Linux-3.10 Nvidia-drivers & pax-const.patch?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Linux-3.10 Nvidia-drivers & pax-const.patch?

Postby jacekalex » Wed Jul 10, 2013 9:11 am

Hi

Nvidia drivers 31x.xx i 325.xx, arch x86-64 are currently not compatible with linux-3.10.

The problem and the patch with the solution is here:
https://devtalk.nvidia.com/default/topi ... o/#3847582
The patch is here: http://pastie.org/8123499

For Linux 3.10 without grsec & pax Nvidia driver is operating normally.
But the mistake is repaired patch conflicts with patch nvidia-drivers-285.05.09-pax-const.patch. :(

The result of applying the patch pax-const.patch after nvidia-linux-3.10.patch:
Code: Select all
patching file kernel / nv-procfs.c
Hunk # 1 FAILED at 707
1 out of 1 hunk FAILED - saving rejects to file kernel / nv-procfs.c.rej

Code: Select all
cat kernel / nv-procfs.c.rej

--- Kernel.orig / nv-procfs.c 2011-07-13 03:29:30.000000000 +0200
+ + + Kernel / nv-procfs.c 2011-07-19 15:45:27.982993911 +0200
@ @ @ @ 707.10 -707.8
      * However, in preparation for this, we need to preserve
      * The procfs read () and write () operations.
      * /
- Nv_procfs_registry_fops.read = entry-> proc_fops-> read;
- Nv_p
rocfs_registry_fops.write = entry-> proc_fops-> write;
+ Pax_open_kernel ();
+ * (Void **) & nv_procfs_registry_fops.read = entry-> proc_fops-> read;
+ * (Void **) & nv_procfs_registry_fops.write = entry-> proc_fops-> write;
+ Pax_close_kernel ();
 
     entry = NV_CREATE_PROC_FILE ("registry", proc_nvidia,
         nv_procfs_read_registry,



Is it possible to somehow reconcile the use of patches for compliance with the Linux driver 3.10,
with patches pax-const and pax-usercopy, (how to do), whether it is better to wait until Nvidia will release a revised driver?
:wink:

Addresses patches:
Imposed by me - improving mistake on Linux 3.10 - nvidia-linux-3.10.patch:
http://jacekalex.sh.dug.net.pl/nvidia-l ... .patch.txt
Pax patch to nvidia-drivers in Gentoo portage:
http://data.gpo.zugaina.org/gentoo/x11- ... onst.patch
http://data.gpo.zugaina.org/gentoo/x11- ... copy.patch

My system:
Gentoo-hardened x86-64.
gcc version 4.6.3 (Gentoo Hardened 4.6.3 P1.5, pie-0.5.2)

Sorry for bad English. :roll:

Cheers
8)
jacekalex
 
Posts: 39
Joined: Tue Jan 11, 2011 2:16 pm

Re: Linux-3.10 Nvidia-drivers & pax-const.patch?

Postby PaX Team » Fri Jul 12, 2013 6:58 pm

i think you're better off by waiting for nvidia to release official support for 3.10 then we'll see what needs still patching for PaX.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Linux-3.10 Nvidia-drivers & pax-const.patch?

Postby jacekalex » Tue Aug 06, 2013 7:09 am

Hi

New Nvidia 325.15 driver properly compiled on kernel 3.10.5 without any additional patches, while the 3.10.5-grsec found that patch pax-const is incompatible with this driver.

Code: Select all
 ~> patch -p1  < /var/portage/local/x11-drivers/nvidia-drivers/files/nvidia-drivers-pax-const.patch
patching file nv-procfs.c
Hunk #1 FAILED at 707.
1 out of 1 hunk FAILED -- saving rejects to file nv-procfs.c.rej


Code: Select all
cat nv-procfs.c.rej

Code: Select all
--- nv-procfs.c   2011-07-13 03:29:30.000000000 +0200
+++ nv-procfs.c   2011-07-19 15:45:27.982993911 +0200
@@ -707,8 +707,10 @@
      * However, in preparation for this, we need to preserve
      * the procfs read() and write() operations.
      */
-    nv_procfs_registry_fops.read = entry->proc_fops->read;
-    nv_procfs_registry_fops.write = entry->proc_fops->write;
+    pax_open_kernel();
+    *(void **)&nv_procfs_registry_fops.read = entry->proc_fops->read;
+    *(void **)&nv_procfs_registry_fops.write = entry->proc_fops->write;
+    pax_close_kernel();
 
     entry = NV_CREATE_PROC_FILE("registry", proc_nvidia,
         nv_procfs_read_registry,


Is there a chance to nvidia-pax-const to new driver and Linux 3.10.x and newer kernel?

Pax-usercopy patch is applied correctly
Code: Select all
~> patch -p1 --dry-run < /var/portage/local/x11-drivers/nvidia-drivers/files/nvidia-drivers-pax-usercopy.patch
patching file nv.c
Hunk #1 succeeded at 754 (offset -351 lines).
Hunk #2 succeeded at 870 with fuzz 2 (offset -350 lines).
Hunk #3 succeeded at 879 (offset -350 lines).
patching file nv-linux.h
Hunk #1 succeeded at 759 (offset 64 lines).



Both patches checked on
Linux 3.10.5 (vanilla-sources)
grsecurity-2.9.1-3.10.5-201308052154.patch
4200_fbcondecor-0.9.6.patch

Cheers
8)

Sorry for bad English, my native language is Polish.
jacekalex
 
Posts: 39
Joined: Tue Jan 11, 2011 2:16 pm

Re: Linux-3.10 Nvidia-drivers & pax-const.patch?

Postby PaX Team » Thu Aug 08, 2013 9:26 am

the const patch is no longer needed.
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm

Re: Linux-3.10 Nvidia-drivers & pax-const.patch?

Postby jacekalex » Fri Aug 09, 2013 8:36 am

PaX Team wrote:the const patch is no longer needed.


That's wonderful news ;)

Thanks
:)
jacekalex
 
Posts: 39
Joined: Tue Jan 11, 2011 2:16 pm


Return to grsecurity support

cron