| Summary: | x11-drivers/nvidia-drivers-390.87 with sys-kernel/gentoo-sources-4.18.11 - usercopy: Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache' (offset nnnnn, size n)! | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | peteru <bugs.gentoo.org> |
| Component: | Current packages | Assignee: | Jeroen Roovers (RETIRED) <jer> |
| Status: | RESOLVED UPSTREAM | ||
| Severity: | normal | CC: | jasmin+gentoo, jstein, Manfred.Knick, redblade7 |
| Priority: | Normal | Keywords: | PATCH |
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: | usercopy flag patch from red hat bugzila | ||
|
Description
peteru
2018-06-22 14:14:24 UTC
# emerge --info Portage 2.3.40 (python 2.7.15-final-0, default/linux/amd64/17.0/desktop/plasma, gcc-7.3.0, glibc-2.27-r4, 4.17.2-gentoo x86_64) ================================================================= System uname: Linux-4.17.2-gentoo-x86_64-Intel-R-_Core-TM-_i5_CPU_750_@_2.67GHz-with-gentoo-2.6 KiB Mem: 16397124 total, 10084020 free KiB Swap: 10485728 total, 10485728 free Timestamp of repository gentoo: Fri, 22 Jun 2018 09:00:01 +0000 Head commit of repository gentoo: ed40e8a26ff053fb20e76ef0a65987dd3c53b44d sh bash 4.4_p23 ld GNU ld (Gentoo 2.30 p3) 2.30.0 app-shells/bash: 4.4_p23::gentoo dev-java/java-config: 2.2.0-r4::gentoo dev-lang/perl: 5.26.2::gentoo dev-lang/python: 2.7.15::gentoo, 3.5.5-r1::gentoo dev-util/cmake: 3.11.4::gentoo dev-util/pkgconfig: 0.29.2::gentoo sys-apps/baselayout: 2.6::gentoo sys-apps/openrc: 0.37::gentoo sys-apps/sandbox: 2.13::gentoo sys-devel/autoconf: 2.13::gentoo, 2.69-r4::gentoo sys-devel/automake: 1.11.6-r3::gentoo, 1.16.1-r1::gentoo sys-devel/binutils: 2.30-r3::gentoo sys-devel/gcc: 7.3.0-r3::gentoo sys-devel/gcc-config: 1.9.1::gentoo sys-devel/libtool: 2.4.6-r5::gentoo sys-devel/make: 4.2.1-r3::gentoo sys-kernel/linux-headers: 4.17::gentoo (virtual/os-headers) sys-libs/glibc: 2.27-r4::gentoo Repositories: gentoo location: /usr/portage sync-type: rsync sync-uri: rsync://gw.local/gentoo-portage priority: -1000 sync-rsync-verify-jobs: 1 sync-rsync-verify-metamanifest: yes sync-rsync-extra-opts: sync-rsync-verify-max-age: 24 local location: /usr/local/portage masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="*" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=corei7 -O2 -pipe -funit-at-a-time" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/themes/oxygen-gtk/gtk-2.0" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-march=corei7 -O2 -pipe -funit-at-a-time" DISTDIR="/home/portage/distfiles" EMERGE_DEFAULT_OPTS="-j4 --keep-going --with-bdeps y" ENV_UNSET="DBUS_SESSION_BUS_ADDRESS DISPLAY PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync multilib-strict news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp.swin.edu.au/gentoo http://mirror.isp.net.au/ftp/pub/gentoo/ ftp://mirror.pacific.net.au/linux/Gentoo http://mirror.exetel.com.au/pub/gentoo http://distfiles.gentoo.org http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="en_AU.utf8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en_US en_AU en" MAKEOPTS="-j4 --load-average=5" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/tmp" USE="X a52 aac acl acpi activities alsa amd64 apache2 bash-completion berkdb bluray branding bzip2 cairo cdda cdr clang cli cnd consolekit crypt cscope cups cvs cxx dbus declarative designer dri dts dvb dvd dvdr egl emboss encode enterprise exif fam ffmpeg flac fontconfig gd gdbm gif gimp git glamor google gphoto2 gpm graphviz gstreamer gtk iconv icq icu imap ipod ipv6 jpeg jpeg2k kde kipi kwallet lame lcms libnotify libsamplerate libtirpc lzma mad matroska mmx mmxext mng modules mp3 mp4 mpeg mplayer msn mtp multilib multitarget musicbrainz mysql mysqli ncurses nfs nls nptl nvenc ogg openexr opengl openmp pam pango pch pcre pdf phonon plasma png policykit popcnt ppds pulseaudio pvr python qml qt3support qt5 raw rdsektop readline rss samba sasl sdl seccomp semantic-desktop slp smime smtp sndfile spell sqlite sse sse2 sse3 sse4_1 sse4_2 ssl ssse3 startup-notification subversion svg taglib theora threads tiff truetype udev udisks unicode upnp upnp-av upower usb v4l vaapi vdpau vim-syntax vnc vorbis wayland webkit widgets wxwidgets x264 x265 xattr xcb xcomposite xine xinerama xml xmp xsl xv xvid xvmc yahoo zeroconf zlib" ABI_X86="64" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon plan sheets stage words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" INPUT_DEVICES="libinput keyboard mouse" KERNEL="linux" L10N="en-US en-AU en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php5-6 php7-0" POSTGRES_TARGETS="postgres9_5 postgres10" PYTHON_SINGLE_TARGET="python3_5" PYTHON_TARGETS="python2_7 python3_5" RUBY_TARGETS="ruby23" USERLAND="GNU" VIDEO_CARDS="nvidia v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CC, CPPFLAGS, CTARGET, CXX, INSTALL_MASK, LC_ALL, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS Redhat seem to have a patch for this: https://bugzilla.redhat.com/show_bug.cgi?id=1570493 I'm attaching the patch for reference since it applies and builds. It'll probably be a few hours before I have the opportunity to test whether the patch works correctly. Created attachment 536802 [details, diff]
usercopy flag patch from red hat bugzila
I tested the patch and it fixes the issue resulting in a working system. WORKSFORME:
upgrade to nvidia-drivers-396.24-r1:0/396
# equery list gentoo-sources nvidia-drivers
[IP-] [ ] sys-kernel/gentoo-sources-4.17.2:4.17.2
[IP-] [ ] x11-drivers/nvidia-drivers-396.24-r1:0/396 <---
# uname -a
Linux XXXXX 4.17.2-gentoo #1 SMP Mon Jun 18 17:36:27 CEST 2018 x86_64
Intel(R) Xeon(R) CPU E3-1276 v3 @ 3.60GHz GenuineIntel GNU/Linux
@Manfred, You are not looking at the correct package version. This issue is present in 390.xx series drivers for older nvidia driver cards. In my case this is required for GeForce GTX 550 Ti. You can not use the 396.xx series with those cards, so an upgrade to 396.xx or later is not an option. Either way, I can confirm that the patch I provided has been working well enough for several days now. Bump. This patch is still required, even with newer kernel and nvidia-driver versions. At the moment I have to manually create a new user patch for each nvidia-driver update because the nvdidia-driver slot naming convention won't allow me to have a patch that applies to all 390.xx versions of the driver. I have a ~10 year old laptop (Dell Latitude E6410) whose card is NVIDIA GT218M [NVS 3100M]. This card requires 340.107, which gives a warning that only <4.18 is supported. I have the same crash with the new 4.19.23 on this laptop. nouveau won't work with it, it needs the proprietary driver. Will the patch here work for 340.107 or am I stuck with <4.18 kernels on it? I have been using the attached patch with 390.87 for several months now and it results in a stable system that has X11/KDE uptimes on the order of several weeks. Could you please add the patch to the 390.87 ebuild, push out 390.87-r1 and close this bug? Thanks. Adding this patch to the 390.87 ebuild would be very nice :-). For me the above patch did not work. I had to use this one instead: https://pastebin.com/yPZ1tEwb mentioned in: https://devtalk.nvidia.com/default/topic/1044509/-patch-solved-kernel-4-19-nothing-works-anymore/ I put the patch in /etc/portage/patches/x11-drivers/nvidia-drivers-390.87/ as mentioned in: https://bugs.gentoo.org/349707#c11 and emerge patched the nvidia-drivers automatically. > For me the above patch did not work. In what way did it not work? > I had to use this one instead: https://pastebin.com/yPZ1tEwb That patch is not related to this bug report at all. It addresses compile time issues with DRM. As far as I can tell from the link you posted, it's also not aimed at 390.xx series drivers. This bug report and the associated patch fix issues with invalid user-space memory accesses due to kernel changes. The attached patch applies correctly AND it fixes the crash I reported. If you have a different issue (related to DRM), you will need to open a separate bug, rather than piggy back onto this one. Sorry, wrong ticket - unfortunately I can't delete my comments above. This has been fixed upstream and x11-drivers/nvidia-drivers-390.116 works properly. (In reply to Red from comment #8) > I have a ~10 year old laptop (Dell Latitude E6410) whose card is NVIDIA > GT218M [NVS 3100M]. This card requires 340.107, which gives a warning that > only <4.18 is supported. I have the same crash with the new 4.19.23 on this > laptop. nouveau won't work with it, it needs the proprietary driver. Will > the patch here work for 340.107 or am I stuck with <4.18 kernels on it? I don't know if anyone missed this comment, but was the bug fixed for 340.107? Or should I file a separate bug? (In reply to Red from comment #15) > I don't know if anyone missed this comment, but was the bug fixed for > 340.107? Or should I file a separate bug? Your problem is not related to this bug. This bug was about 390.xx series drivers and the issues has been fixed in x11-drivers/nvidia-drivers-390.116 If you have an issue with 340.xx series drivers, open a separate bug. (In reply to peteru from comment #16) > (In reply to Red from comment #15) > > I don't know if anyone missed this comment, but was the bug fixed for > > 340.107? Or should I file a separate bug? > > Your problem is not related to this bug. This bug was about 390.xx series > drivers and the issues has been fixed in x11-drivers/nvidia-drivers-390.116 > > If you have an issue with 340.xx series drivers, open a separate bug. A separate bug for the 340.xx series has been filed as Bug 680278 |