Ubuntu
nvidia-graphics-drivers-340-updates package

Ubuntu Cosmic nvidia-340 needs patch for "Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_t'

Bug #1802622 reported by ADFH on 2018-11-10

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	nvidia-graphics-drivers-340 (Ubuntu)	Fix Released	Undecided	Unassigned
	nvidia-graphics-drivers-340-updates (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Since upgrading from Ubuntu 18.04 Bionic to Ubuntu 18.10 Cosmic, I've started seeing issues with getting into Xorg.

My config:

01:00.0 VGA compatible controller: NVIDIA Corporation G92 [GeForce GTS 250] (rev a2) (prog-if 00 [VGA controller])
Subsystem: Gigabyte Technology Co., Ltd G92 [GeForce GTS 250]

System Information
Manufacturer: Gigabyte Technology Co., Ltd.
Product Name: P55A-UD4

Ubuntu 18.04 Cosmic w/nvidia-340 proprietary drivers.

This appears to be, in part, due to a newer kernel with stricter permissions around kernel access.

This seems to have been fixed in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899998
... by backporting the fix from nvidia-390:
https://bugzilla.redhat.com/show_bug.cgi?id=1570493
https://bugzilla.redhat.com/attachment.cgi?id=1425704

Could this patch also be applied to nvidia-340 for Ubuntu?

Error I'm seeing on my own system (from dmesg):

[ 74.596816] resource sanity check: requesting [mem 0x000c0000-0x000fffff], which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]
[ 74.596945] caller os_map_kernel_space+0x9f/0xb0 [nvidia] mapping multiple BARs
[ 75.351656] ------------[ cut here ]------------
[ 75.351661] Bad or missing usercopy whitelist? Kernel memory exposure attempt detected from SLUB object 'nvidia_stack_t' (offset 11864, size 3)!
[ 75.351675] WARNING: CPU: 7 PID: 4310 at mm/usercopy.c:81 usercopy_warn+0x81/0xa0
[ 75.351676] Modules linked in: pci_stub vboxpci(OE) vboxnetadp(OE) vboxnetflt(OE) vboxdrv(OE) ipmi_devintf ipmi_msghandler ip6t_REJECT nf_reject_ipv6 nf_log_ipv6 xt_hl ip6t_rt snd_hda_codec_realtek nf_conntrack_ipv6 nf_defrag_ipv6 ipt_REJECT nf_reject_ipv4 input_leds nf_log_ipv4 nf_log_common nvidia_uvm(POE) xt_LOG snd_hda_codec_generic snd_hda_intel snd_hda_codec intel_powerclamp mxm_wmi snd_hda_core kvm_intel snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event kvm nvidia(POE) snd_rawmidi snd_seq snd_seq_device irqbypass drm snd_timer intel_cstate snd xt_limit i7core_edac serio_raw soundcore xt_tcpudp mac_hid wmi xt_addrtype nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack sch_fq_codel ip6table_filter it87 hwmon_vid coretemp ip6_tables nf_conntrack_netbios_ns nf_conntrack_broadcast nf_nat_ftp nf_nat
[ 75.351718] parport_pc nf_conntrack_ftp nf_conntrack libcrc32c ppdev iptable_filter bpfilter sunrpc lp parport ip_tables x_tables autofs4 pata_acpi hid_generic usbhid hid gpio_ich firewire_ohci firewire_core crc_itu_t pata_it8213 r8169 lpc_ich i2c_i801 mii ahci libahci
[ 75.351737] CPU: 7 PID: 4310 Comm: Xorg Tainted: P OE 4.18.0-11-generic #12-Ubuntu
[ 75.351738] Hardware name: Gigabyte Technology Co., Ltd. P55A-UD4/P55A-UD4, BIOS F15 09/16/2010
[ 75.351741] RIP: 0010:usercopy_warn+0x81/0xa0
[ 75.351742] Code: 50 ac 41 51 4d 89 d8 48 c7 c0 89 8d 4f ac 49 89 f1 48 89 f9 48 0f 45 c2 48 c7 c7 f0 a1 50 ac 4c 89 d2 48 89 c6 e8 f1 cf df ff <0f> 0b 48 83 c4 18 c9 c3 48 c7 c6 b2 8a 52 ac 49 89 f1 49 89 f3 eb
[ 75.351773] RSP: 0018:ffffbcc5414f3b58 EFLAGS: 00010282
[ 75.351775] RAX: 0000000000000000 RBX: ffff9eb29383ae58 RCX: 0000000000000006
[ 75.351776] RDX: 0000000000000007 RSI: 0000000000000092 RDI: ffff9eb29fdd64b0
[ 75.351777] RBP: ffffbcc5414f3b70 R08: 0000000000000001 R09: 00000000000003e1
[ 75.351778] R10: 0000000000000004 R11: 0000000000000000 R12: 0000000000000003
[ 75.351779] R13: 0000000000000001 R14: ffff9eb29383ae5b R15: ffff9eb29383aea0
[ 75.351781] FS: 00007ff9251eca80(0000) GS:ffff9eb29fdc0000(0000) knlGS:0000000000000000
[ 75.351782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 75.351783] CR2: 00007ff9207ca000 CR3: 000000020f3f2000 CR4: 00000000000006e0
[ 75.351785] Call Trace:
[ 75.351791] __check_heap_object+0xc2/0x110
[ 75.351793] __check_object_size+0x14c/0x178
[ 75.351936] os_memcpy_to_user+0x26/0x50 [nvidia]
[ 75.352047] _nv001372rm+0xa5/0x260 [nvidia]
[ 75.352050] WARNING: kernel stack frame pointer at 000000008342e4ff in Xorg:4310 has bad value 000000005ccb4a79
[ 75.352051] unwind stack type:0 next_sp: (null) mask:0x2 graph_idx:0
[ 75.352053] 0000000084c91694: ffffbcc5414f3b80 (0xffffbcc5414f3b80)
[ 75.352055] 000000004d93127f: ffffffffab669a82 (__check_heap_object+0xc2/0x110)
[ 75.352057] 00000000d50b634d: ffffbcc5414f3bb0 (0xffffbcc5414f3bb0)
[ 75.352058] 00000000f98be371: ffffffffab691abc (__check_object_size+0x14c/0x178)
[ 75.352059] 000000006d7335b1: 0000000000000003 (0x3)
[ 75.352061] 000000007172f7f5: ffff9eb29383ae58 (0xffff9eb29383ae58)
[ 75.352062] 000000007033d970: 000055fd55403d80 (0x55fd55403d80)
[ 75.352063] 00000000f8f0fbc8: ffff9eb29383ae58 (0xffff9eb29383ae58)
[ 75.352064] 0000000065ef0ef6: ffffbcc5414f3bd8 (0xffffbcc5414f3bd8)
[ 75.352158] 000000003941ec9f: ffffffffc0af6d26 (os_memcpy_to_user+0x26/0x50 [nvidia])
[ 75.352159] 000000004318d8e4: 0000000000000003 (0x3)
[ 75.352160] 00000000ea74c503: 0000000000000000 ...
[ 75.352161] 000000009ffbec2f: 000055fd55403d80 (0x55fd55403d80)
[ 75.352162] 000000008342e4ff: ffff9eb29383ae50 (0xffff9eb29383ae50)
[ 75.352260] 00000000d64798c1: ffffffffc0a7cd15 (_nv001372rm+0xa5/0x260 [nvidia])
[ 75.352261] 0000000062044945: 0000000000000000 ...
[ 75.352262] 000000001f134547: ffff9eb28bda6188 (0xffff9eb28bda6188)
[ 75.352263] 00000000b26d600c: ffff9eb29383aed8 (0xffff9eb29383aed8)
[ 75.352264] 00000000e26c238a: ffff9eb29383ae80 (0xffff9eb29383ae80)
[ 75.352365] 00000000b3b9fb02: ffffffffc06fb88a (_nv004784rm+0x4eba/0x5500 [nvidia])
[ 75.352366] 000000004868fd57: 0000000000000000 ...
[ 75.352368] 0000000018dbeaf5: ffff9eb29383aed8 (0xffff9eb29383aed8)
[ 75.352369] 00000000dc91a147: 00007fffebb4e120 (0x7fffebb4e120)
[ 75.352468] 0000000036553f7e: ffffffffc06fbfbc (_nv004331rm+0xec/0xf0 [nvidia])
[ 75.352470] 00000000a9f19da1: ffff9eb29383aed8 (0xffff9eb29383aed8)
[ 75.352471] 00000000fbed8339: ffff9eb28cf10008 (0xffff9eb28cf10008)
[ 75.352472] 00000000cf7498ce: 0000000000000010 (0x10)
[ 75.352473] 0000000035d2db85: 00007fffebb4e120 (0x7fffebb4e120)
[ 75.352474] 00000000720183aa: 00000000c1d00051 (0xc1d00051)
[ 75.352577] 0000000061e52452: ffffffffc06e563a (_nv004326rm+0xca/0x650 [nvidia])
[ 75.352579] 00000000656e9668: 00000000c1d00051 (0xc1d00051)
[ 75.352580] 000000008bc4436f: ffff9eb29383aed8 (0xffff9eb29383aed8)
[ 75.352580] 00000000c3f4b7dc: 0000000000000000 ...
[ 75.352678] 000000000ba8a033: ffffffffc0a97ef6 (_nv015126rm+0x576/0x5c0 [nvidia])
[ 75.352680] 0000000035bc08a1: ffff9eb28bda6f80 (0xffff9eb28bda6f80)
[ 75.352681] 00000000aa89c39c: ffff9eb28bda6f80 (0xffff9eb28bda6f80)
[ 75.352682] 000000007292275a: ffff9eb26350e300 (0xffff9eb26350e300)
[ 75.352683] 00000000f6c766a3: 000000000000002a (0x2a)
[ 75.352684] 0000000052717789: ffff9eb26350e300 (0xffff9eb26350e300)
[ 75.352784] 00000000ce97d48f: ffffffffc0a7e25e (_nv000694rm+0x2e/0x60 [nvidia])
[ 75.352871] 0000000097d61d98: ffffffffc0ef0260 (nv_ctl_waitqueue+0x20/0xffffffffffc09dc0 [nvidia])
[ 75.352872] 00000000ef2453f8: ffff9eb28bda6f80 (0xffff9eb28bda6f80)
[ 75.352873] 000000006d9bbcfd: ffff9eb26350e300 (0xffff9eb26350e300)
[ 75.352970] 000000007bce3b1d: ffffffffc0ad5a95 (_nv000789rm+0x5f5/0x8b0 [nvidia])
[ 75.352972] 000000002eb2cc6c: ffff9eb29383aff8 (0xffff9eb29383aff8)
[ 75.352973] 00000000b998fd3e: 0000000000000020 (0x20)
[ 75.352974] 00000000d28b8083: ffff9eb293838000 (0xffff9eb293838000)
[ 75.352975] 00000000df1872f1: ffff9eb28bda6f80 (0xffff9eb28bda6f80)
[ 75.352976] 000000005ecb3169: 000000000000002a (0x2a)
[ 75.353074] 000000004c96efec: ffffffffc0adfdd3 (rm_ioctl+0x73/0x100 [nvidia])
[ 75.353075] 0000000064e8799c: ffffbcc5414f3e28 (0xffffbcc5414f3e28)
[ 75.353160] 000000003ac86297: ffffffffc0ef0260 (nv_ctl_waitqueue+0x20/0xffffffffffc09dc0 [nvidia])
[ 75.353161] 00000000e57f7ad4: 00000000000010d6 (0x10d6)
[ 75.353162] 000000006e7686e3: 15657943fd278028 (0x15657943fd278028)
[ 75.353164] 0000000078fc0291: 15657944eb92a828 (0x15657944eb92a828)
[ 75.353165] 00000000a44b9841: 15657944eb92a828 (0x15657944eb92a828)
[ 75.353166] 000000001627751b: 15657944745d1428 (0x15657944745d1428)
[ 75.353166] 0000000094b6bbe6: 0000000000000000 ...
[ 75.353167] 000000002ee8c0e3: 0000000000000200 (0x200)
[ 75.353168] 0000000084627ad9: 0000002000000007 (0x2000000007)
[ 75.353170] 0000000019d1fb32: ffffbcc5414f3d18 (0xffffbcc5414f3d18)
[ 75.353171] 00000000720f0605: 00000000000010d6 (0x10d6)
[ 75.353171] 0000000029a6b2d5: 00000000000010d6 (0x10d6)
[ 75.353173] 00000000e85cadff: ffffbcc5414f3d00 (0xffffbcc5414f3d00)
[ 75.353173] 000000000405c2d9: 0000000000000000 ...
[ 75.353175] 00000000efe51567: ffffffffab691a11 (__check_object_size+0xa1/0x178)
[ 75.353176] 0000000081a62e39: 0000000000000020 (0x20)
[ 75.353177] 00000000fcfd1132: ffff9eb28bda6f80 (0xffff9eb28bda6f80)
[ 75.353178] 00000000772799f5: ffff9eb26350e300 (0xffff9eb26350e300)
[ 75.353179] 00000000ea2b0b84: 000000000000002a (0x2a)
[ 75.353269] 00000000fa3a9175: ffffffffc0ef0260 (nv_ctl_waitqueue+0x20/0xffffffffffc09dc0 [nvidia])
[ 75.353368] 00000000ab0f66d9: ffffffffc0aee288 (nvidia_ioctl+0x148/0x490 [nvidia])
[ 75.353369] 0000000041ef347e: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353370] 00000000942fd4f6: ffff9eb293838000 (0xffff9eb293838000)
[ 75.353371] 00000000ecd12e20: ffff9eb26350e338 (0xffff9eb26350e338)
[ 75.353372] 0000000098b17f6a: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353373] 00000000d2314054: ffff9eb28909a6c0 (0xffff9eb28909a6c0)
[ 75.353374] 00000000a216325e: ffffbcc5414f3e00 (0xffffbcc5414f3e00)
[ 75.353375] 0000000063b27103: 5ae1a598ad04f900 (0x5ae1a598ad04f900)
[ 75.353376] 000000002034a703: 00000000000000ff (0xff)
[ 75.353377] 000000001968f4c8: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353378] 00000000e7e400e7: 000000000000000f (0xf)
[ 75.353379] 00000000f88d038f: ffff9eb24a962100 (0xffff9eb24a962100)
[ 75.353380] 00000000c0c74afe: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353381] 00000000ac91ef97: ffffbcc5414f3e48 (0xffffbcc5414f3e48)
[ 75.353480] 000000009d21e0fb: ffffffffc0af9812 (nvidia_frontend_ioctl+0x32/0x50 [nvidia])
[ 75.353481] 00000000fe48e4e5: ffff9eb294b7bad0 (0xffff9eb294b7bad0)
[ 75.353482] 0000000094c67578: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353483] 00000000736346c6: ffffbcc5414f3e58 (0xffffbcc5414f3e58)
[ 75.353581] 00000000ab86f399: ffffffffc0af984d (nvidia_frontend_unlocked_ioctl+0x1d/0x30 [nvidia])
[ 75.353583] 000000008aa76fc1: ffffbcc5414f3ed8 (0xffffbcc5414f3ed8)
[ 75.353586] 000000008f3fc7a5: ffffffffab6afea8 (do_vfs_ioctl+0xa8/0x620)
[ 75.353587] 0000000027be7f1d: ffffbcc5414f3eb0 (0xffffbcc5414f3eb0)
[ 75.353588] 0000000095daf026: ffff9eb242f33d00 (0xffff9eb242f33d00)
[ 75.353589] 000000002b1cfc08: ffff9eb28c7b7c28 (0xffff9eb28c7b7c28)
[ 75.353590] 0000000072f9b917: ffff9eb242f33d10 (0xffff9eb242f33d10)
[ 75.353591] 00000000b216683b: 0000000000000035 (0x35)
[ 75.353592] 000000008c3f8bc1: ffffbcc5414f3ed8 (0xffffbcc5414f3ed8)
[ 75.353595] 00000000228db64b: ffffffffab69adbf (vfs_write+0x17f/0x1b0)
[ 75.353596] 00000000d20e1411: ffffbcc5414f3ed8 (0xffffbcc5414f3ed8)
[ 75.353597] 00000000918ac523: 5ae1a598ad04f900 (0x5ae1a598ad04f900)
[ 75.353598] 00000000fba04eee: ffff9eb24a962100 (0xffff9eb24a962100)
[ 75.353599] 00000000fe554e9c: ffff9eb24a962100 (0xffff9eb24a962100)
[ 75.353600] 000000003d98f637: 000000000000000f (0xf)
[ 75.353601] 00000000a80324a7: 00000000c020462a (0xc020462a)
[ 75.353602] 000000003ff3868b: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353603] 00000000b264fe53: ffffbcc5414f3f18 (0xffffbcc5414f3f18)
[ 75.353605] 000000003ee4387d: ffffffffab6b0487 (ksys_ioctl+0x67/0x90)
[ 75.353606] 00000000265b47d4: 0000000000002385 (0x2385)
[ 75.353607] 0000000063623429: 0000000000000000 ...
[ 75.353608] 0000000048f70fa3: ffffbcc5414f3f58 (0xffffbcc5414f3f58)
[ 75.353608] 000000001786d749: 0000000000000000 ...
[ 75.353609] 00000000dfe09d27: ffffbcc5414f3f28 (0xffffbcc5414f3f28)
[ 75.353611] 0000000054620bcb: ffffffffab6b04ca (__x64_sys_ioctl+0x1a/0x20)
[ 75.353612] 00000000c5088da2: ffffbcc5414f3f48 (0xffffbcc5414f3f48)
[ 75.353616] 000000001a7e76d2: ffffffffab4042ca (do_syscall_64+0x5a/0x110)
[ 75.353616] 00000000eda56dbe: 0000000000000000 ...
[ 75.353619] 0000000096671c18: ffffffffabe00088 (entry_SYSCALL_64_after_hwframe+0x44/0xa9)
[ 75.353620] 00000000104c23ac: 000000000000002a (0x2a)
[ 75.353621] 00000000dc995cd9: 0000000000000020 (0x20)
[ 75.353622] 00000000e26201a7: 00000000c020462a (0xc020462a)
[ 75.353623] 00000000b788857e: 00007fffebb4e0ac (0x7fffebb4e0ac)
[ 75.353624] 00000000ac3d87a7: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353625] 00000000bc273333: 000000005be59204 (0x5be59204)
[ 75.353626] 0000000008bbc36e: 0000000000003246 (0x3246)
[ 75.353626] 00000000cb2111d2: 0000000000000000 ...
[ 75.353627] 00000000583891ad: 00007fffebb4e0ac (0x7fffebb4e0ac)
[ 75.353628] 000000005597ad9b: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353630] 0000000020aff301: ffffffffffffffda (0xffffffffffffffda)
[ 75.353631] 0000000074a42761: 00007ff9265233c7 (0x7ff9265233c7)
[ 75.353632] 00000000bbfa7d06: 00007fffebb4e090 (0x7fffebb4e090)
[ 75.353633] 00000000c23b8b5c: 00000000c020462a (0xc020462a)
[ 75.353634] 00000000ee110313: 000000000000000f (0xf)
[ 75.353634] 00000000d9d12fac: 0000000000000010 (0x10)
[ 75.353636] 00000000b0bc81f7: 00007ff9265233c7 (0x7ff9265233c7)
[ 75.353636] 00000000d60d4934: 0000000000000033 (0x33)
[ 75.353637] 00000000f8e9180c: 0000000000003246 (0x3246)
[ 75.353638] 00000000c678946e: 00007fffebb4dff8 (0x7fffebb4dff8)
[ 75.353639] 0000000029bc82c9: 000000000000002b (0x2b)
[ 75.353752] ? _nv004784rm+0x4eba/0x5500 [nvidia]
[ 75.353864] ? _nv004331rm+0xec/0xf0 [nvidia]
[ 75.353971] ? _nv004326rm+0xca/0x650 [nvidia]
[ 75.354075] ? _nv015126rm+0x576/0x5c0 [nvidia]
[ 75.354181] ? _nv000694rm+0x2e/0x60 [nvidia]
[ 75.354279] ? _nv000789rm+0x5f5/0x8b0 [nvidia]
[ 75.354377] ? rm_ioctl+0x73/0x100 [nvidia]
[ 75.354381] ? __check_object_size+0xa1/0x178
[ 75.354476] ? nvidia_ioctl+0x148/0x490 [nvidia]
[ 75.354578] ? nvidia_frontend_ioctl+0x32/0x50 [nvidia]
[ 75.354679] ? nvidia_frontend_unlocked_ioctl+0x1d/0x30 [nvidia]
[ 75.354681] ? do_vfs_ioctl+0xa8/0x620
[ 75.354683] ? vfs_write+0x17f/0x1b0
[ 75.354685] ? ksys_ioctl+0x67/0x90
[ 75.354687] ? __x64_sys_ioctl+0x1a/0x20
[ 75.354689] ? do_syscall_64+0x5a/0x110
[ 75.354691] ? entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 75.354693] ---[ end trace 5679567f2a00e96f ]---
[ 86.617755] resource sanity check: requesting [mem 0x000c0000-0x000fffff], which spans more than PCI Bus 0000:00 [mem 0x000c0000-0x000dffff window]
[ 86.617884] caller os_map_kernel_space+0x9f/0xb0 [nvidia] mapping multiple BARs

Unsure if related, but now when my computer boots up and gdm runs, I have to press Ctrl+Alt+F2 and then Ctrl+Alt+F1 to actually get GDM login screen to show.. Otherwise my computer sits in text mode. Set nomodeset and GRUB_TERMINAL=console or otherwise input control locks up when gdm launches.

Tags: