New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NVIDIA/Xorg segfaults with hardened profile #61489
Comments
In an ideal world, crashes caused by legitimate bugs (assuming this is one) would be fixed upstream, but I suppose that's out of the question in this case. I prefer to keep the default as-is for now and improve docs instead, but I can see how it will be quite annoying for people when things start crashing for no obvious reason ... I'm open to changing the default, obviously, but I'd like to hold off on doing so just a little bit. (To elaborate: the hardened defaults are expected to break things, under the assumption that the admin relaxes settings to suit their specific needs). |
I would suggest we repurpose this issue for general brokenness with the Graphene hardened allocator picked by default in the hardened profile. According to #62238 (comment) it seems like the Graphene hardened allocator can't even run sshd properly. Nix also segfaults / runs out of memory when using that allocator. I think it's probably an OK choice for select applications but definitely not for systemwide use at this point. |
(I'm also fine if you want to roll back #62238 temporarily to damage-control before making a decision on this.) |
I will slightly amend my statement "can't even run sshd properly" -- the issue seems to be that openssh's seccomp sandbox does not allow mprotect, and Graphene's allocator makes copious use of that syscall (for guard pages). This could be addressed through disabling the seccomp sandbox or applying a custom patch. |
Another possibility is to add service specific overrides to the malloc module to paper over known incompatibilities. |
Having to whitelist sshd from these hardening measures would be a pretty sad long term situation though. |
Service opessh worked with memoryAllocator provider jemalloc and scudo. |
@Izorkin do you think those are fixable in a maintainable way? I'm not too concerned about Nix or proprietary gfx drivers not working, but if things like ssh, httpd &c break, then enabling this by default may be too much. |
I do not have normal working ideas( |
FWIW, I got the same crash with the open-source radeon driver. I solved it by changing
|
For future reference regarding incompatibilities with hardened_malloc https://github.com/GrapheneOS/hardened_malloc/issues/89#issuecomment-522236117 |
#66687 was merged, so this should no longer happen. |
@delroth ssh should work with graphene after openssh/openssh-portable@f6906f9 |
Issue description
With the hardened profile imported, Xorg on NVIDIA always segfaults on startup with:
Steps to reproduce
Use nixpkgs master on a machine with an NVIDIA card.
In the system configuration:
<nixpkgs/nixos/modules/profiles/hardened.nix>
environment.memoryAllocator.provider = "graphene-hardened"
startx
and observe a segfault.Technical details
Please run
nix-shell -p nix-info --run "nix-info -m"
and paste theresults.
"x86_64-linux"
Linux 4.19.42-hardened, NixOS, 19.09.git.11851bd (Loris)
yes
yes
nix-env (Nix) 2.2.2
"nixos-18.09.1922.97e0d53d669"
/nix/var/nix/profiles/per-user/root/channels/nixos
Maybe
environment.memoryAllocator.provider = "libc";
should remain the default in hardened, or maybegraphene-hardened
should be marked incompatible with nvidia?The text was updated successfully, but these errors were encountered: