Hi
With kernel built from current linus's tree, I can not start xorg,
it failed with:
Backtrace:
0: X(xorg_backtrace+0x26) [0x4e8bb6]
1: X(xf86SigHandler+0x39) [0x489989]
2: /lib64/libc.so.6 [0x7f077a6b9f30]
3: /usr/lib64/libpciaccess.so.0(pci_device_get_bridge_buses+0xf1) [0x7f077c101fd1]
4: X(initPciBusState+0x8d) [0x470abd]
5: X(xf86AccessInit+0xe) [0x48e26e]
6: X(InitOutput+0x108b) [0x466bfb]
7: X(main+0x20e) [0x42ceee]
8: /lib64/libc.so.6(__libc_start_main+0xe6) [0x7f077a6a5526]
9: X [0x42c529]
Fatal server error:
Caught signal 11. Server aborting
The graphic driver I used is intel (i915)
Finally I bisected it, results:
47970b1b2aa64464bc0a9543e86361a622ae7c03 is first bad commit
commit 47970b1b2aa64464bc0a9543e86361a622ae7c03
Author: Chris Wright <[email protected]>
Date: Thu Feb 10 15:58:56 2011 -0800
pci: use security_capable() when checking capablities during config space read
Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file
open to read device dependent config space") caused the capability check
to bypass security modules and potentially auditing. Rectify this by
calling security_capable() when checking the open file's capabilities
for config space reads.
Reported-by: Eric Paris <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
Signed-off-by: James Morris <[email protected]>
:040000 040000 e14ad9470ca5f84f13cd31eaf5def16d40bc54f1 cbf987647b8052214dd928c87c6becfb639e4ca2 M drivers
Any idea?
--
Thanks
Dave
On Sun, Feb 13, 2011 at 4:22 PM, Dave Young <[email protected]> wrote:
> Hi
>
> With kernel built from current linus's tree, I can not start xorg,
> it failed with:
Me too!,
Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop
and wasn't looking forward to bisecting it.
If this isn't hitting later distros its probably an updated
libpciaccess that fixed something.
libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
Probably should revert first, then work out what is crapping out libpciaccess.
Dave.
On Sun, Feb 13, 2011 at 07:22, Dave Young <[email protected]> wrote:
> Finally I bisected it, results:
> 47970b1b2aa64464bc0a9543e86361a622ae7c03 is first bad commit
> commit 47970b1b2aa64464bc0a9543e86361a622ae7c03
> Author: Chris Wright <[email protected]>
> Date: Thu Feb 10 15:58:56 2011 -0800
>
> pci: use security_capable() when checking capablities during config space read
>
> Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file
> open to read device dependent config space") caused the capability check
> to bypass security modules and potentially auditing. Rectify this by
> calling security_capable() when checking the open file's capabilities
> for config space reads.
>
> Reported-by: Eric Paris <[email protected]>
> Signed-off-by: Chris Wright <[email protected]>
> Signed-off-by: James Morris <[email protected]>
>
Actually, even reading the PCI capabilities fails with lspci
reporting "Capabilities: <access denied>" if run as root.
"libpciaccess" should have handled this situation, but still
it looks like a regression and it breaks existing systems.
On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie <[email protected]> wrote:
>
> Probably should revert first, then work out what is crapping out libpciaccess.
Yeah, I'll revert. The patch is one of those "obviously a good idea,
but in practice it's not something we can change now".
Linus
Damn, that issue made me really sick yesterday, as I thought the
problem arrived from my updated mesa/ddx built-from-git (I also played
with mesa's new --enable-shared-dricore configure option).
Also, I suspected x11-common package in Debian/unstable [1],
especially BR #612979 [2].
I applied the revert of commit
47970b1b2aa64464bc0a9543e86361a622ae7c03 ("pci: use security_capable()
when checking capablities during config space read") as bisected by
Dave Young. Thanks!
The only way I found was to delete several X releated dot-dirs in
/tmp. In addition the dirs created/required for a KDE-session.
Best is to kill complete /tmp/* /tmp/.* in runlevel-3 and then startx,
that made X work here.
- Sedat -
[1] http://packages.debian.org/changelogs/pool/main/x/xorg/xorg_7.6+3/changelog
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612979
* Dave Airlie ([email protected]) wrote:
> On Sun, Feb 13, 2011 at 4:22 PM, Dave Young <[email protected]> wrote:
> > With kernel built from current linus's tree, I can not start xorg,
> > it failed with:
>
> Me too!,
>
> Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop
> and wasn't looking forward to bisecting it.
>
> If this isn't hitting later distros its probably an updated
> libpciaccess that fixed something.
>
> libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
>
> Probably should revert first, then work out what is crapping out libpciaccess.
Are you running with SELinux enabled, if so can you paste the AVC error?
It's working for me here.
thanks,
-chris
On Mon, Feb 14, 2011 at 9:31 AM, Chris Wright <[email protected]> wrote:
> * Dave Airlie ([email protected]) wrote:
>> On Sun, Feb 13, 2011 at 4:22 PM, Dave Young <[email protected]> wrote:
>> > With kernel built from current linus's tree, I can not start xorg,
>> > it failed with:
>>
>> Me too!,
>>
>> Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop
>> and wasn't looking forward to bisecting it.
>>
>> If this isn't hitting later distros its probably an updated
>> libpciaccess that fixed something.
>>
>> libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
>>
>> Probably should revert first, then work out what is crapping out libpciaccess.
>
> Are you running with SELinux enabled, if so can you paste the AVC error?
> It's working for me here.
Yes most likely, I'm not at the machine now but I'll see if I can the
AVC off it later.
On Fedora 13?
F14/rawhide seem fine.
Dave.
* Dave Airlie ([email protected]) wrote:
> Yes most likely, I'm not at the machine now but I'll see if I can the
> AVC off it later.
Great, thanks.
> On Fedora 13?
>
> F14/rawhide seem fine.
I'm on F14.
* Linus Torvalds ([email protected]) wrote:
> On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie <[email protected]> wrote:
> > Probably should revert first, then work out what is crapping out libpciaccess.
>
> Yeah, I'll revert. The patch is one of those "obviously a good idea,
> but in practice it's not something we can change now".
Turns out I'm just a bona fide idiot.
I was not testing the right kernel _and_ didn't get the logic right.
sorry for the screw up,
-chris
---
Subject: [PATCH] pci: use security_capable correctly during config space read
Commit 47970b1 ("pci: use security_capable() when checking capablities
during config space read") is just plain broken. The normal capable()
interface returns true on success, but the LSM interface returns 0 on
success.
Signed-off-by: Chris Wright <[email protected]>
---
I've tested this quickly (lspci behaviour is as expected).
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index f7771f3..ea25e5b 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
+ if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
size = dev->cfg_size;
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
size = 128;
On Sun, 13 Feb 2011, Chris Wright wrote:
> Subject: [PATCH] pci: use security_capable correctly during config space read
>
> Commit 47970b1 ("pci: use security_capable() when checking capablities
> during config space read") is just plain broken. The normal capable()
> interface returns true on success, but the LSM interface returns 0 on
> success.
>
> Signed-off-by: Chris Wright <[email protected]>
Sorry, I should have caught this.
Acked-by: James Morris <[email protected]>
> ---
>
> I've tested this quickly (lspci behaviour is as expected).
>
> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> index f7771f3..ea25e5b 100644
> --- a/drivers/pci/pci-sysfs.c
> +++ b/drivers/pci/pci-sysfs.c
> @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
> u8 *data = (u8*) buf;
>
> /* Several chips lock up trying to read undefined config space */
> - if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
> + if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
> size = dev->cfg_size;
> } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
> size = 128;
>
>
--
James Morris
<[email protected]>
On Sun, Feb 13, 2011 at 04:35:31PM -0800, Chris Wright wrote:
> * Linus Torvalds ([email protected]) wrote:
> > On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie <[email protected]> wrote:
> > > Probably should revert first, then work out what is crapping out libpciaccess.
> >
> > Yeah, I'll revert. The patch is one of those "obviously a good idea,
> > but in practice it's not something we can change now".
>
> Turns out I'm just a bona fide idiot.
>
> I was not testing the right kernel _and_ didn't get the logic right.
>
> sorry for the screw up,
> -chris
> ---
>
> Subject: [PATCH] pci: use security_capable correctly during config space read
>
> Commit 47970b1 ("pci: use security_capable() when checking capablities
> during config space read") is just plain broken. The normal capable()
> interface returns true on success, but the LSM interface returns 0 on
> success.
Chris, linus has reverted the original commit, so this does not apply.
Anyway I have tested this one, it works well. Feel free add my Tested-by line.
>
> Signed-off-by: Chris Wright <[email protected]>
> ---
>
> I've tested this quickly (lspci behaviour is as expected).
>
> diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
> index f7771f3..ea25e5b 100644
> --- a/drivers/pci/pci-sysfs.c
> +++ b/drivers/pci/pci-sysfs.c
> @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
> u8 *data = (u8*) buf;
>
> /* Several chips lock up trying to read undefined config space */
> - if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
> + if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
> size = dev->cfg_size;
> } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
> size = 128;
>
>
[ As I am not subscribed to both MLs and lazy to pick up all involved people ]
Hi Chris,
The original patch had also this part (see the revert in [1]):
...
+#include <linux/security.h>
...
Your new patch in [2] is missing it or is it not required?
- Sedat -
[1] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f00eaeea7a42b5ea327e9ce8839cb0b53d3bdb4e
[2] https://patchwork.kernel.org/patch/555501/
* Sedat Dilek ([email protected]) wrote:
> [ As I am not subscribed to both MLs and lazy to pick up all involved people ]
>
> Hi Chris,
>
> The original patch had also this part (see the revert in [1]):
> ...
> +#include <linux/security.h>
> ...
>
> Your new patch in [2] is missing it or is it not required?
It was just a patch on top of the bad commit (47970b1b), the #include is
required.
thanks,
-chris
On Mon, Feb 14, 2011 at 5:20 PM, Chris Wright <[email protected]> wrote:
> * Sedat Dilek ([email protected]) wrote:
>> [ As I am not subscribed to both MLs and lazy to pick up all involved people ]
>>
>> Hi Chris,
>>
>> The original patch had also this part (see the revert in [1]):
>> ...
>> +#include <linux/security.h>
>> ...
>>
>> Your new patch in [2] is missing it or is it not required?
>
> It was just a patch on top of the bad commit (47970b1b), the #include is
> required.
>
> thanks,
> -chris
>
OK, now I see.
Might be good to push a v2 as the initial patch was reverted in the meantime?
The explanations of the fixup patch were helpful (to me) and should be included.
- Sedat -
* Dave Young ([email protected]) wrote:
> On Sun, Feb 13, 2011 at 04:35:31PM -0800, Chris Wright wrote:
> > Commit 47970b1 ("pci: use security_capable() when checking capablities
> > during config space read") is just plain broken. The normal capable()
> > interface returns true on success, but the LSM interface returns 0 on
> > success.
>
> Chris, linus has reverted the original commit, so this does not apply.
Right, I'll send a new patch to James.
> Anyway I have tested this one, it works well. Feel free add my Tested-by line.
Thanks for confirming the fix Dave.
thanks,
-chris
* Sedat Dilek ([email protected]) wrote:
> On Mon, Feb 14, 2011 at 5:20 PM, Chris Wright <[email protected]> wrote:
> > * Sedat Dilek ([email protected]) wrote:
> >> [ As I am not subscribed to both MLs and lazy to pick up all involved people ]
> >>
> >> Hi Chris,
> >>
> >> The original patch had also this part (see the revert in [1]):
> >> ...
> >> +#include <linux/security.h>
> >> ...
> >>
> >> Your new patch in [2] is missing it or is it not required?
> >
> > It was just a patch on top of the bad commit (47970b1b), the #include is
> > required.
> >
> > thanks,
> > -chris
> >
>
> OK, now I see.
> Might be good to push a v2 as the initial patch was reverted in the meantime?
> The explanations of the fixup patch were helpful (to me) and should be included.
Yeah, I'll send a new patch to James.
This reintroduces commit 47970b1b which was subsequently reverted
as f00eaeea. The original change was broken and caused X startup
failures and generally made privileged processes incapable of reading
device dependent config space. The normal capable() interface returns
true on success, but the LSM interface returns 0 on success. This thinko
is now fixed in this patch, and has been confirmed to work properly.
So, once again...Eric Paris noted that commit de139a3 ("pci: check caps
from sysfs file open to read device dependent config space") caused the
capability check to bypass security modules and potentially auditing.
Rectify this by calling security_capable() when checking the open file's
capabilities for config space reads.
Reported-by: Eric Paris <[email protected]>
Tested-by: Dave Young <[email protected]>
Acked-by: James Morris <[email protected]>
Cc: Dave Airlie <[email protected]>
Cc: Alex Riesen <[email protected]>
Cc: Sedat Dilek <[email protected]>
Cc: Linus Torvalds <[email protected]>
Signed-off-by: Chris Wright <[email protected]>
---
v2: added Reported-by Eric
v3: fix logic screw up
drivers/pci/pci-sysfs.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 8ecaac9..ea25e5b 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -23,6 +23,7 @@
#include <linux/mm.h>
#include <linux/fs.h>
#include <linux/capability.h>
+#include <linux/security.h>
#include <linux/pci-aspm.h>
#include <linux/slab.h>
#include "pci.h"
@@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
+ if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
size = dev->cfg_size;
} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
size = 128;
--
1.7.3.4
Also pullable from here:
The following changes since commit 795abaf1e4e188c4171e3cd3dbb11a9fcacaf505:
David Miller (1):
klist: Fix object alignment on 64-bit.
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus
Chris Wright (1):
pci: use security_capable() when checking capablities during config space read
drivers/pci/pci-sysfs.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
--
James Morris
<[email protected]>
On Tue, Feb 15, 2011 at 02:21, Chris Wright <[email protected]> wrote:
> This reintroduces commit 47970b1b which was subsequently reverted
> as f00eaeea. The original change was broken and caused X startup
> failures and generally made privileged processes incapable of reading
> device dependent config space. The normal capable() interface returns
> true on success, but the LSM interface returns 0 on success. This thinko
> is now fixed in this patch, and has been confirmed to work properly.
>
> So, once again...Eric Paris noted that commit de139a3 ("pci: check caps
> from sysfs file open to read device dependent config space") caused the
> capability check to bypass security modules and potentially auditing.
> Rectify this by calling security_capable() when checking the open file's
> capabilities for config space reads.
>
> Reported-by: Eric Paris <[email protected]>
> Tested-by: Dave Young <[email protected]>
> Acked-by: James Morris <[email protected]>
> Cc: Dave Airlie <[email protected]>
> Cc: Alex Riesen <[email protected]>
> Cc: Sedat Dilek <[email protected]>
> Cc: Linus Torvalds <[email protected]>
> Signed-off-by: Chris Wright <[email protected]>
FWIW, I confirm the fix.