Bug 464305 - SELinux bug in hooks.c, and it conflicts with the fglrx driver
SELinux bug in hooks.c, and it conflicts with the fglrx driver
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: kernel (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Kernel Maintainer List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-27 07:55 EDT by Viktor Erdelyi
Modified: 2008-10-05 05:10 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-27 12:14:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Viktor Erdelyi 2008-09-27 07:55:15 EDT
Version-Release number of selected component (if applicable):
selinux: 3.3.1.91.fc9
XOrg: Fedora 8 latest (downgraded to xserver 1.4 for fglrx to work)

How reproducible:
I get it at every boot, after login. Then if I start compiz, the system freezes in 30 seconds (sometimes 3d desktop works for 30 secs, then it goes blank, and nothing)

kernel BUG at security/selinux/hooks.c:1332!
invalid opcode: 0000 [#1] SMP 
Modules linked in: w83627ehf hwmon_vid hwmon fuse sunrpc ppp_synctty ppp_async crc_ccitt ppp_generic slhc ipt_REJECT nf_conntrack_ipv4 iptable_filter ip_tables ip6t_REJECT xt_tcpudp nf_conntrack_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables x_tables cpufreq_ondemand acpi_cpufreq ext2 dm_mirror dm_log dm_multipath dm_mod ipv6 snd_hda_intel sr_mod cdrom snd_seq_dummy snd_seq_oss snd_seq_midi_event snd_seq ata_generic snd_seq_device snd_pcm_oss floppy snd_mixer_oss snd_pcm fglrx(P) snd_timer iTCO_wdt snd_page_alloc iTCO_vendor_support sky2 ata_piix snd_hwdep i2c_i801 pata_acpi pcspkr serio_raw sg snd i2c_core soundcore ahci libata sd_mod scsi_mod ext3 jbd mbcache uhci_hcd ohci_hcd ehci_hcd [last unloaded: microcode]

Pid: 2789, comm: Xorg Tainted: P          (2.6.26.3-29.fc9.i686 #1)
EIP: 0060:[<c04d49b7>] EFLAGS: 00013246 CPU: 0
EIP is at task_has_capability+0x48/0x76
EAX: 00000030 EBX: f6cac030 ECX: f41bbf28 EDX: 00000000
ESI: f6cc2020 EDI: f6e64ec8 EBP: f6e64ed4 ESP: f6e64e84
 DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
Process Xorg (pid: 2789, ti=f6e64000 task=f47d1900 task.ti=f6e64000)
Stack: c06e2556 f6cac030 f47d1900 00000003 f47d1900 f6cac030 00000000 00000000 
       00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 
       00000000 f6cac030 f47d1900 f41b6800 f6e64ee4 c04d4a04 f47d1900 f8c76020 
Call Trace:
 [<c04d4a04>] ? selinux_capable+0x1f/0x23
 [<c04d03ea>] ? security_capable+0xc/0xe
 [<c042f37f>] ? __capable+0xb/0x22
 [<f8b47d50>] ? firegl_version+0x0/0x1b0 [fglrx]
 [<c042f3a6>] ? capable+0x10/0x12
 [<f8b47c14>] ? firegl_ioctl+0x134/0x270 [fglrx]
 [<c04d52df>] ? file_has_perm+0x7b/0x84
 [<f8b3e8e1>] ? ip_firegl_ioctl+0xe/0x10 [fglrx]
 [<c048febc>] ? vfs_ioctl+0x50/0x69
 [<c049010e>] ? do_vfs_ioctl+0x239/0x24c
 [<c04d5475>] ? selinux_file_ioctl+0xa8/0xab
 [<c0490161>] ? sys_ioctl+0x40/0x5b
 [<c0404c32>] ? syscall_call+0x7/0xb
 [<c0630000>] ? __down_interruptible+0x4/0x8d
 ======================
 ======================Code: 00 89 d0 f3 ab 8b 4d b8 89 d8 b2 04 c1 f8 05 c6 45 bc 03 89 5d c4 89 4d c0 74 16 48 b2 45 74 11 53 68 56 25 6e c0 e8 e4 a2 15 00 <0f> 0b 59 5b eb fe 8b 46 04 83 e3 1f 0f b7 f2 8d 55 bc 88 d9 52 
EIP: [<c04d49b7>] task_has_capability+0x48/0x76 SS:ESP 0068:f6e64e84
---[ end trace 7df5ba2712165806 ]---
Comment 1 Chuck Ebbert 2008-09-27 12:14:19 EDT
The fgrlx driver is compiled against broken capability libraries and/or header files. Take this up with the driver author.
Comment 2 Viktor Erdelyi 2008-09-27 14:52:57 EDT
Ehh...

http://www.linux-archive.org/fedora-selinux-support/165825-selinux-detects-problem-proprietary-binary-fglrx-driver-however-amd-ati-will-not-help.html

"AMD/ATI's response is as follows:
I regret there is no support for Linux at this time."

It's hopeless.
Comment 3 Chuck Ebbert 2008-10-04 02:01:01 EDT
(In reply to comment #2)
> Ehh...
> 
> http://www.linux-archive.org/fedora-selinux-support/165825-selinux-detects-problem-proprietary-binary-fglrx-driver-however-amd-ati-will-not-help.html
> 
> "AMD/ATI's response is as follows:
> I regret there is no support for Linux at this time."
> 
> It's hopeless.

If you didn't build the driver yourself from source, ask whoever built it for a fix.
Comment 4 Viktor Erdelyi 2008-10-05 05:10:56 EDT
I updated my fglrx to the newest official driver (8.530 or whatever, from ATI's homepage), now it seems to work. The latest livna-testing package that I used didn't work. I think I'll stick with the official installer.

Note You need to log in before you can comment on or make changes to this bug.