oss not working with kernel 4.8 [SOLVED]

[alexdw]

As the subject says, oss is not working for me with the latest kernel versions - specifically 4.8.4 on Arch Linux.

It seems to compile and install OK (using any of the various AUR packages: oss, oss-git, oss-nonfree) but osstest gives a segmentation fault:

Code: Select all

Oct 31 00:07:03 Alex-Arch01 kernel: usercopy: kernel memory exposure attempt detected from ffff8800d0adbd40 (<process stack>) (4 bytes)
Oct 31 00:07:03 Alex-Arch01 kernel: ------------[ cut here ]------------
Oct 31 00:07:03 Alex-Arch01 kernel: kernel BUG at mm/usercopy.c:75!
Oct 31 00:07:03 Alex-Arch01 kernel: invalid opcode: 0000 [#5] PREEMPT SMP
Oct 31 00:07:03 Alex-Arch01 kernel: Modules linked in: fuse ax25 oss_usb(O) oss_hdaudio(O) osscore(O) uvcvideo videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core videodev media joydev mousedev arc4 b43 bcma mac80211 cfg80211 rng_core coretemp kvm_intel iTCO_wdt dell_wmi iTCO_vendor_support gpio_ich sparse_keymap kvm irqbypass dell_laptop dell_smbios rfkill dcdbas dell_smm_hwmon pcspkr evdev input_leds psmouse i2c_i801 i2c_smbus mac_hid r592 memstick ssb i915 drm_kms_helper sky2 lpc_ich pcmcia pcmcia_core drm fjes syscopyarea sysfillrect sysimgblt fb_sys_fops i2c_algo_bit wmi shpchp thermal intel_agp intel_gtt button battery video ac acpi_cpufreq tpm_tis tpm_tis_core tpm sch_fq_codel vboxnetflt(O) vboxnetadp(O) pci_stub vboxpci(O) vboxdrv(O) ip_tables x_tables ext4 crc16 jbd2 fscrypto mbcache hid_logitech_hidpp
Oct 31 00:07:03 Alex-Arch01 kernel:  hid_logitech_dj usbhid hid uas usb_storage sr_mod cdrom sd_mod ata_generic pata_acpi serio_raw atkbd libps2 ahci libahci ata_piix uhci_hcd firewire_ohci libata sdhci_pci scsi_mod sdhci led_class mmc_core firewire_core crc_itu_t i8042 serio ehci_pci ehci_hcd usbcore usb_common
Oct 31 00:07:03 Alex-Arch01 kernel: CPU: 1 PID: 4978 Comm: osstest Tainted: G      D W  O    4.8.4-1-ARCH #1
Oct 31 00:07:03 Alex-Arch01 kernel: Hardware name: Dell Inc. Inspiron 1525                   /0U990C, BIOS A16 10/16/2008
Oct 31 00:07:03 Alex-Arch01 kernel: task: ffff880104cfdb00 task.stack: ffff8800d0ad8000
Oct 31 00:07:03 Alex-Arch01 kernel: RIP: 0010:[<ffffffff81205eaf>]  [<ffffffff81205eaf>] __check_object_size+0x13f/0x1d6
Oct 31 00:07:03 Alex-Arch01 kernel: RSP: 0018:ffff8800d0adbcc8  EFLAGS: 00010282
Oct 31 00:07:03 Alex-Arch01 kernel: RAX: 0000000000000063 RBX: ffff8800d0adbd40 RCX: 0000000000000000
Oct 31 00:07:03 Alex-Arch01 kernel: RDX: 0000000000000000 RSI: ffff88011fd0dba8 RDI: ffff88011fd0dba8
Oct 31 00:07:03 Alex-Arch01 kernel: RBP: ffff8800d0adbce8 R08: 0000000000032a79 R09: 0000000000000005
Oct 31 00:07:03 Alex-Arch01 kernel: R10: ffffc90000870010 R11: 0000000000000764 R12: 0000000000000004
Oct 31 00:07:03 Alex-Arch01 kernel: R13: 0000000000000001 R14: ffff8800d0adbd44 R15: ffff8800d0adbd40
Oct 31 00:07:03 Alex-Arch01 kernel: FS:  00007f6520d35380(0000) GS:ffff88011fd00000(0000) knlGS:0000000000000000
Oct 31 00:07:03 Alex-Arch01 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
Oct 31 00:07:03 Alex-Arch01 kernel: CR2: 00000000025fd1d8 CR3: 00000000d0b14000 CR4: 00000000000006e0
Oct 31 00:07:03 Alex-Arch01 kernel: Stack:
Oct 31 00:07:03 Alex-Arch01 kernel:  ffff8800d0adbd40 0000000000000004 00007ffde21c989c 0000000000000000
Oct 31 00:07:03 Alex-Arch01 kernel:  ffff8800d0adbd10 ffffffffa08f9bd7 ffffc90000878010 00007ffde21c989c
Oct 31 00:07:03 Alex-Arch01 kernel:  0000000000000004 000000008004500f ffffffffa08fb71e ffffffff815f7706
Oct 31 00:07:03 Alex-Arch01 kernel: Call Trace:
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffffa08f9bd7>] oss_copy_to_user+0x27/0x40 [osscore]
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffffa08fb71e>] oss_cdev_ioctl+0x20e/0x260 [osscore]
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff815f7706>] ? _raw_spin_unlock_irqrestore+0x26/0x30
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff810bfdb4>] ? __wake_up+0x44/0x50
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff81219d45>] ? do_filp_open+0xa5/0x100
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffffa08fb7a3>] ? oss_cdev_unlocked_ioctl+0x13/0x20 [osscore]
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff81227c59>] ? __alloc_fd+0xc9/0x180
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff8121c383>] ? do_vfs_ioctl+0xa3/0x5f0
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff81218cd4>] ? putname+0x54/0x60
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff8121c949>] ? SyS_ioctl+0x79/0x90
Oct 31 00:07:03 Alex-Arch01 kernel:  [<ffffffff815f7cf2>] ? entry_SYSCALL_64_fastpath+0x1a/0xa4
Oct 31 00:07:03 Alex-Arch01 kernel: Code: 87 71 81 48 0f 45 d0 48 c7 c6 58 a5 72 81 48 c7 c0 d3 43 73 81 48 0f 45 f0 4d 89 e1 48 89 d9 48 c7 c7 10 0d 73 81 e8 f7 01 f7 ff <0f> 0b 48 89 df e8 07 76 e6 ff 84 c0 0f 84 f8 fe ff ff b8 00 00
Oct 31 00:07:03 Alex-Arch01 kernel: RIP  [<ffffffff81205eaf>] __check_object_size+0x13f/0x1d6
Oct 31 00:07:03 Alex-Arch01 kernel:  RSP <ffff8800d0adbcc8>
Oct 31 00:07:03 Alex-Arch01 kernel: ---[ end trace 6e25915ae2a189b2 ]---

Looks like some kind of change to what the kernel considers as user memory space?

Is anyone else having this issue with kernel 4.8(.4) and oss?

[Matti]

On Ubuntu 16.10 I can't even get the modules to build. I've tried also with newest 4.4 kernel from Ubuntu Kernel Mainline PPA and that also fails.

Code: Select all

Relinking OSS kernel modules for "4.4.35-040435-generic SMP mod_unload modversions "
This may take few moments - please stand by...

OSS build environment set up for REGPARM kernels

Building module osscore
Failed to compile OSS
make -C /lib/modules/4.4.35-040435-generic/build M=/usr/lib/oss/build modules
make[1]: Wejście do katalogu '/usr/src/linux-headers-4.4.35-040435-generic'
  CC [M]  /usr/lib/oss/build/osscore.o
/usr/lib/oss/build/osscore.c: In function ‘oss_fp_save’:
/usr/lib/oss/build/osscore.c:1956:18: error: implicit declaration of function ‘read_cr4’ [-Werror=implicit-function-declaration]
       flags[1] = read_cr4 ();
                  ^
/usr/lib/oss/build/osscore.c:1957:7: error: implicit declaration of function ‘write_cr4’ [-Werror=implicit-function-declaration]
       write_cr4 (flags[1] | 0x600); /* Set OSFXSR & OSXMMEXCEPT */
       ^
/usr/lib/oss/build/osscore.c: In function ‘oss_cmn_err’:
/usr/lib/oss/build/osscore.c:719:1: warning: the frame size of 1104 bytes is larger than 1024 bytes [-Wframe-larger-than=]
 }
 ^
cc1: some warnings being treated as errors
scripts/Makefile.build:264: polecenia dla obiektu '/usr/lib/oss/build/osscore.o' nie powiodły się
make[2]: *** [/usr/lib/oss/build/osscore.o] Błąd 1
Makefile:1408: polecenia dla obiektu '_module_/usr/lib/oss/build' nie powiodły się
make[1]: *** [_module_/usr/lib/oss/build] Błąd 2
make[1]: Opuszczenie katalogu '/usr/src/linux-headers-4.4.35-040435-generic'
Makefile:16: polecenia dla obiektu 'default' nie powiodły się
make: *** [default] Błąd 2

Relinking the OSS kernel modules failed


[alexdw]

Just did a bit of quick research and it looks like there were some changes to the "copy_to_user" and related functions in kernel 4.8:
https://kernelnewbies.org/Linux_4.8#hea ... 69eeba06e9
https://lwn.net/Articles/695991/
https://www.phoronix.com/scan.php?page= ... -Linux-4.8

My guess is that the calls OSS makes (to "copy_to_user") fails one of the new criteria:

This series, which adds CONFIG_HARDENED_USERCOPY, checks that objects being copied to/from userspace meet certain criteria:

- if address is a heap object, the size must not exceed the object's allocated size. (This will catch all kinds of heap overflow flaws.)
- if address range is in the current process stack, it must be within the a valid stack frame (if such checking is possible) or at least entirely within the current process's stack. (This could catch large lengths that would have extended beyond the current process stack, or overflows if their length extends back into the original stack.)
- if the address range is part of kernel data, rodata, or bss, allow it.
- if address range is page-allocated, that it doesn't span multiple allocations (excepting Reserved and CMA pages).
- if address is within the kernel text, reject it.
- everything else is accepted

Can anyone from OSS confirm? I'm going to see if I can compile a kernel version without this option to confirm that way.

[alexdw]

OK, I've confirmed that the issue is with CONFIG_HARDENED_USERCOPY added in linux 4.8. I just tried with a custom Arch Linux kernel (4.8.13) without CONFIG_HARDENED_USERCOPY and oss works fine. I'll try to make a patch for oss so it can work with this kernel config (which was added in 4.8 and seems to be default/recommended to include).

[alexdw]

For anyone else having this issue, I've made a simple patch (attached, and already included in Arch Linux AUR packages oss and oss-git) to make oss work with CONFIG_HARDENED_USERCOPY in Linux kernel 4.8.

linux-4.8-usercopy.patch.txt

Patch for CONFIG_HARDENED_USERCOPY

(1.28 KiB) Downloaded 1549 times

[Matti]

Thank you very much for all of your work.

I confirm that the patch works and I've got working OSS on Ubuntu 16.10 with kernel 4.8.

[alexdw]

Thank you very much for all of your work.

I confirm that the patch works and I've got working OSS on Ubuntu 16.10 with kernel 4.8.

You're welcome, and thank you for posting back to confirm.

I submitted this patch (and others) upstream as a merge request on the oss SourceForge git repo (https://sourceforge.net/p/opensound/git/ci/master/tree/), and as far as I can tell (SourceForge's git support isn't overly intuitive) they have been accepted. So if you're building from source using the latest version on git you might not actually need these patches any more.

[merl]

Hi!
Could you please to explain me how to apply this patch on fedora 25?

[alexdw]

Hi!
Could you please to explain me how to apply this patch on fedora 25?

How are you installing oss on Fedora? Is it done via dnf, RPM, or from source? Do you know if it uses the releases or is there one which points to the git source?

[merl]

I tried to install the *.rpm package from http://www.opensound.com via dnf.
I tried to build oss from source from http://www.4front-tech.com/developer/so ... table/gpl/ , too.
In both cases I had failed to install the oss on my new fedora 25 with kernel 4.8.15-300.fc25.x86_64.
I can list error messages

Thank you for your reply!
Regards, Oleg

[alexdw]

I tried to install the *.rpm package from http://www.opensound.com via dnf.
I tried to build oss from source from http://www.4front-tech.com/developer/so ... table/gpl/ , too.
In both cases I had failed to install the oss on my new fedora 25 with kernel 4.8.15-300.fc25.x86_64.
I can list error messages

Thank you for your reply!
Regards, Oleg

You're welcome, Oleg.

Try building from the sources in the git repo: http://www.opensound.com/

Browse the Open Sound Git Repository: http://opensound.git.sourceforge.net/gi ... und;a=tree

Get the source code using GIT:
git clone git://opensound.git.sourceforge.net/git ... /opensound

That should have the required patches already applied.

[igorzwx]

I tried to install the *.rpm package…

If rpm-package is needed, it can be produced with Linux Mint LiveCD
_http://ossnext.trueinstruments.com/forum/viewtopic.php?f=3&t=5828

If the patches are already applied, you do not need to patch the source with quilt.

1. Install the package manager for RPM:

Code: Select all

$ sudo apt-get install rpm

2. Compile OSS4 from git _http://ossnext.trueinstruments.com/forum/viewtopic.php?f=3&t=5828

3. Instead of "sudo make deb", run

Code: Select all

$ sudo make package

This should produce the rpm-package you need.

Packing Open Sound System (optional)

Code: Select all

make package

The package target creates a native package for the currently compiled-for OS. On Linux an RPM package will be generated.

There are two alternative targets when compiling for the Linux OS:

Code: Select all

make deb
make tarball

The first creates a OSS package in debian's DEB format. The second creates a tarball of OSS.
_http://ossnext.trueinstruments.com/wiki/index.php/Building_OSSv4_from_source#Packing_Open_Sound_System_.28optional.29

[merl]

on fedora on "make install" stage I get messages like this:

Code: Select all

/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/usb/snd-usb-audio.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/usb/snd-usbmidi-lib.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/usb/snd-usbmidi-lib.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/usb/snd-usbmidi-lib.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/ac97_bus.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/ac97_bus.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/ac97_bus.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/soundcore.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/soundcore.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/sound/soundcore.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/virt/lib/irqbypass.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/virt/lib/irqbypass.ko.xz is not a valid ELF object
/lib/modules/4.8.15-300.fc25.x86_64/kernel/virt/lib/irqbypass.ko.xz is not a valid ELF object
make -C /lib/modules/4.8.15-300.fc25.x86_64/build M=/usr/lib/oss/build modules
make[1]: *** /lib/modules/4.8.15-300.fc25.x86_64/build: No such file or directory.  Stop.
Makefile:16: recipe for target 'default' failed
make: *** [default] Error 2

Relinking the OSS kernel modules failed
[merl@localhost oss]$

[igorzwx]

I tried to install the *.rpm package from _http://www.opensound.com via dnf.
I tried to build oss from source from _http://www.4front-tech.com/developer/sources/stable/gpl/ , too.
In both cases I had failed to install the oss on my new fedora 25 with kernel 4.8.15-300.fc25.x86_64.
I can list error messages

You are using the outdated version of OSS4.
That is why you are getting error messages.

If you do not know how to use git, you may try to learn something with Linux Mint LiveCD
_http://ossnext.trueinstruments.com/forum/viewtopic.php?f=3&t=5837#p21602

[merl]

Thanks for your reply, igorzwx!
I downloaded the last version with patch via git, but get same errors...
Maybe, it depends on gcc version? My is 6.3.1 20161221