grsecurity forums

[/dev/random]

I have a laptop with 2 graphic cards (intel + radeon). I am using vgaswitcheroo to disable radeon (which otherwise just pointlessly spins the laptops fan).
Unfortunatelly after patching the kernel with latest grsecurity patch, vgaswitcheroo doesn't work. I tried it over last weeks with few grsecurity and kernel versions (3.14.6, 3.14.8, 3.14.9, 3.15.1, 3.15.2). Result is always the same - after patching the kernel with grsecurity, vgaswitcheroo directory is no longer present in /sys/kernel/debug (debugfs is mounted).
There's also no mention about vgaswitcheroo in kern.log (When I boot vanilla kernel there is:

Code: Select all

VGA switcheroo: detected switching method \_SB_.PCI0.GFX0.ATPX handle
vga_switcheroo: enabled

The thing is - it happens even if grsecurity is completly disabled in menuconfig. So it looks like the very fact of patching the kernel (even without enabling grsecurity in kernel's config) is causing this problem.

Here are some logs and informations about my system:
lspci

00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:01.0 PCI bridge: Intel Corporation Xeon E3-1200/2nd Generation Core Processor Family PCI Express Root Port (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 05)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 05)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b5)
00:1c.1 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 2 (rev b5)
00:1c.3 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 4 (rev b5)
00:1c.4 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 5 (rev b5)
00:1c.7 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 8 (rev b5)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 05)
00:1f.0 ISA bridge: Intel Corporation HM67 Express Chipset Family LPC Controller (rev 05)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family 6 port SATA AHCI Controller (rev 05)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 05)
01:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Whistler [Radeon HD 6630M/6650M/6750M/7670M/7690M] (rev ff)
05:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
09:00.0 Network controller: Intel Corporation Centrino Wireless-N 1030 [Rainbow Peak] (rev 34)
0b:00.0 USB controller: NEC Corporation uPD720200 USB 3.0 Host Controller (rev 04)

zgrep -i switcheroo /proc/config.gz

Code: Select all

CONFIG_VGA_SWITCHEROO=y

zgrep -i radeon /proc/config.gz

Code: Select all

CONFIG_DRM_RADEON=m
# CONFIG_DRM_RADEON_UMS is not set
# CONFIG_FB_RADEON is not set

zgrep -i i915 /proc/config.gz

Code: Select all

CONFIG_DRM_I915=m
CONFIG_DRM_I915_KMS=y
# CONFIG_SND_HDA_I915 is not set

zgrep -i grkernsec /proc/config.gz

Code: Select all

# CONFIG_GRKERNSEC is not set

lsmod

Code: Select all

Module                  Size  Used by
i915                  777108  2
snd_hda_codec_hdmi     37723  1
radeon               1349396  1
ttm                    79755  1 radeon
snd_hda_codec_idt      49814  1
iwlwifi                88251  0
snd_hda_intel          34215  1
snd_hda_codec         159762  3 snd_hda_codec_hdmi,snd_hda_codec_idt,snd_hda_intel
snd_hwdep               8418  1 snd_hda_codec
snd_pcm               108457  3 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel
snd_page_alloc          8918  2 snd_pcm,snd_hda_intel
snd_timer              26134  1 snd_pcm
snd                    82743  9 snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_hda_codec_idt,snd_pcm,snd_hda_codec,snd_hda_intel
x86_pkg_temp_thermal     5385  0
i2c_algo_bit            6289  2 i915,radeon
drm_kms_helper         38365  2 i915,radeon
drm                   320845  6 ttm,i915,drm_kms_helper,radeon
fuse                   94676  1

eix radeon-ucode

Code: Select all

[I] x11-drivers/radeon-ucode
     Available versions:  20140204 ~20140430
     Installed versions:  20140204(02:29:39 02.06.2014)
     Homepage:            http://people.freedesktop.org/~agd5f/radeon_ucode/
     Description:         IRQ microcode for r6xx/r7xx/Evergreen/N.Islands/S.Islands Radeon GPUs and APUs


mount | column -t | grep debugfs

Code: Select all

debugfs                  on  /sys/kernel/debug         type  debugfs      (rw,nosuid,nodev,noexec,relatime)

ls -1F /sys/kernel/debug

Code: Select all

acpi
bdi
boot_params
dell_laptop
dma_buf
dri
extfrag
fault_around_order
hid
ieee80211
intel_powerclamp
kprobes
kvm
mce
mei
pkg_temp_thermal
sleep_time
tracing
usb
x86

Full config of 3.15.2-grsec (grsecurity disabled)
http://bpaste.net/show/417075/

diff of 3.15.2-vanilla config and 3.15.2-grsec config (grsecurity disabled):

--- VANILLA_CONFIG-3.15.2 2014-06-27 20:07:54.073310979 +0200
+++ GRSEC_DISABLED_CONFIG-3.15.2 2014-06-27 20:00:48.218386487 +0200
@@ -3018,7 +3018,7 @@
# CONFIG_PROC_KCORE is not set
CONFIG_PROC_VMCORE=y
CONFIG_PROC_SYSCTL=y
-CONFIG_PROC_PAGE_MONITOR=y
+# CONFIG_PROC_PAGE_MONITOR is not set
CONFIG_KERNFS=y
CONFIG_SYSFS=y
CONFIG_TMPFS=y
@@ -3307,9 +3307,6 @@
CONFIG_EARLY_PRINTK_DBGP=y
# CONFIG_EARLY_PRINTK_EFI is not set
# CONFIG_X86_PTDUMP is not set
-CONFIG_DEBUG_RODATA=y
-CONFIG_DEBUG_RODATA_TEST=y
-# CONFIG_DEBUG_SET_MODULE_RONX is not set
# CONFIG_DEBUG_NX_TEST is not set
CONFIG_DOUBLEFAULT=y
# CONFIG_DEBUG_TLBFLUSH is not set
@@ -3334,6 +3331,12 @@
#
# Security options
#
+
+#
+# Grsecurity
+#
+CONFIG_TASK_SIZE_MAX_SHIFT=47
+# CONFIG_GRKERNSEC is not set
CONFIG_KEYS=y
# CONFIG_PERSISTENT_KEYRINGS is not set
# CONFIG_BIG_KEYS is not set

kern.log - full boot procedure on 3.15.2-grsec
http://bpaste.net/show/417084/

[PaX Team]

can you add printk in drivers/gpu/drm/radeon/radeon_atpx_handler.c:radeon_atpx_detect() to print out the values of has_atpx and vga_count just after the second while loop, e.g., something like this:

Code: Select all

printk("PAX: has:%x count:%x\n", has_atpx, vga_count);

you don't need to reboot for this, just recompile the radeon module and unload/reload it. my guess is that it's has_atpx that remains false and that means that we'll have to dig into ACPI code next.

[/dev/random]

Thank you VERY much for quick answer!
My coding skills are limited (but I'm always eager to learn ) , so forgive me silly questions.
From what I understand you are referring to this part of code, is that correct?

Code: Select all

static bool radeon_atpx_detect(void)
{
        char acpi_method_name[255] = { 0 };
        struct acpi_buffer buffer = {sizeof(acpi_method_name), acpi_method_name};
        struct pci_dev *pdev = NULL;
        bool has_atpx = false;
        int vga_count = 0;

        while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_VGA << 8, pdev)) != NULL) {
                vga_count++;

                has_atpx |= (radeon_atpx_pci_probe_handle(pdev) == true);
        }   

        if (has_atpx && vga_count == 2) {
                acpi_get_name(radeon_atpx_priv.atpx.handle, ACPI_FULL_PATHNAME, &buffer);
                printk(KERN_INFO "VGA switcheroo: detected switching method %s handle\n",
                       acpi_method_name);
                radeon_atpx_priv.atpx_detected = true;
                /* 
                 * On some systems hotplug events are generated for the device
                 * being switched off when ATPX is executed.  They cause ACPI
                 * hotplug to trigger and attempt to remove the device from
                 * the system, which causes it to break down.  Prevent that from
                 * happening by setting the no_hotplug flag for the involved
                 * ACPI device objects.
                 */ 
                acpi_bus_no_hotplug(radeon_atpx_priv.dhandle);
                acpi_bus_no_hotplug(radeon_atpx_priv.other_handle);
                return true;
        }   
        return false;
}

You said to put this line after second while loop, but I can see only one loop there. Should I put your printk after it? So something like this:

while ((pdev = pci_get_class(PCI_CLASS_DISPLAY_VGA << 8, pdev)) != NULL) {
vga_count++;

has_atpx |= (radeon_atpx_pci_probe_handle(pdev) == true);
}

printk("PAX: has:%x count:%x\n", has_atpx, vga_count);

if (has_atpx && vga_count == 2) {
...
}

Once again, thank you for answer and sorry for my noobishness

[PaX Team]

yes, that placement is fine, i thought you were using 3.15 which has two loops .

[/dev/random]

You got me - I checked it on the other machine with 3.14.5
It's little late in my timezone - I'll continue tomorrow.
Thank you again !

[/dev/random]

Ok, here's the output:

Code: Select all

Jun 29 19:14:56 gentoo kernel: [  345.449036] PAX: has:1 count:6

And whole unload/load radeon log:

Code: Select all

Jun 29 19:14:54 gentoo kernel: [  343.496621] [drm] radeon: finishing device.
Jun 29 19:14:54 gentoo kernel: [  343.504495] [TTM] Finalizing pool allocator
Jun 29 19:14:54 gentoo kernel: [  343.504501] [TTM] Finalizing DMA pool allocator
Jun 29 19:14:54 gentoo kernel: [  343.504560] [TTM] Zone  kernel: Used memory at exit: 0 kiB
Jun 29 19:14:54 gentoo kernel: [  343.504562] [TTM] Zone   dma32: Used memory at exit: 0 kiB
Jun 29 19:14:54 gentoo kernel: [  343.504564] [drm] radeon: ttm finalized
Jun 29 19:14:54 gentoo kernel: [  343.504725] [drm] Module unloaded
Jun 29 19:14:56 gentoo kernel: [  345.449019] [drm] radeon kernel modesetting enabled.
Jun 29 19:14:56 gentoo kernel: [  345.449036] PAX: has:1 count:6
Jun 29 19:14:56 gentoo kernel: [  345.449310] [drm] initializing kernel modesetting (TURKS 0x1002:0x6741 0x1028:0x04CD).
Jun 29 19:14:56 gentoo kernel: [  345.449329] [drm] register mmio base: 0xF7B20000
Jun 29 19:14:56 gentoo kernel: [  345.449330] [drm] register mmio size: 131072
Jun 29 19:14:57 gentoo kernel: [  346.169043] ATOM BIOS: Dell
Jun 29 19:14:57 gentoo kernel: [  346.169127] radeon 0000:01:00.0: VRAM: 1024M 0x0000000000000000 - 0x000000003FFFFFFF (1024M used)
Jun 29 19:14:57 gentoo kernel: [  346.169129] radeon 0000:01:00.0: GTT: 1024M 0x0000000040000000 - 0x000000007FFFFFFF
Jun 29 19:14:57 gentoo kernel: [  346.169131] [drm] Detected VRAM RAM=1024M, BAR=256M
Jun 29 19:14:57 gentoo kernel: [  346.169132] [drm] RAM width 128bits DDR
Jun 29 19:14:57 gentoo kernel: [  346.169259] [TTM] Zone  kernel: Available graphics memory: 4040528 kiB
Jun 29 19:14:57 gentoo kernel: [  346.169262] [TTM] Zone   dma32: Available graphics memory: 2097152 kiB
Jun 29 19:14:57 gentoo kernel: [  346.169263] [TTM] Initializing pool allocator
Jun 29 19:14:57 gentoo kernel: [  346.169268] [TTM] Initializing DMA pool allocator
Jun 29 19:14:57 gentoo kernel: [  346.169290] [drm] radeon: 1024M of VRAM memory ready
Jun 29 19:14:57 gentoo kernel: [  346.169291] [drm] radeon: 1024M of GTT memory ready.
Jun 29 19:14:57 gentoo kernel: [  346.169303] [drm] Loading TURKS Microcode
Jun 29 19:14:57 gentoo kernel: [  346.169309] [drm] Internal thermal controller without fan control
Jun 29 19:14:57 gentoo kernel: [  346.170197] [drm] radeon: power management initialized
Jun 29 19:14:57 gentoo kernel: [  346.170447] [drm] GART: num cpu pages 262144, num gpu pages 262144
Jun 29 19:14:57 gentoo kernel: [  346.171366] [drm] PCIE gen 2 link speeds already enabled
Jun 29 19:14:57 gentoo kernel: [  346.173775] [drm] PCIE GART of 1024M enabled (table at 0x0000000000273000).
Jun 29 19:14:57 gentoo kernel: [  346.173874] radeon 0000:01:00.0: WB enabled
Jun 29 19:14:57 gentoo kernel: [  346.173877] radeon 0000:01:00.0: fence driver on ring 0 use gpu addr 0x0000000040000c00 and cpu addr 0xffff880221c71c00
Jun 29 19:14:57 gentoo kernel: [  346.173879] radeon 0000:01:00.0: fence driver on ring 3 use gpu addr 0x0000000040000c0c and cpu addr 0xffff880221c71c0c
Jun 29 19:14:57 gentoo kernel: [  346.174280] radeon 0000:01:00.0: fence driver on ring 5 use gpu addr 0x0000000000072118 and cpu addr 0xffffc90017f32118
Jun 29 19:14:57 gentoo kernel: [  346.174282] [drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
Jun 29 19:14:57 gentoo kernel: [  346.174283] [drm] Driver supports precise vblank timestamp query.
Jun 29 19:14:57 gentoo kernel: [  346.174301] radeon 0000:01:00.0: irq 52 for MSI/MSI-X
Jun 29 19:14:57 gentoo kernel: [  346.174311] radeon 0000:01:00.0: radeon: using MSI.
Jun 29 19:14:57 gentoo kernel: [  346.174332] [drm] radeon: irq initialized.
Jun 29 19:14:57 gentoo kernel: [  346.190915] [drm] ring test on 0 succeeded in 1 usecs
Jun 29 19:14:57 gentoo kernel: [  346.190972] [drm] ring test on 3 succeeded in 1 usecs
Jun 29 19:14:57 gentoo kernel: [  346.388485] [drm] ring test on 5 succeeded in 1 usecs
Jun 29 19:14:57 gentoo kernel: [  346.388489] [drm] UVD initialized successfully.
Jun 29 19:14:57 gentoo kernel: [  346.388726] [drm] ib test on ring 0 succeeded in 0 usecs
Jun 29 19:14:57 gentoo kernel: [  346.388748] [drm] ib test on ring 3 succeeded in 0 usecs
Jun 29 19:14:57 gentoo kernel: [  346.560551] [drm] ib test on ring 5 succeeded
Jun 29 19:14:57 gentoo kernel: [  346.560858] [drm] Radeon Display Connectors
Jun 29 19:14:57 gentoo kernel: [  346.561006] radeon 0000:01:00.0: No connectors reported connected with modes
Jun 29 19:14:57 gentoo kernel: [  346.561008] [drm] Cannot find any crtc or sizes - going 1024x768
Jun 29 19:14:57 gentoo kernel: [  346.561728] [drm] fb mappable at 0xE0476000
Jun 29 19:14:57 gentoo kernel: [  346.561729] [drm] vram apper at 0xE0000000
Jun 29 19:14:57 gentoo kernel: [  346.561730] [drm] size 3145728
Jun 29 19:14:57 gentoo kernel: [  346.561731] [drm] fb depth is 24
Jun 29 19:14:57 gentoo kernel: [  346.561732] [drm]    pitch is 4096
Jun 29 19:14:57 gentoo kernel: [  346.561783] radeon 0000:01:00.0: fb1: radeondrmfb frame buffer device
Jun 29 19:14:57 gentoo kernel: [  346.561793] [drm] Initialized radeon 2.38.0 20080528 for 0000:01:00.0 on minor 1


[PaX Team]

looks like PCI_ANY_ID bites again . can you revert the first hunk of the patch to include/linux/mod_devicetable.h (i.e., which adds an __u16 cast to PCI_ANY_ID)? and if that works, can you make it an __u32 cast and see if that works too?

[/dev/random]

Just to make sure

in include/linux/mod_devicetable.h , I need to change this:

Code: Select all

#define PCI_ANY_ID ((__u16)~0)

to that:

Code: Select all

#define PCI_ANY_ID (~0)

see if that works and then check if it also works with:

Code: Select all

#define PCI_ANY_ID ((__u32)~0)

is that right?

See, I wasn't joking with my noobishness

[PaX Team]

yes, it's correct and on second thought you don't really need the __32 one as it's a no-op anyway (but will suppress a compiler warning which is what i wanted to fix 5 years ago with this).

[/dev/random]

With #define PCI_ANY_ID (~0) it's working again!

But another silly question here: Does reverting this hunk of patch is actual fix, or it's just another step to identify the source of the problem, and we have to dig further?

[PaX Team]

well, the problem is that PCI_ANY_ID is used in different kinds of contexts, some are 16 bits in size and others are 32 bits. the compiler warning happens in both cases when PCI_ANY_ID is assigned to an unsigned variable since the current definition tries to shove -1 (a signed negative value) into it. the obvious fix of using (~0U) is only a half solution as it'll still cause a warning due to integer truncation when it's stored into an unsigned short variable. as i don't feel like figuring out which of the 3k uses of PCI_ANY_ID should become separate 16/32 bit values, i'll just revert this hunk myself in the next patch and live with the warnings until someone comes up with a better idea .

[/dev/random]

THANK YOU for explanation, and kind and quick help!