webnull n00b
Joined: 30 Mar 2011 Posts: 8 Location: Poland
|
Posted: Fri Apr 08, 2011 7:20 pm Post subject: [grsecurity-2.6.38] Segmentation fault on nw-fermi |
|
|
Hello.
Today i installed GRSecurity and im new to it.
I figured out how to run X, mpd and all my things but touchscreen driver daemon.
Im user of touchscreen monitor Samsung LD220Z it supports multi-touch, to handle it im using propertiary driver "nw-fermi"
1. Im modprobing nw-fermi, all is fine
2. There is a hook calling /usr/sbin/nwfermi_daemon when module nw-fermi is starting to be loaded
3. Touchscreen doesnt work, /usr/sbin/nwfermi_daemon gets killed by kernel with SIGSEGV
Code: | webnull-gentoo-desktop linux-2.6.38-hardened # strace /usr/sbin/nwfermi_daemon
execve("/usr/sbin/nwfermi_daemon", ["/usr/sbin/nwfermi_daemon"], [/* 47 vars */]) = 0
brk(0) = 0x8089dbc
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7855000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=117936, ...}) = 0
mmap2(NULL, 117936, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7838000
close(3) = 0
open("/lib/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20M\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=121268, ...}) = 0
mmap2(NULL, 102924, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb781e000
mprotect(0xb7833000, 4096, PROT_NONE) = 0
mmap2(0xb7834000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb7834000
mmap2(0xb7836000, 4620, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7836000
close(3) = 0
open("/lib/libm.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2204\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=149256, ...}) = 0
mmap2(NULL, 151680, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb77f8000
mmap2(0xb781c000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x23) = 0xb781c000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0po\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1425820, ...}) = 0
mmap2(NULL, 1432104, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb769a000
mmap2(0xb77f2000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x158) = 0xb77f2000
mmap2(0xb77f5000, 10792, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb77f5000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7699000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7698000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7699b40, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb77f2000, 8192, PROT_READ) = 0
mprotect(0xb781c000, 4096, PROT_READ) = 0
mprotect(0xb7834000, 4096, PROT_READ) = 0
mprotect(0xb7873000, 4096, PROT_READ) = 0
munmap(0xb7838000, 117936) = 0
set_tid_address(0xb7699ba8) = 1329
set_robust_list(0xb7699bb0, 0xc) = 0
futex(0xbfffeee0, FUTEX_WAKE_PRIVATE, 1) = 0
futex(0xbfffeee0, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, bfffeef0) = -1 EAGAIN (Resource temporarily unavailable)
rt_sigaction(SIGRTMIN, {0xb78226e0, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7822760, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="webnull-gentoo-desktop", ...}) = 0
brk(0) = 0x8089dbc
brk(0x80aadbc) = 0x80aadbc
brk(0x80ab000) = 0x80ab000
time(NULL) = 1302290325
open("/etc/localtime", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=2679, ...}) = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=2679, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7854000
read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\n\0\0\0\n\0\0\0\0"..., 4096) = 2679
_llseek(3, -28, [2651], SEEK_CUR) = 0
read(3, "\nCET-1CEST,M3.5.0,M10.5.0/3\n", 4096) = 28
close(3) = 0
munmap(0xb7854000, 4096) = 0
socket(PF_FILE, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = -1 EPROTOTYPE (Protocol wrong type for socket)
close(3) = 0
socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_FILE, path="/dev/log"}, 110) = 0
send(3, "<71>Apr 8 21:18:45 nwfermi_daem"..., 62, MSG_NOSIGNAL) = 62
close(3) = 0
rt_sigaction(SIGKILL, {0x8049a4e, [KILL], SA_RESTART}, {0xbfffec50, ~[HUP INT QUIT FPE TERM CHLD CONT STOP TTIN TTOU URG XCPU XFSZ VTALRM PROF IO PWR SYS RTMIN RT_1 RT_2 RT_3 RT_8 RT_15 RT_17 RT_18 RT_19 RT_21 RT_22 RT_23 RT_24 RT_25 RT_26 RT_27 RT_29 RT_30 RT_31], SA_RESTORER|SA_RESTART|SA_INTERRUPT|SA_RESETHAND|SA_NOCLDSTOP|0x3723eb0, 0x808c460}, 8) = -1 EINVAL (Invalid argument)
rt_sigaction(SIGTERM, {0x8049a4e, [TERM], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
rt_sigaction(SIGINT, {0x8049a4e, [INT], SA_RESTART}, {SIG_DFL, [], 0}, 8) = 0
fstat64(1, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7854000
write(1, "StartThreads\n", 13StartThreads
) = 13
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0xb6e97000
mprotect(0xb6e97000, 4096, PROT_NONE) = 0
clone(child_stack=0xb7697494, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb7697bd8, {entry_number:6, base_addr:0xb7697b70, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb7697bd8) = 1330
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0xb6696000
mprotect(0xb6696000, 4096, PROT_NONE) = 0
clone(child_stack=0xb6e96494, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb6e96bd8, {entry_number:6, base_addr:0xb6e96b70, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb6e96bd8) = 1331
mmap2(NULL, 8392704, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0xb5e95000
mprotect(0xb5e95000, 4096, PROT_NONE) = 0
clone(child_stack=0xb6695494, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0xb6695bd8, {entry_number:6, base_addr:0xb6695b70, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}, child_tidptr=0xb6695bd8) = 1332
poll([{fd=0, events=POLLIN|POLLPRI}], 1, 1000Starting bulk thread
Starting tl thread
) = 0 (Timeout)
poll([{fd=0, events=POLLIN|POLLPRI}], 1, 1000) = 0 (Timeout)
poll([{fd=0, events=POLLIN|POLLPRI}], 1, 1000) = 0 (Timeout)
poll([{fd=0, events=POLLIN|POLLPRI}], 1, 1000state: 1, X: 14346, Y: 22513
<unfinished ...>
+++ killed by SIGSEGV +++
Naruszenie ochrony pamięci |
I tried to whitelist /usr/sbin/nwfermi_daemon with paxctl -pemrxs /usr/sbin/nwfermi_daemon but nothing changed.
Please help with my problem, thank you
-- WebNuLL |
|