Bug 89748

Summary: X segfault with xselinux/xinerama/fglrx (possible fix provided)
Product: xorg Reporter: Brent Collins <brent.collins.83>
Component: Server/GeneralAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED FIXED QA Contact: Xorg Project Team <xorg-team>
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments:
Description Flags
Add missing xselinux hook to shm PIXMAP resource creation none

Description Brent Collins 2015-03-24 19:07:57 UTC 
Created attachment 114590 [details]
Add missing xselinux hook to shm PIXMAP resource creation

I spent some time trying to track down an X segfault and believe I have found a Bug in the file "Xext/shm.c" where it is missing an Xace hook initialization call which leads to a NULL pointer in the xselinux code later when something tries to access the resource which was never initialized. 

A patch is attached which makes the segfault go away and I wanted to share it to see if others believe it made sense.The segfault I was seeing was in the function "SELinuxDoCheck" in the file "Xext/selinux_hooks.c" where "obj->sid" would be "NULL".

It would probably make sense to try to add better error handling to the xselinux code to catch the case where something attempts to access a resource which has not received xselinux initialization.

Below are the reproduction steps to reproduce my initial problem without the patch. 


Steps: (Any computer which has hardware that supports the fglrx driver)
-------------------------------
1. Ensure that 2 monitors are connected to video card
2. Perform a standard "Desktop" CentOS 6.6 i386 install using the standard ISO: "CentOS-6.6-i386-bin-DVD1.iso"
3. Once fully installed - login, "su" to root and run "yum update"
4. Once the update finishes, then run "yum install kernel-devel gcc"
5. Download the the fgrlx driver from http://www2.ati.com/drivers/linux/amd-catalyst-omega-14.12-linux-run-installers.zip
	NOTE: older fglrx drivers exhibit the same issue
6. Unzip the driver to expose the "amd-driver-installer-14.501.1003-x86.x86_64.run" script.
7. Reboot the system with "shutdown -r now"
8. At the bootloader press "a" twice and then append "3" to end of the kernel parameters to boot the system into runlevel 3.
9. Login as root and run the fglrx installer "sh amd-driver-installer-14.501.1003-x86.x86_64.run" script. 
10. After the fglrx driver installer successfully completes then reboot the system with "shutdown -r now".
	NOTE: fglrx installer should ask for a reboot after completion anyways
11. At the bootloader press "a" twice and then append "3" to end of the kernel parameters to boot the system into runlevel 3.
12. Login as root and run the following command "aticonfig --initial=dual-head --xinerama=on"
        NOTE: this sets up a dual head xinerama configuration, the use of Xinerama is critical to reproduce the issue
13. Run "setsebool -P xserver_object_manager on" as root
        NOTE: This is critical to reproduce the issue
        NOTE: The setsebool command will take awhile to run as it needs to make the boolean permanent and rebuild the selinux policy, so that the change will be in place after reboot
14. Reboot the system with "shutdown -r now".
15. Let the system boot normally. The X Server will not start properly. If you checkout the Xorg and/or gdm logs then you will see a backtrace of the segfault.
Comment 1 Michel Dänzer 2015-03-26 02:16:02 UTC 
Please submit the patch (with a proper commit log :) to the xorg-devel mailing list for review. Put

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=89748

in the commit log to reference this report.
Comment 2 Brent Collins 2015-04-01 18:05:05 UTC 
(In reply to Michel Dänzer from comment #1)
> Please submit the patch (with a proper commit log :) to the xorg-devel
> mailing list for review. Put
> 
> Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=89748
> 
> in the commit log to reference this report.

Thanks. I sent out an email to the mailing list today which hopefully has what would be considered a proper commit log.
Comment 3 Adam Jackson 2018-06-12 15:38:34 UTC 
commit 7470578520e90b6402b2509cd0c51fd4fd84849f
Author: Brent Collins <bcollins@trustedcs.com>
Date:   Thu May 7 15:10:19 2015 -0400

    shm: Fix xselinux resource initialization for xinerama pixmaps
    
    This is necessary to avoid a NULL pointer deference when the pixmap is
    used later.
    
    [ajax: massaged commit message, fixed it to compile]
    
    Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=89748
    Reviewed-by: Adam Jackson <ajax@redhat.com>
    Signed-off-by: Brent Collins <bcollins@trustedcs.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.