[Bug 443440] New: kernel i586 pae breaks vm86_old() syscall.
https://bugzilla.novell.com/show_bug.cgi?id=443440 Summary: kernel i586 pae breaks vm86_old() syscall. Product: openSUSE 11.1 Version: Beta4 Platform: i586 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: lverhaegen@novell.com QAContact: qa@suse.de CC: sndirsch@novell.com Found By: Development Running the vesa X driver gives us (a variation of) these on every int10 call: (II) VESA(0): EAX=0x0000004f, EBX=0x00000000, ECX=0x0000011b, EDX=0x00000000 (II) VESA(0): ESP=0x00001000, EBP=0x00000000, ESI=0x00000000, EDI=0x00002000 (II) VESA(0): CS=0x0000, SS=0x0100, DS=0x0040, ES=0x0000, FS=0x0000, GS=0x0000 (II) VESA(0): EIP=0x00000600, EFLAGS=0x00033202 (II) VESA(0): code at 0x00000600: f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 (EE) VESA(0): vm86() syscall generated signal 11. I am seeing this on i586 pae on both 11.0, 11.1b2 and 11.1b4. Vanilla and x86-64 is just happy. On beta4, with actual package names: kernel-pae-2.6.27.4-2.1 breaks. kernel-vanilla-2.6.27.4-2.1 is just dandy. int10 on i586 uses the vm86_old syscall (113) Reproduction is trivial, stock i586 install, alter xorg.conf to use the vesa driver, run X. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |kernel-maintainers@forge.provo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |440976 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User sndirsch@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c1 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Normal |Major --- Comment #1 from Stefan Dirsch <sndirsch@novell.com> 2008-11-10 18:55:42 MST --- At least major, since it breaks the vesa driver, which we still need for graphics chips with no native driver support. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User lverhaegen@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c2 --- Comment #2 from Luc Verhaegen <lverhaegen@novell.com> 2008-11-14 09:27:55 MST --- Anybody? This bug is rather important, as it does in some cases severely affect the functionality of the vesa driver and other drivers that might still depend on VBE calls (SiS would be one). The segfault in the vm86_struct often means that we get invalid data returned as well and that we therefor, for instance (as this shows: https://bugzilla.novell.com/show_bug.cgi?id=440976#c40) are not getting correct mode information. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 Lars Marowsky-Bree <lmb@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kernel-maintainers@forge.provo.novell.com |bphilips@novell.com Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User tiwai@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c3 Takashi Iwai <tiwai@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tiwai@novell.com --- Comment #3 from Takashi Iwai <tiwai@novell.com> 2008-11-20 07:33:56 MST --- FYI, it's actually NX bit. For example, booting with noexec=off should suppress these segfaults. AFAIK, this problem still exists even in the upstream. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User tiwai@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c4 --- Comment #4 from Takashi Iwai <tiwai@novell.com> 2008-11-20 08:30:49 MST --- I checked 2.6.28-rc5 and the problem persists. noexec=off works, though. Also, clearing _PAGE_NX in the first 1MB pages (or even smaller size was OK for VESA driver) in do_sys_vm86() seems to fix the segfault, too. But, I'm not sure where to restore NX bit properly. I'll try to ask this on LKML... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User meissner@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c5 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |security-team@suse.de, meissner@novell.com --- Comment #5 from Marcus Meissner <meissner@novell.com> 2008-11-20 09:07:16 MST --- is the page where the code resides mmaped with EXEC flag? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User eich@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c6 --- Comment #6 from Egbert Eich <eich@novell.com> 2008-11-21 10:32:28 MST --- Created an attachment (id=254445) --> (https://bugzilla.novell.com/attachment.cgi?id=254445) Fix. The 'hlt' instruction used to exit vm86 lives in memory that gets shmget()/shmat() into the virtual address space of the process. This memory is usually not marked EXEC. With NX enabled vm86 will get a fault which results in a segfault (which the server intercepts and handles gracefully). Do an mprotect(..., | PROT_EXEC) on the shmat'ed ranges to avoid this segfault. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User sndirsch@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c7 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bphilips@novell.com |sndirsch@novell.com Status|NEW |ASSIGNED --- Comment #7 from Stefan Dirsch <sndirsch@novell.com> 2008-11-21 11:12:57 MST --- Taking over. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User sndirsch@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c8 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #8 from Stefan Dirsch <sndirsch@novell.com> 2008-11-21 12:29:36 MST --- package submitted for STABLE/Factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User sndirsch@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c9 Stefan Dirsch <sndirsch@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nangelov@novell.com --- Comment #9 from Stefan Dirsch <sndirsch@novell.com> 2008-11-21 12:57:53 MST --- *** Bug 447065 has been marked as a duplicate of this bug. *** https://bugzilla.novell.com/show_bug.cgi?id=447065 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User lnussel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c10 --- Comment #10 from Ludwig Nussel <lnussel@novell.com> 2008-11-24 01:20:30 MST --- Do you really need PROT_WRITE and PROT_EXEC at the same time? That's exactly what NX helps to avoid for security reasons. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=443440 User eich@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=443440#c11 --- Comment #11 from Egbert Eich <eich@novell.com> 2008-11-24 07:22:16 MST --- We may get by without the PROT_WRITE. The memory is initialized beforehand so it should not be required to write to it. On the other hand I don't know what some BIOSes do, so I tried to restore the original behavior as much as possible. If we can sufficiently test it without PROT_WRITE to be confident we can remove it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com