grsecurity forums

[nannou9]

Hi Guys!

I have faced another problem with the newest ATI Driver (11.2).

Oops here:
[ 38.047116] PAX: From 192.168.1.101: kernel memory overflow attempt detected to ffff88021af7fdd8 (16 bytes)
[ 38.047119] Pid: 4444, comm: X Tainted: P 2.6.37.2-grsec #1
[ 38.047121] Call Trace:
[ 38.047127] [<ffffffff810e4a18>] pax_report_overflow_from_user+0x53/0x5d
[ 38.047130] [<ffffffff810dc08b>] check_object_size+0xd5/0xde
[ 38.047155] [<ffffffffa03270d7>] KCL_CopyFromUserSpace+0xb0/0xf8 [fglrx]
[ 38.047173] [<ffffffffa032ecd2>] drm_getunique+0x32/0xa0 [fglrx]
[ 38.047190] [<ffffffffa032eca0>] ? drm_getunique+0x0/0xa0 [fglrx]
[ 38.047208] [<ffffffffa033121a>] ? firegl_ioctl+0x1ea/0xeb0 [fglrx]
[ 38.047224] [<ffffffffa03277d4>] ? ip_firegl_unlocked_ioctl+0x9/0xd [fglrx]
[ 38.047227] [<ffffffff810ee2cd>] ? do_vfs_ioctl+0x5c5/0x61c
[ 38.047229] [<ffffffff810df2ba>] ? fsnotify_modify+0x61/0x69
[ 38.047231] [<ffffffff810dfadf>] ? vfs_write+0x135/0x171
[ 38.047234] [<ffffffff810ee375>] ? sys_ioctl+0x51/0x74
[ 38.047236] [<ffffffff810029fb>] ? system_call_fastpath+0x16/0x1b
[ 38.047885] [fglrx:firegl_release] *ERROR* device busy: 1 0
[ 38.047887] [fglrx] release failed with code -EBUSY

[Kaemka]

Had the exact same problem a while ago, wrote my solution to the wiki: http://en.wikibooks.org/wiki/Grsecurity/Application-specific_Settings#ATI_Catalyst_.28fglrx.29_graphics_driver

Maybe this should also be reported as a bug somewhere too. Don't know if ATI would bother fixing it thou, and nobody else can.

[spender]

You'll need to report this to ATI. It's not a bug in grsec, in fact it caught a real overflow attempt by the ATI driver. To workaround the issue, either use an older ATI driver that doesn't cause this problem, or disable PAX_USERCOPY. If you report the stack backtrace to ATI it should be enough for them to fix it.

-Brad

[johnnylm]

Hi Kaemka
as you said, ATI driver is not compatible with CONFIG_PAX_USERCOPY.
so I build a customized kernel with the latest grsecurity-2.9.1-3.2.19-201206091539.patch on ubuntu12.04, with CONFIG_PAX_USERCOPY=y, ATI driver still works ok, is it possible that this issue already been fixed, and could you observe this issue on you side again with the latest grsecurity.
thanks.

[PaX Team]

so I build a customized kernel with the latest grsecurity-2.9.1-3.2.19-201206091539.patch on ubuntu12.04, with CONFIG_PAX_USERCOPY=y, ATI driver still works ok, is it possible that this issue already been fixed, and could you observe this issue on you side again with the latest grsecurity.

hey, did we just get some official attention? could you also verify that catalyst works under i386/UDEREF? it used to trigger the protection which means that the driver made some unintended (or improperly implemented) userland access.

[GBit]

12.4 drivers still have the issue for usercopy and udref on my system. Kernel 3.3.8.

[GBit]

Wondering if anyone has reported this. It's still an issue. I tried but their "report form" doesn't even have an option for Linux.