8_hal.h kernel/nvidia-uvm/uvm8_hal.h
--- kernel/nvidia-uvm/uvm8_hal.h 2016-11-27 21:56:50.399642330 +0100
+++ kernel/nvidia-uvm/uvm8_hal.h 2016-11-27 21:54:23.975709978 +0100
@@ -316,7 +316,7 @@ typedef struct
// fault_buffer_ops: id is a hardware class
uvm_fault_buffer_hal_t fault_buffer_ops;
} u;
-} uvm_hal_class_ops_t;
+} __do_const uvm_hal_class_ops_t;

// When UVM next support is enabled support for future chips in the hal is


That structure looks like it is only used in kernel/nvidia-uvm/uvm8_hal.c

Since nvidia, nvidia-modeset and nvidia-drm all load fine but nvidia-uvm does not, I sent it to you
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Postby x14sg1 » Sat Jan 28, 2017 1:55 am

it was too big - if you still need it, I can try to figure out something else
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm

Re: NVIDIA-Linux-x86_64-378.09-custom.run kernel crash

Postby x14sg1 » Mon Feb 27, 2017 5:08 am

Hello,

Took another look at this....

I can re-apply this part of your patch (adding back the _do_const):

diff -urp kernel/nvidia-uvm/uvm8_hal.h kernel/nvidia-uvm/uvm8_hal.h
--- kernel/nvidia-uvm/uvm8_hal.h 2016-11-27 21:56:50.399642330 +0100
+++ kernel/nvidia-uvm/uvm8_hal.h 2016-11-27 21:54:23.975709978 +0100
@@ -316,7 +316,7 @@ typedef struct
// fault_buffer_ops: id is a hardware class
uvm_fault_buffer_hal_t fault_buffer_ops;
} u;
-} uvm_hal_class_ops_t;
+} __do_const uvm_hal_class_ops_t;

// When UVM next support is enabled support for future chips in the hal is



if I also apply this new one that adds __read_only to the four table arrays below (in red):



diff -urp kernel/nvidia-uvm/uvm8_hal.c kernel/nvidia-uvm/uvm8_hal.c
--- kernel/nvidia-uvm/uvm8_hal.c 2017-02-07 22:58:36.000000000 -0500
+++ kernel/nvidia-uvm/uvm8_hal.c 2017-02-27 03:45:26.766844607 -0500
@@ -60,7 +60,7 @@
// By setting the 'parent_class' field, a class will inherit the parent class's
// functions for any fields left NULL when uvm_hal_init_table() runs upon module load.
// The parent class must appear earlier in the array than the child.
-static uvm_hal_class_ops_t ce_table[] =
+static uvm_hal_class_ops_t ce_table[] __read_only =
{
{
.id = KEPLER_DMA_COPY_A,
@@ -107,7 +107,7 @@ static uvm_hal_class_ops_t ce_table[] =
};

// Table for GPFIFO functions. Same idea as the copy engine table.
-static uvm_hal_class_ops_t host_table[] =
+static uvm_hal_class_ops_t host_table[] __read_only =
{
{
.id = KEPLER_CHANNEL_GPFIFO_A,
@@ -178,7 +178,7 @@ static uvm_hal_class_ops_t host_table[]

};

-static uvm_hal_class_ops_t arch_table[] =
+static uvm_hal_class_ops_t arch_table[] __read_only =
{
{
.id = NV2080_CTRL_MC_ARCH_INFO_ARCHITECTURE_GK100,
@@ -232,7 +232,7 @@ static uvm_hal_class_ops_t arch_table[]

};

-static uvm_hal_class_ops_t fault_buffer_table[] =
+static uvm_hal_class_ops_t fault_buffer_table[] __read_only =
{
{
.id = MAXWELL_FAULT_BUFFER_A,


All four NVIDIA modules now load and my box doesn't crash
x14sg1
 
Posts: 137
Joined: Sun Aug 23, 2009 7:47 pm


Return to grsecurity support