Commit 2136a38d authored by Martin Flöser's avatar Martin Flöser

Don't dissallow open with write flag syscall on NVIDIA

Summary:
The latest NVIDIA driver crashes the greeter due to our seccomp enabled
sandbox being too restrictive. The driver is now opening files for
writing after our dummy context got created and this causes a crash. In
order to provide our users a working system again we better disable the
seccomp rule for NVIDIA users for the time being.

To detect whether an NVIDIA driver is used I copied the glplatform from
KWin which is known to work and more reliable than writing new custom
code even if it's a code copy. For master I'll look into splitting that
one out from KWin and putting it into a dedicated library so that we can
link it.

This of course means that the seccomp based sandbox is now incomplete
for NVIDIA users. An idea is to add an additional apparmor rule in
master to enforce the write restrictions in similar way without forcing
it for /dev.

BUG: 384005

Test Plan: I don't have an NVIDIA

Reviewers: #plasma

Subscribers: plasma-devel

Tags: #plasma

Differential Revision: https://phabricator.kde.org/D7616
parent 215d4600
...@@ -13,6 +13,7 @@ set(kscreenlocker_greet_SRCS ...@@ -13,6 +13,7 @@ set(kscreenlocker_greet_SRCS
main.cpp main.cpp
noaccessnetworkaccessmanagerfactory.cpp noaccessnetworkaccessmanagerfactory.cpp
wallpaper_integration.cpp wallpaper_integration.cpp
kwinglplatform.cpp
) )
if(HAVE_SECCOMP) if(HAVE_SECCOMP)
......
...@@ -32,7 +32,7 @@ target_link_libraries(killTest Qt5::Test) ...@@ -32,7 +32,7 @@ target_link_libraries(killTest Qt5::Test)
# Seccomp Test # Seccomp Test
####################################### #######################################
if(HAVE_SECCOMP) if(HAVE_SECCOMP)
add_executable(seccompTest seccomp_test.cpp ../seccomp_filter.cpp) add_executable(seccompTest seccomp_test.cpp ../seccomp_filter.cpp ../kwinglplatform.cpp)
add_test(kscreenlocker-seccompTest seccompTest) add_test(kscreenlocker-seccompTest seccompTest)
ecm_mark_as_test(seccompTest) ecm_mark_as_test(seccompTest)
target_link_libraries(seccompTest target_link_libraries(seccompTest
......
...@@ -19,6 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. ...@@ -19,6 +19,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
*********************************************************************/ *********************************************************************/
#include <config-kscreenlocker.h> #include <config-kscreenlocker.h>
#include "../seccomp_filter.h" #include "../seccomp_filter.h"
#include "../kwinglplatform.h"
#include <QtTest/QtTest> #include <QtTest/QtTest>
#include <QTemporaryFile> #include <QTemporaryFile>
...@@ -55,6 +56,9 @@ void SeccompTest::testCreateFile() ...@@ -55,6 +56,9 @@ void SeccompTest::testCreateFile()
void SeccompTest::testOpenFile() void SeccompTest::testOpenFile()
{ {
if (KWin::GLPlatform::instance()->driver() == KWin::Driver_NVidia) {
QSKIP("Write protection not supported on NVIDIA");
}
QFile file(QStringLiteral(KCHECKPASS_BIN)); QFile file(QStringLiteral(KCHECKPASS_BIN));
QVERIFY(file.exists()); QVERIFY(file.exists());
QVERIFY(!file.open(QIODevice::WriteOnly)); QVERIFY(!file.open(QIODevice::WriteOnly));
......
This diff is collapsed.
This diff is collapsed.
...@@ -21,9 +21,11 @@ You should have received a copy of the GNU General Public License ...@@ -21,9 +21,11 @@ You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. along with this program. If not, see <http://www.gnu.org/licenses/>.
*********************************************************************/ *********************************************************************/
#include "seccomp_filter.h" #include "seccomp_filter.h"
#include "kwinglplatform.h"
#include <QDBusConnection> #include <QDBusConnection>
#include <QOpenGLContext> #include <QOpenGLContext>
#include <QOffscreenSurface>
#include <seccomp.h> #include <seccomp.h>
#include <sys/socket.h> #include <sys/socket.h>
...@@ -38,7 +40,22 @@ void init() ...@@ -38,7 +40,22 @@ void init()
{ {
// trigger OpenGL context creation // trigger OpenGL context creation
// we need this to ensure that all required files are opened for write // we need this to ensure that all required files are opened for write
QOpenGLContext::supportsThreadedOpenGL(); // on NVIDIA we need to keep write around, otherwise BUG 384005 happens
bool writeSupported = true;
QScopedPointer<QOffscreenSurface> dummySurface(new QOffscreenSurface);
dummySurface->create();
QOpenGLContext dummyGlContext;
if (dummyGlContext.create()) {
if (dummyGlContext.makeCurrent(dummySurface.data())) {
auto gl = KWin::GLPlatform::instance();
gl->detect();
gl->printResults();
if (gl->driver() == KWin::Driver_NVidia) {
// BUG: 384005
writeSupported = false;
}
}
}
// access DBus to have the socket open // access DBus to have the socket open
QDBusConnection::sessionBus(); QDBusConnection::sessionBus();
...@@ -57,8 +74,10 @@ void init() ...@@ -57,8 +74,10 @@ void init()
// instead disallow opening new files for writing // instead disallow opening new files for writing
// they should fail with EPERM error // they should fail with EPERM error
seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY)); if (writeSupported) {
seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR)); seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_WRONLY, O_WRONLY));
seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_RDWR, O_RDWR));
}
seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT)); seccomp_rule_add(context, SCMP_ACT_ERRNO(EPERM), SCMP_SYS(open), 1, SCMP_A1(SCMP_CMP_MASKED_EQ, O_CREAT, O_CREAT));
// disallow going to a socket // disallow going to a socket
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment