Hi
With kernel built from current linus's tree, I can not start xorg, it failed with:
Backtrace: 0: X(xorg_backtrace+0x26) [0x4e8bb6] 1: X(xf86SigHandler+0x39) [0x489989] 2: /lib64/libc.so.6 [0x7f077a6b9f30] 3: /usr/lib64/libpciaccess.so.0(pci_device_get_bridge_buses+0xf1) [0x7f077c101fd1] 4: X(initPciBusState+0x8d) [0x470abd] 5: X(xf86AccessInit+0xe) [0x48e26e] 6: X(InitOutput+0x108b) [0x466bfb] 7: X(main+0x20e) [0x42ceee] 8: /lib64/libc.so.6(__libc_start_main+0xe6) [0x7f077a6a5526] 9: X [0x42c529]
Fatal server error: Caught signal 11. Server aborting
The graphic driver I used is intel (i915)
Finally I bisected it, results: 47970b1b2aa64464bc0a9543e86361a622ae7c03 is first bad commit commit 47970b1b2aa64464bc0a9543e86361a622ae7c03 Author: Chris Wright chrisw@sous-sol.org Date: Thu Feb 10 15:58:56 2011 -0800
pci: use security_capable() when checking capablities during config space read
Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file open to read device dependent config space") caused the capability check to bypass security modules and potentially auditing. Rectify this by calling security_capable() when checking the open file's capabilities for config space reads.
Reported-by: Eric Paris eparis@redhat.com Signed-off-by: Chris Wright chrisw@sous-sol.org Signed-off-by: James Morris jmorris@namei.org
:040000 040000 e14ad9470ca5f84f13cd31eaf5def16d40bc54f1 cbf987647b8052214dd928c87c6becfb639e4ca2 M drivers
Any idea?
-- Thanks Dave
On Sun, Feb 13, 2011 at 4:22 PM, Dave Young hidave.darkstar@gmail.com wrote:
Hi
With kernel built from current linus's tree, I can not start xorg, it failed with:
Me too!,
Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop and wasn't looking forward to bisecting it.
If this isn't hitting later distros its probably an updated libpciaccess that fixed something.
libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
Probably should revert first, then work out what is crapping out libpciaccess.
Dave.
On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie airlied@gmail.com wrote:
Probably should revert first, then work out what is crapping out libpciaccess.
Yeah, I'll revert. The patch is one of those "obviously a good idea, but in practice it's not something we can change now".
Linus
* Linus Torvalds (torvalds@linux-foundation.org) wrote:
On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie airlied@gmail.com wrote:
Probably should revert first, then work out what is crapping out libpciaccess.
Yeah, I'll revert. The patch is one of those "obviously a good idea, but in practice it's not something we can change now".
Turns out I'm just a bona fide idiot.
I was not testing the right kernel _and_ didn't get the logic right.
sorry for the screw up, -chris ---
Subject: [PATCH] pci: use security_capable correctly during config space read
Commit 47970b1 ("pci: use security_capable() when checking capablities during config space read") is just plain broken. The normal capable() interface returns true on success, but the LSM interface returns 0 on success.
Signed-off-by: Chris Wright chrisw@sous-sol.org ---
I've tested this quickly (lspci behaviour is as expected).
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index f7771f3..ea25e5b 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj, u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */ - if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) { + if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128;
On Sun, 13 Feb 2011, Chris Wright wrote:
Subject: [PATCH] pci: use security_capable correctly during config space read
Commit 47970b1 ("pci: use security_capable() when checking capablities during config space read") is just plain broken. The normal capable() interface returns true on success, but the LSM interface returns 0 on success.
Signed-off-by: Chris Wright chrisw@sous-sol.org
Sorry, I should have caught this.
Acked-by: James Morris jmorris@namei.org
I've tested this quickly (lspci behaviour is as expected).
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index f7771f3..ea25e5b 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj, u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128;
This reintroduces commit 47970b1b which was subsequently reverted as f00eaeea. The original change was broken and caused X startup failures and generally made privileged processes incapable of reading device dependent config space. The normal capable() interface returns true on success, but the LSM interface returns 0 on success. This thinko is now fixed in this patch, and has been confirmed to work properly.
So, once again...Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file open to read device dependent config space") caused the capability check to bypass security modules and potentially auditing. Rectify this by calling security_capable() when checking the open file's capabilities for config space reads.
Reported-by: Eric Paris eparis@redhat.com Tested-by: Dave Young hidave.darkstar@gmail.com Acked-by: James Morris jmorris@namei.org Cc: Dave Airlie airlied@gmail.com Cc: Alex Riesen raa.lkml@gmail.com Cc: Sedat Dilek sedat.dilek@googlemail.com Cc: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Chris Wright chrisw@sous-sol.org --- v2: added Reported-by Eric v3: fix logic screw up
drivers/pci/pci-sysfs.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index 8ecaac9..ea25e5b 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -23,6 +23,7 @@ #include <linux/mm.h> #include <linux/fs.h> #include <linux/capability.h> +#include <linux/security.h> #include <linux/pci-aspm.h> #include <linux/slab.h> #include "pci.h" @@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj, u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */ - if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) { + if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128;
Also pullable from here:
The following changes since commit 795abaf1e4e188c4171e3cd3dbb11a9fcacaf505: David Miller (1): klist: Fix object alignment on 64-bit.
are available in the git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6 for-linus
Chris Wright (1): pci: use security_capable() when checking capablities during config space read
drivers/pci/pci-sysfs.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
On Tue, Feb 15, 2011 at 02:21, Chris Wright chrisw@sous-sol.org wrote:
This reintroduces commit 47970b1b which was subsequently reverted as f00eaeea. The original change was broken and caused X startup failures and generally made privileged processes incapable of reading device dependent config space. The normal capable() interface returns true on success, but the LSM interface returns 0 on success. This thinko is now fixed in this patch, and has been confirmed to work properly.
So, once again...Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file open to read device dependent config space") caused the capability check to bypass security modules and potentially auditing. Rectify this by calling security_capable() when checking the open file's capabilities for config space reads.
Reported-by: Eric Paris eparis@redhat.com Tested-by: Dave Young hidave.darkstar@gmail.com Acked-by: James Morris jmorris@namei.org Cc: Dave Airlie airlied@gmail.com Cc: Alex Riesen raa.lkml@gmail.com Cc: Sedat Dilek sedat.dilek@googlemail.com Cc: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Chris Wright chrisw@sous-sol.org
FWIW, I confirm the fix.
On Sun, Feb 13, 2011 at 04:35:31PM -0800, Chris Wright wrote:
- Linus Torvalds (torvalds@linux-foundation.org) wrote:
On Sat, Feb 12, 2011 at 11:53 PM, Dave Airlie airlied@gmail.com wrote:
Probably should revert first, then work out what is crapping out libpciaccess.
Yeah, I'll revert. The patch is one of those "obviously a good idea, but in practice it's not something we can change now".
Turns out I'm just a bona fide idiot.
I was not testing the right kernel _and_ didn't get the logic right.
sorry for the screw up,
-chris
Subject: [PATCH] pci: use security_capable correctly during config space read
Commit 47970b1 ("pci: use security_capable() when checking capablities during config space read") is just plain broken. The normal capable() interface returns true on success, but the LSM interface returns 0 on success.
Chris, linus has reverted the original commit, so this does not apply.
Anyway I have tested this one, it works well. Feel free add my Tested-by line.
Signed-off-by: Chris Wright chrisw@sous-sol.org
I've tested this quickly (lspci behaviour is as expected).
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index f7771f3..ea25e5b 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj, u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128;
* Dave Young (hidave.darkstar@gmail.com) wrote:
On Sun, Feb 13, 2011 at 04:35:31PM -0800, Chris Wright wrote:
Commit 47970b1 ("pci: use security_capable() when checking capablities during config space read") is just plain broken. The normal capable() interface returns true on success, but the LSM interface returns 0 on success.
Chris, linus has reverted the original commit, so this does not apply.
Right, I'll send a new patch to James.
Anyway I have tested this one, it works well. Feel free add my Tested-by line.
Thanks for confirming the fix Dave.
thanks, -chris
* Dave Airlie (airlied@gmail.com) wrote:
On Sun, Feb 13, 2011 at 4:22 PM, Dave Young hidave.darkstar@gmail.com wrote:
With kernel built from current linus's tree, I can not start xorg, it failed with:
Me too!,
Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop and wasn't looking forward to bisecting it.
If this isn't hitting later distros its probably an updated libpciaccess that fixed something.
libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
Probably should revert first, then work out what is crapping out libpciaccess.
Are you running with SELinux enabled, if so can you paste the AVC error? It's working for me here.
thanks, -chris
On Mon, Feb 14, 2011 at 9:31 AM, Chris Wright chrisw@sous-sol.org wrote:
- Dave Airlie (airlied@gmail.com) wrote:
On Sun, Feb 13, 2011 at 4:22 PM, Dave Young hidave.darkstar@gmail.com wrote:
With kernel built from current linus's tree, I can not start xorg, it failed with:
Me too!,
Thanks for bisceting this, I just tried -rc4 on my Fedora 13 laptop and wasn't looking forward to bisecting it.
If this isn't hitting later distros its probably an updated libpciaccess that fixed something.
libpciaccess-0.10.9-2.20091209.fc13.i686 is what is on this box.
Probably should revert first, then work out what is crapping out libpciaccess.
Are you running with SELinux enabled, if so can you paste the AVC error? It's working for me here.
Yes most likely, I'm not at the machine now but I'll see if I can the AVC off it later.
On Fedora 13?
F14/rawhide seem fine.
Dave.
On Sun, Feb 13, 2011 at 07:22, Dave Young hidave.darkstar@gmail.com wrote:
Finally I bisected it, results: 47970b1b2aa64464bc0a9543e86361a622ae7c03 is first bad commit commit 47970b1b2aa64464bc0a9543e86361a622ae7c03 Author: Chris Wright chrisw@sous-sol.org Date: Thu Feb 10 15:58:56 2011 -0800
pci: use security_capable() when checking capablities during config space read
Eric Paris noted that commit de139a3 ("pci: check caps from sysfs file open to read device dependent config space") caused the capability check to bypass security modules and potentially auditing. Rectify this by calling security_capable() when checking the open file's capabilities for config space reads.
Reported-by: Eric Paris eparis@redhat.com Signed-off-by: Chris Wright chrisw@sous-sol.org Signed-off-by: James Morris jmorris@namei.org
Actually, even reading the PCI capabilities fails with lspci reporting "Capabilities: <access denied>" if run as root. "libpciaccess" should have handled this situation, but still it looks like a regression and it breaks existing systems.
dri-devel@lists.freedesktop.org
-
Alex Riesen -
Chris Wright -
Dave Airlie -
Dave Young -
James Morris -
Linus Torvalds