sys-apps/v86d-0.1.10 was built with USE="x86emu" Hardened kernel 3.2.11 with: CONFIG_FB_UVESA=m CONFIG_GRKERNSEC_KMEM=y When uvesafb module is loaded (options do not matter), the following warning is produced (not on all configurations): grsec: denied access of range 9d000 -> 9e000 in /dev/mem by /sbin/v86d[v86d:1253] uid/euid:0/0 gid/egid:0/0, parent /[v86d:1252] uid/euid:0/0 gid/egid:0/0 v86d: mmap '/dev/mem' failed with: Operation not permitted v86d: Failed to read EBDA size from 9dc00. Ignoring EBDA. The module is loaded with: modprobe uvesafb mode_option=800x600-32 mtrr=3 scroll=ywrap Other than the warning, there are no module functionality issues. Example configuration exhibiting the issue: - QEMU-KVM 1.0, -vga cirrus (Gentoo) Example configurations *not* exhibiting the issue: - VirtualBox 4.1.10 (Windows) - VMware Workstation 8.0.1 (Gentoo)
Could you try the patch at: http://grsecurity.net/~spender/ebda.diff Thanks, -Brad
Hi, the patch fixes the problem in QEMU-KVM (-vga cirrus).
Just FYI, the issue apparently also manifests on some NVIDIA cards. From user's bug report: <1>grsec: denied access of range 9d000 -> 9e000 in /dev/mem by /sbin/v86d[v86d:2578] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0 <3>v86d: mmap '/dev/mem' failed with: Operation not permitted <4>v86d: Failed to read EBDA size from 9d000. Ignoring EBDA. <6>uvesafb: NVIDIA Corporation, GT216 Board - 0696a340, Chip Rev , OEM: NVIDIA, VBE v3.0 <6>uvesafb: protected mode interface info at c000:ca60 <6>uvesafb: pmi: set display start = c00ccac3, set palette = c00ccb1e <6>uvesafb: pmi: ports = 3b4 3b5 3ba 3c0 3c1 3c4 3c5 3c6 3c7 3c8 3c9 3cc 3ce 3cf 3d0 3d1 3d2 3d3 3d4 3d5 3da <6>uvesafb: VBIOS/hardware doesn't support DDC transfers <6>uvesafb: no monitor limits have been set, default refresh rate will be used <6>uvesafb: scrolling: ywrap using protected mode interface, yres_virtual=2304 <6>Console: switching to colour frame buffer device 100x37 <6>uvesafb: framebuffer at 0xd1000000, mapped to 0xf8e80000, using 7200k, total 14336k <6>fb0: VESA VGA frame buffer device
(In reply to comment #3) > Just FYI, the issue apparently also manifests on some NVIDIA cards. From > user's bug report: and does spender's patch or the latest grsec fix it?
I don't know — will test on my local machine with an NVIDIA card.
Tested on NVIDIA 8500 GT -- unfortunately, the EBDA problem is not present with this card to begin with.
commit 30c31bfe86f048a443baa523e9f487c38d950f24 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Mon Aug 14 09:56:21 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Mon Aug 14 10:02:53 2017 sys-apps/v86d: Remove last-rited pkg, #606154 profiles/arch/amd64/package.use.force | 4 --- profiles/package.mask | 5 ---- sys-apps/v86d/Manifest | 1 - sys-apps/v86d/metadata.xml | 8 ----- sys-apps/v86d/v86d-0.1.10.ebuild | 56 ----------------------------------- 5 files changed, 74 deletions(-)
