After upgrade sys-kernel/hardened-sources from 2.6.37-r7 to 2.6.38-r6 Xorg hangs system while loading nvidia driver. Xorg.0.log: … (II) Loading /usr/lib/xorg/modules/drivers/nvidia_drv.so (II) Loading /usr/lib/xorg/modules/libwfb.so (II) Loading /usr/lib/xorg/modules/libfb.so (**) NVIDIA(0): Depth 24, (--) framebuffer bpp 32 (==) NVIDIA(0): RGB weight 888 (==) NVIDIA(0): Default visual is TrueColor (==) NVIDIA(0): Using gamma correction (1.0, 1.0, 1.0) (**) NVIDIA(0): Option "AddARGBGLXVisuals" "True" <--- here it hangs on 2.6.38-r6; on 2.6.37-r7 next log lines are: (II) NVIDIA(GPU-0): Display (NEC P221W (DFP-0)) does not support NVIDIA 3D Vision (II) NVIDIA(GPU-0): stereo. (II) NVIDIA(0): NVIDIA GPU GeForce 9800 GT (G92) at PCI:1:0:0 (GPU-0) (--) NVIDIA(0): Memory: 1048576 kBytes (--) NVIDIA(0): VideoBIOS: 62.92.6d.00.07 (II) NVIDIA(0): Detected PCI Express Link width: 16X (--) NVIDIA(0): Interlaced video modes are supported on this GPU (--) NVIDIA(0): Connected display device(s) on GeForce 9800 GT at PCI:1:0:0 … kernel log on 2.6.38-r6: … 09:18:23.89486 kern.alert: grsec: denied resource overstep by requesting 21 for RLIMIT_NICE against limit 0 for /usr/bin/xinit[xinit:1871] uid/euid:1000/1000 gid/egid:100/100, parent /usr/bin/startx[startx:1800] uid/euid:1000/1000 gid/egid:100/100 09:18:26.61670 kern.err: PAX: kernel memory leak attempt detected from f197feef (nv_stack_t) (1 bytes) 09:18:26.61684 kern.warn: Pid: 1872, comm: X Tainted: P 2.6.38-hardened-r6 #1 09:18:26.61689 kern.warn: Call Trace: 09:18:26.61694 kern.warn: [<f99ac599>] ? nvidia_exit_module+0x16f119/0x23343e [nvidia] 09:18:26.61700 kern.warn: [<c10c7066>] ? pax_report_usercopy+0x96/0x100 09:18:26.61705 kern.warn: [<f99ac599>] ? nvidia_exit_module+0x16f119/0x23343e [nvidia] 09:18:26.61710 kern.warn: [<c10b3ef9>] ? check_object_size+0x39/0x150 09:18:26.61715 kern.warn: [<f99ac599>] ? nvidia_exit_module+0x16f119/0x23343e [nvidia] 09:18:26.61720 kern.warn: [<f9658de2>] ? _nv014861rm+0x34/0x45 [nvidia] 09:18:26.61725 kern.warn: [<f983af5d>] ? os_memcpy_to_user+0x5d/0xd0 [nvidia] 09:18:26.61730 kern.warn: [<f93502a2>] ? _nv000490rm+0xb/0x31 [nvidia] 09:18:26.61735 kern.warn: [<f980fff5>] ? _nv022922rm+0x11/0x15 [nvidia] 09:18:26.61740 kern.warn: [<f937848d>] ? _nv004054rm+0x9d/0xa7 [nvidia] 09:18:26.61745 kern.warn: [<f94c973d>] ? _nv021306rm+0x72/0x7c [nvidia] 09:18:26.61750 kern.warn: [<f9393138>] ? _nv025320rm+0x23/0x2f [nvidia] 09:18:26.61755 kern.warn: [<f94d0e16>] ? _nv008788rm+0xe/0x12 [nvidia] 09:18:26.61760 kern.warn: [<f94d5132>] ? _nv008787rm+0x8e/0xfd [nvidia] 09:18:26.61765 kern.warn: [<f9392cec>] ? _nv025330rm+0x39/0x42 [nvidia] 09:18:26.61770 kern.warn: [<f939248a>] ? _nv003719rm+0x5f/0x86 [nvidia] 09:18:26.61775 kern.warn: [<f939295f>] ? _nv003716rm+0x20e/0x22f [nvidia] 09:18:26.61782 kern.warn: [<f939299f>] ? _nv002329rm+0x1f/0x23 [nvidia] 09:18:26.61787 kern.warn: [<f93794ad>] ? _nv002010rm+0x2b/0x4e [nvidia] 09:18:26.61795 kern.warn: [<f981d0bc>] ? _nv002414rm+0x5d8/0x611 [nvidia] 09:18:26.61801 kern.warn: [<f98199d5>] ? rm_ioctl+0x3e/0x6d [nvidia] 09:18:26.61806 kern.warn: [<f98363df>] ? nv_kern_ioctl+0x19f/0x660 [nvidia] 09:18:26.61811 kern.warn: [<f98368d0>] ? nv_kern_unlocked_ioctl+0x0/0x30 [nvidia] 09:18:26.61816 kern.warn: [<f98368eb>] ? nv_kern_unlocked_ioctl+0x1b/0x30 [nvidia] 09:18:26.61821 kern.warn: [<c10d1cac>] ? do_vfs_ioctl+0x7c/0x750 09:18:26.61826 kern.warn: [<f98368d0>] ? nv_kern_unlocked_ioctl+0x0/0x30 [nvidia] 09:18:26.61831 kern.warn: [<f98368eb>] ? nv_kern_unlocked_ioctl+0x1b/0x30 [nvidia] 09:18:26.61836 kern.warn: [<c10d1cac>] ? do_vfs_ioctl+0x7c/0x750 09:18:26.61841 kern.warn: [<f98368eb>] ? nv_kern_unlocked_ioctl+0x1b/0x30 [nvidia] 09:18:26.61846 kern.warn: [<f98368d0>] ? nv_kern_unlocked_ioctl+0x0/0x30 [nvidia] 09:18:26.61851 kern.warn: [<f98368d0>] ? nv_kern_unlocked_ioctl+0x0/0x30 [nvidia] 09:18:26.61856 kern.warn: [<f98368eb>] ? nv_kern_unlocked_ioctl+0x1b/0x30 [nvidia] 09:18:26.61861 kern.warn: [<c10d1cac>] ? do_vfs_ioctl+0x7c/0x750 09:18:26.61866 kern.warn: [<c10d23ff>] ? sys_ioctl+0x7f/0x90 09:18:26.61871 kern.warn: [<c1003024>] ? sysenter_do_call+0x12/0x22 Reproducible: Always Portage 2.1.10.3 (hardened/linux/x86, gcc-4.4.5, glibc-2.12.2-r0, 2.6.37-hardened-r7-200 i686) ================================================================= System uname: Linux-2.6.37-hardened-r7-200-i686-Intel-R-_Core-TM-2_CPU_6600_@_2.40GHz-with-gentoo-2.0.3 Timestamp of tree: Sun, 07 Aug 2011 06:00:01 +0000 app-shells/bash: 4.1_p9 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.1-r1, 3.1.3-r1 dev-util/cmake: 2.8.4-r1 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.4 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1 sys-devel/binutils: 2.20.1-r1 sys-devel/gcc: 4.4.5 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82 sys-kernel/linux-headers: 2.6.36.1 (virtual/os-headers) sys-libs/glibc: 2.12.2 Repositories: gentoo sunrise kde-sunset vmware powerman local ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="*" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=prescott -O2 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /opt/icedtea6-bin-1.10.3/jre/lib/i386/jvm.cfg /service /usr/inferno/keydb /usr/inferno/lib /usr/inferno/services /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /var/log /var/qmail/alias /var/qmail/control" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=prescott -O2 -pipe" DISTDIR="/usr/portage-distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps=y" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" FFLAGS="" GENTOO_MIRRORS="ftp://ftp.df.lth.se/pub/gentoo/ http://ftp.df.lth.se/pub/gentoo/ http://gentoo.telcom.net.ua/" LANG="ru_RU.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en ru" MAKEOPTS="-j1" PKGDIR="/usr/portage-packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_EXTRA_OPTS="--exclude ChangeLog --delete-excluded" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/sunrise /var/lib/layman/kde-sunset /var/lib/layman/vmware /var/lib/layman/powerman /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X Xaw3d a52 aac acl acpi aim alsa apache2 asf avi bash-completion berkdb bitmap-fonts bzip2 cddb cdr chm cli consolekit cracklib crypt cscope cue curl cxx dbus device-mapper dga divx4linux djvu dlloader dri dts dvd dvdr dvdread encode fastcgi ffmpeg flac flash gd gdbm gif gnutls gpg gtk gtk2 hardened hddtemp iconv icq idn imagemagick imap imlib irc jabber javascript jpeg jpeg2k kde lm_sensors lzo mad mailbox mbox mmx mng modules motif mp3 mpeg msn mudflap musepack mysql ncurses network-cron nls nptl nptlonly nsplugin ogg opengl openmp oss pam pcre perl pic png policykit pppd pwdb python qt qt3support qt4 quicktime readline rss rtc samba sdl session spell sse sse2 sse3 ssl ssse3 svg sysfs tcltk tcpd theora tiff truetype truetype-fonts type1-fonts udev unicode urandom vdpau vim-pager vim-syntax vim-with-x vorbis wavpack win32codecs x264 x86 xinetd xorg xv xvid xvmc yahoo zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="log_config vhost_alias autoindex alias rewrite dir deflate filter mime negotiation auth_basic authn_file authz_host authz_user authz_groupfile cgi actions headers env setenvif" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en ru" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nvidia nv fbdev vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Created attachment 282399 [details, diff] possible patch
Wow, thanks, patch works for me!
I'm debating what to do with this patch, but leaning towards not including it because nvidia-drivers has had a bad history under hardened. The nouveau drivers are working well and we prefer them on hardened. Is there any strong reason why you opt for nvidia over nouveau?
(In reply to comment #3) > Is there any strong reason why you opt for nvidia over nouveau? VMware hardware acceleration for guest Windows.
(In reply to comment #3) > Is there any strong reason why you opt for nvidia over nouveau? nouveau is unstable see http://nouveau.freedesktop.org/wiki/MesaDrivers
(In reply to comment #3) > I'm debating what to do with this patch, but leaning towards not including it While you debating, this bug just hit me once again - after upgrade to x11-drivers/nvidia-drivers-275.09.07. Thanks God, this patch is compatible with new version, so it was ease to add one more ebuild to /usr/local/portage… after I've spend some time trying to find out what's going on, why it doesn't work, and some time later was surprised to find previous nvidia-drivers was installed from /usr/local/portage… and, finally, I recall situation with this patch and realized what I should do to fix it. Please, don't make me do all this crap once again few months later. If it's really "kernel memory leak" as reported by PaX - it must be fixed in nvidia-drivers (either in ebuild or by reporting upstream), because if it leak on hardened, then it leak in same way on non-hardened too (but no one notices that). If it doesn't leak, and it's false alarm by PaX - then PaX should be fixed. Here is absolutely nothing to debate, sorry. I agree there are issues with nvidia-drivers on hardened, and agree nouveau is probably should be used instead… as soon as it will support 3D acceleration for Windows in VMware (and all other features it doesn't support yet and which I don't need but other people may need) - i.e. when it become real drop-in replacement for nvidia-drivers.
(In reply to comment #3) > I'm debating what to do with this patch, but leaning towards not including it Is this a patch against the nvidia-drivers? If so then its not for me to say what to do with it. If the x11 team wishes, they can include it. They can include it conditionally on USE="pax_kernel". (Not "hardened" since that refers to the tool chain).
I would contact NVIDIA wrt this patch. Run nvidia-bug-report.sh to collect some info about your system and e-mail the output, along with the patch and a description of the problem to linux-bugs@nvidia.com. Until they resolve the issue in their official driver, you can place the patch in /etc/portage/patches/x11-drivers/nvidia-drivers/hardened.patch and you should be set.
