grsecurity forums

[SummerRainbowz]

Experience this on Arch Linux with the latest kernel. Do I need to provide other information?

Code: Select all

PID: 387 Comm: Xorg Tainted: G           O    4.3.4.201601261954-1-grsec #1
[   31.458043] Hardware name: System manufacturer System Product Name/P5Q SE2, BIOS 0801    03/31/2010
[   31.458045]  ffff880100000002 19c24a900b5deed0 0000000000000000 ffff88014648aac7
[   31.458049]  ffffc9000413b348 ffffffffb82d66b0 ffff8800c648aacb ffffc9000413b3c0
[   31.458051]  ffffffffb82e2b70 ffffffffc0d23efa 0000056e00000000 000000000000000a
[   31.458054] Call Trace:
[   31.458061]  [<ffffffffb82d66b0>] dump_stack+0x4b/0x8b
[   31.458064]  [<ffffffffb82e2b70>] pointer.isra.20+0x2d0/0x540
[   31.458144]  [<ffffffffc0d23efa>] ? firegl_trace+0x2a/0xf0 [fglrx]
[   31.458179]  [<ffffffffc0fc1eb8>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7f818/0x1c4fbd [fglrx]
[   31.458212]  [<ffffffffc0fcd0e0>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x8aa40/0x1c4fbd [fglrx]
[   31.458245]  [<ffffffffc0fbf772>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7d0d2/0x1c4fbd [fglrx]
[   31.458277]  [<ffffffffc0fbf772>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7d0d2/0x1c4fbd [fglrx]
[   31.458280]  [<ffffffffb82e2efd>] vsnprintf+0x11d/0x540
[   31.458329]  [<ffffffffc0d2ffff>] ? firegl_acpi_atif_select_active_displays+0x13f/0x150 [fglrx]
[   31.458362]  [<ffffffffc0fbf76d>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7d0cd/0x1c4fbd [fglrx]
[   31.458395]  [<ffffffffc0fe9c50>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0xa75b0/0x1c4fbd [fglrx]
[   31.458397]  [<ffffffffb82e3542>] sprintf+0x62/0x90
[   31.458430]  [<ffffffffc0fbf75d>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7d0bd/0x1c4fbd [fglrx]
[   31.458471]  [<ffffffffc0cea289>] KAS_SlabCache_Initialize+0x79/0x100 [fglrx]
[   31.458517]  [<ffffffffc0d09999>] MCIL_LookasideList+0x1d9/0x270 [fglrx]
[   31.458602]  [<ffffffffc0e047ca>] ? _ZN9PageTable24LookasideList_InitializeEv+0x6a/0x80 [fglrx]
[   31.458647]  [<ffffffffc0d098b0>] ? MCIL_LookasideList+0xf0/0x270 [fglrx]
[   31.458729]  [<ffffffffc0dfc532>] ? _ZN7GpsBase11AllocMemoryEmjP15_ULARGE_INTEGERP9MCADDRESSb+0x22/0x30 [fglrx]
[   31.458763]  [<ffffffffc0f425ac>] ? _ZN9PageTable23AllocAndInitShadowTableEv+0xec/0x100 [fglrx]
[   31.458844]  [<ffffffffc0dfc8d8>] ? _ZN7GpsBase14GPS_ZeroMemoryEPvS0_m+0x38/0x40 [fglrx]
[   31.458925]  [<ffffffffc0dfc532>] ? _ZN7GpsBase11AllocMemoryEmjP15_ULARGE_INTEGERP9MCADDRESSb+0x22/0x30 [fglrx]
[   31.459007]  [<ffffffffc0e0417d>] ? _ZN9PageTable23CreateShadowTableAtInitEv+0x8d/0xa0 [fglrx]
[   31.459088]  [<ffffffffc0dfb859>] ? _ZN20PageTableGartCypress23CreateShadowTableAtInitEv+0x9/0xf0 [fglrx]
[   31.459170]  [<ffffffffc0e01ce0>] ? _ZN11GartCypress15CreatePageTableEP9GpsConfig+0x170/0x1f0 [fglrx]
[   31.459203]  [<ffffffffc0fe9670>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0xa6fd0/0x1c4fbd [fglrx]
[   31.459285]  [<ffffffffc0dfe34c>] ? _ZNK10GPSContext14GetPeerMmrBaseEv+0x1c/0x20 [fglrx]
[   31.459318]  [<ffffffffc0feaed8>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0xa8838/0x1c4fbd [fglrx]
[   31.459400]  [<ffffffffc0dfd89d>] ? _ZN10GPSContext18InitializeAsicGartEv+0x3d/0xf0 [fglrx]
[   31.459481]  [<ffffffffc0df7b33>] ? Gps_GartInitialization+0x33/0x50 [fglrx]
[   31.459527]  [<ffffffffc0d12606>] ? __gart_init+0x2c6/0x6b0 [fglrx]
[   31.459579]  [<ffffffffc0d43652>] ? wait_for_multiobj_condition+0xf2/0x130 [fglrx]
[   31.459627]  [<ffffffffc0d0ff00>] ? gal_init+0xc0/0x160 [fglrx]
[   31.459674]  [<ffffffffc0d16072>] ? mc_heap_init+0xe2/0x200 [fglrx]
[   31.459717]  [<ffffffffc0cef723>] ? KCL_STR_Memset+0x33/0x40 [fglrx]
[   31.459761]  [<ffffffffc0cff151>] ? firegl_gart_init+0xc1/0x160 [fglrx]
[   31.459803]  [<ffffffffc0cee206>] ? KCL_DEBUG_Print_Trace+0x56/0x120 [fglrx]
[   31.459848]  [<ffffffffc0d0594e>] ? firegl_cail_powerControl+0x1ee/0x340 [fglrx]
[   31.459895]  [<ffffffffc0d1f7c9>] ? hal_init_gpu+0x219/0x4e0 [fglrx]
[   31.459928]  [<ffffffffc0fc3263>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x80bc3/0x1c4fbd [fglrx]
[   31.459968]  [<ffffffffc0ce670a>] ? KCL_SPINLOCK_STATIC_Release+0x2a/0x40 [fglrx]
[   31.459998]  [<ffffffffc0fc0ac1>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7e421/0x1c4fbd [fglrx]
[   31.460059]  [<ffffffffc0cf8c3e>] ? firegl_open+0x2de/0x310 [fglrx]
[   31.460092]  [<ffffffffc0f444d0>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x1e30/0x1c4fbd [fglrx]
[   31.460127]  [<ffffffffc0fc0ac1>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0x7e421/0x1c4fbd [fglrx]
[   31.460160]  [<ffffffffc0f433e0>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0xd40/0x1c4fbd [fglrx]
[   31.460198]  [<ffffffffc0ce3453>] ? ip_firegl_open+0x33/0x40 [fglrx]
[   31.460237]  [<ffffffffc0ce5492>] ? firegl_stub_open+0xb2/0x120 [fglrx]
[   31.460270]  [<ffffffffc0f433e0>] ? _ZThn840_N13GartVmptRv77015CreatePageTableEP9GpsConfig+0xd40/0x1c4fbd [fglrx]
[   31.460274]  [<ffffffffb81ad9ca>] ? chrdev_open+0xba/0x1d0
[   31.460276]  [<ffffffffb81ad910>] ? cdev_put+0x30/0x30
[   31.460278]  [<ffffffffb81a551d>] ? do_dentry_open+0x21d/0x310
[   31.460281]  [<ffffffffb81ad910>] ? cdev_put+0x30/0x30
[   31.460283]  [<ffffffffb81a6865>] ? vfs_open+0x65/0x80
[   31.460285]  [<ffffffffb81b958e>] ? path_openat+0x4fe/0x1320
[   31.460288]  [<ffffffffb81bbb06>] ? do_filp_open+0xb6/0x130
[   31.460291]  [<ffffffffb81a6c41>] ? do_sys_open+0x151/0x230
[   31.460293]  [<ffffffffb81a6d48>] ? SyS_open+0x28/0x40
[   31.460296]  [<ffffffffb85ea470>] ? entry_SYSCALL_64_fastpath+0x12/0x8a

[PaX Team]

this is fglrx trying to come up with what looks like a unique slab name that would also leak a kernel address in there. we can't fix this ourselves unless KAS_SlabCache_Initialize is in the open source wrapper.