Bug 1574617

Summary: Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache'
Product: [Fedora] Fedora Reporter: Michal Konecny <michalkonec666>
Component: kernelAssignee: Kernel Maintainer List <kernel-maint>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 28CC: airlied, bskeggs, ewk, hdegoede, ichavero, itamar, jarodwilson, jglisse, john.j5live, jonathan, josef, kernel-maint, labbott, linville, mchehab, michalkonec666, mjg59, steved
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-05-03 16:54:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
journalctl output none

Description Michal Konecny 2018-05-03 16:34:32 UTC 
Created attachment 1430784 [details]
journalctl output

Description of problem:
When starting Fedora 28 with nvidia-driver installed from the new fedora-rpmfusion-free-nvidia repository the X hangs after login through GDM.

In journalctl I see this:
May 03 16:55:47 zlopez-gamestation kernel: Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_cache' (offset 11440, size 3)!
May 03 16:55:47 zlopez-gamestation kernel: WARNING: CPU: 6 PID: 1369 at mm/usercopy.c:81 usercopy_warn+0x7d/0xa0
May 03 16:55:47 zlopez-gamestation kernel: Modules linked in: xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables sunrpc nvidia_drm(POE) nvidia_modeset(POE) nvidia_uvm(POE) nvidia(POE) snd_hda_codec_hdmi intel_rapl x86_pkg_temp_thermal intel_powerclamp iTCO_wdt coretemp iTCO_vendor_support kvm_intel joydev kvm drm_kms_helper drm irqbypass crct10dif_pclmul crc32_pclmul snd_hda_codec_realtek
May 03 16:55:47 zlopez-gamestation kernel:  ghash_clmulni_intel intel_cstate snd_soc_rt5640 snd_hda_codec_generic intel_uncore snd_soc_rl6231 intel_rapl_perf snd_soc_core ipmi_devintf snd_hda_intel ipmi_msghandler snd_hda_codec snd_compress snd_pcm_dmaengine snd_hda_core ac97_bus snd_seq snd_hwdep mei_me snd_seq_device mei i2c_i801 snd_pcm shpchp lpc_ich snd_timer snd soundcore acpi_pad vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) binfmt_misc vboxdrv(OE) mxm_wmi alx crc32c_intel mdio video wmi ecryptfs
May 03 16:55:47 zlopez-gamestation kernel: CPU: 6 PID: 1369 Comm: Xorg Tainted: P           OE    4.16.5-300.fc28.x86_64 #1
May 03 16:55:47 zlopez-gamestation kernel: Hardware name: Gigabyte Technology Co., Ltd. Z97X-Gaming 3/Z97X-Gaming 3, BIOS F7 09/18/2015
May 03 16:55:47 zlopez-gamestation kernel: RIP: 0010:usercopy_warn+0x7d/0xa0
May 03 16:55:47 zlopez-gamestation kernel: RSP: 0018:ffffbee4c8cf3b60 EFLAGS: 00010286
May 03 16:55:47 zlopez-gamestation kernel: RAX: 0000000000000000 RBX: ffff98195d92acb0 RCX: 0000000000000006
May 03 16:55:47 zlopez-gamestation kernel: RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffff98199ed968f0
May 03 16:55:47 zlopez-gamestation kernel: RBP: 0000000000000003 R08: 0000000000000098 R09: 0000000000000339
May 03 16:55:47 zlopez-gamestation kernel: R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001
May 03 16:55:47 zlopez-gamestation kernel: R13: ffff98195d92acb3 R14: 0000000000000000 R15: ffff98195d92acf8
May 03 16:55:47 zlopez-gamestation kernel: FS:  00007fb55a3faac0(0000) GS:ffff98199ed80000(0000) knlGS:0000000000000000
May 03 16:55:47 zlopez-gamestation kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
May 03 16:55:47 zlopez-gamestation kernel: CR2: 00007fb551792c10 CR3: 00000003e783c001 CR4: 00000000001606e0
May 03 16:55:47 zlopez-gamestation kernel: Call Trace:
May 03 16:55:47 zlopez-gamestation kernel:  __check_object_size+0x145/0x171
May 03 16:55:47 zlopez-gamestation kernel:  ? os_memcpy_to_user+0x21/0x40 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv009377rm+0xbf/0xe0 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv028067rm+0x79/0x90 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv028067rm+0x55/0x90 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv013694rm+0xee/0x100 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv015342rm+0x154/0x270 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv008310rm+0x134/0x1a0 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv008289rm+0x29c/0x2b0 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv001072rm+0xe/0x20 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv007316rm+0xd8/0x100 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? _nv001171rm+0x627/0x830 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? rm_ioctl+0x73/0x100 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? nvidia_ioctl+0x40/0x700 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? nvidia_ioctl+0x54d/0x700 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? nvidia_frontend_unlocked_ioctl+0x3a/0x50 [nvidia]
May 03 16:55:47 zlopez-gamestation kernel:  ? do_vfs_ioctl+0xa4/0x610
May 03 16:55:47 zlopez-gamestation kernel:  ? SyS_ioctl+0x74/0x80
May 03 16:55:47 zlopez-gamestation kernel:  ? do_syscall_64+0x74/0x180
May 03 16:55:47 zlopez-gamestation kernel:  ? entry_SYSCALL_64_after_hwframe+0x3d/0xa2
May 03 16:55:47 zlopez-gamestation kernel: Code: 14 0c b0 41 51 4d 89 d8 48 c7 c0 50 f1 0a b0 49 89 f1 48 89 f9 48 0f 45 c2 48 c7 c7 b0 14 0c b0 4c 89 d2 48 89 c6 e8 cd a4 e2 ff <0f> 0b 48 83 c4 18 c3 48 c7 c6 f1 7e 0d b0 49 89 f1 49 89 f3 eb


Version-Release number of selected component (if applicable):
kernel-4.16.5-200.fc27.x86_64

How reproducible:


Steps to Reproduce:
1. Install nvidia-driver from new repository
dnf install nvidia-driver
2. Reboot
3. Log in using GDM

Actual results:
Black screen

Expected results:
Fedora started normally

Additional info:
Attaching journalctl output
Comment 1 Michal Konecny 2018-05-03 16:47:53 UTC 
After switching to negativo-17 driver the system started without issue.
Comment 2 Laura Abbott 2018-05-03 16:54:02 UTC 
This is a known issue in the 3rd party nVidia module. It needs to be fixed there.

*** This bug has been marked as a duplicate of bug 1570493 ***
Comment 3 Michal Konecny 2018-06-17 16:53:31 UTC 
I still have this issue with nvidia-driver 396.24 from negativo-17 repository.

The issue is not happening when kmod is not existing on boot and is built using akmods.