[arch-general] No nVidia support on Apparmor kernel
João Miguel
jmcf125 at openmailbox.org
Wed Oct 14 15:42:13 UTC 2015
Hey there,
I've used the ABS to compile a kernel with the CONFIG_AUDIT=y and
CONFIG_SECURITY_APPARMOR=y options enabled. Apparmor and audit work just
fine, but when I tried to start a game, I failed. The following errors
occur only when using the apparmor enabled kernel (independently of
kernel boot parameters to enable/disable apparmor).
$ lsmod | grep nvidia
$ modprobe nvidia
modprobe: FATAL: Module nvidia not found.
$ glxgears
Xlib: extension "GLX" missing on display ":0".
Error: couldn't get an RGB, Double-buffered visual
$ glxinfo
name of display: :0
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Error: couldn't find RGB GLX visual or fbconfig
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Xlib: extension "GLX" missing on display ":0".
Anything that doesn't require fancy graphics works (though libreoffice
and some other programs complain anyway).
The configuration files are much alike (diff attached) with only apparmor and
audit options changed, and a few others presumably by `make config`. I also
tried to use `make nconfig` in the PKGBUILD to change them, to the same effect.
By following the wiki, I eventually found this out:
$ ls /lib/modules/extra*
/lib/modules/extramodules-4.2-apparmor:
version
/lib/modules/extramodules-4.2-ARCH:
bbswitch.ko.gz nvidia.ko.gz nvidia-uvm.ko.gz version
$ modprobe -c > ARCH.modprobe-c # with default kernel loaded
$ modprobe -c > apparmor.modprobe-c # with compiled kernel loaded
$ # ^^^-- diff attached to this message
The diffs of these files clearly show the apparmor kernel seems to have
no nvidia support, while the compile time configuration files show no
difference in this matter.
Using insmod doesn't work, as those extra modules are compiled for
another kernel (error "Invalid module format"). But how are they there?
I couldn't find any information on EXTRA modules in the wiki, never
heard about them. Seems they are compiled separately:
$ pacman -Qo /lib/modules/extramodules-4.2-ARCH/*
/usr/lib/modules/extramodules-4.2-ARCH/bbswitch.ko.gz pertence a bbswitch 0.8-37
/usr/lib/modules/extramodules-4.2-ARCH/nvidia.ko.gz pertence a nvidia 355.11-3
/usr/lib/modules/extramodules-4.2-ARCH/nvidia-uvm.ko.gz pertence a nvidia 355.11-3
/usr/lib/modules/extramodules-4.2-ARCH/version pertence a linux 4.2.2-1
I guess at least now I know it's not some weird compilation option I
forgot about... Might as well put the compiled kernel in the AUR.
I doubt nvidia is giving away source code to compile that... Is this a
dead end? Or perhaps the guys with nvidia and OpenSUSE found a way?
How can I get that nvidia extra module to work on ? And why is it an "extra"?
Wait, now I think of it, maybe I can make this work. Maybe I can get
this to work with ABS, by pointing to the correct headers to the nvidia
package. I will post this now because possibly someone else knows best,
and if I end up solving my own problem, at least the solution becomes
available for anyone looking for it. I found the answer to 60% of my
original questions regarding this problem, while writing this email, if
I don't post this now I may never do. I hope you're okay with this.
Note: I sent this a while ago, got an error that it was too large, so now I
used diff -c3 on the original attachments.
Thanks for your time,
João Miguel
-------------- next part --------------
*** apparmor.config 2015-10-14 14:49:45.776749952 +0100
--- ARCH.config 2015-10-13 14:22:37.723342200 +0100
***************
*** 1,6 ****
#
# Automatically generated file; DO NOT EDIT.
! # Linux/x86 4.2.2-2 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
--- 1,6 ----
#
# Automatically generated file; DO NOT EDIT.
! # Linux/x86 4.2.2-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
***************
*** 51,57 ****
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=""
# CONFIG_COMPILE_TEST is not set
! CONFIG_LOCALVERSION="-apparmor"
CONFIG_LOCALVERSION_AUTO=y
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
--- 51,57 ----
CONFIG_INIT_ENV_ARG_LIMIT=32
CONFIG_CROSS_COMPILE=""
# CONFIG_COMPILE_TEST is not set
! CONFIG_LOCALVERSION="-ARCH"
CONFIG_LOCALVERSION_AUTO=y
CONFIG_HAVE_KERNEL_GZIP=y
CONFIG_HAVE_KERNEL_BZIP2=y
***************
*** 74,82 ****
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
! CONFIG_AUDIT=y
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
- # CONFIG_AUDITSYSCALL is not set
#
# IRQ subsystem
--- 74,81 ----
CONFIG_CROSS_MEMORY_ATTACH=y
CONFIG_FHANDLE=y
# CONFIG_USELIB is not set
! # CONFIG_AUDIT is not set
CONFIG_HAVE_ARCH_AUDITSYSCALL=y
#
# IRQ subsystem
***************
*** 965,971 ****
#
# Xtables targets
#
- # CONFIG_NETFILTER_XT_TARGET_AUDIT is not set
CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
--- 964,969 ----
***************
*** 7154,7177 ****
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
! CONFIG_SECURITY_NETWORK=y
! # CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
- # CONFIG_SECURITY_SELINUX is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
! CONFIG_SECURITY_APPARMOR=y
! CONFIG_SECURITY_APPARMOR_BOOTPARAM_VALUE=1
! CONFIG_SECURITY_APPARMOR_HASH=y
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
- CONFIG_INTEGRITY_AUDIT=y
# CONFIG_IMA is not set
# CONFIG_EVM is not set
- # CONFIG_DEFAULT_SECURITY_APPARMOR is not set
# CONFIG_DEFAULT_SECURITY_YAMA is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
--- 7152,7169 ----
# CONFIG_SECURITY_DMESG_RESTRICT is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
! # CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_PATH=y
# CONFIG_INTEL_TXT is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
! # CONFIG_SECURITY_APPARMOR is not set
CONFIG_SECURITY_YAMA=y
CONFIG_SECURITY_YAMA_STACKED=y
CONFIG_INTEGRITY=y
# CONFIG_INTEGRITY_SIGNATURE is not set
# CONFIG_IMA is not set
# CONFIG_EVM is not set
# CONFIG_DEFAULT_SECURITY_YAMA is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
***************
*** 7263,7269 ****
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
! CONFIG_CRYPTO_SHA1=y
CONFIG_CRYPTO_SHA1_SSSE3=m
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
--- 7255,7261 ----
CONFIG_CRYPTO_RMD160=m
CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
! CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA1_SSSE3=m
CONFIG_CRYPTO_SHA256_SSSE3=m
CONFIG_CRYPTO_SHA512_SSSE3=m
-------------- next part --------------
*** apparmor.modprobe-c 2015-10-14 14:53:11.803424143 +0100
--- ARCH.modprobe-c 2015-10-13 22:32:26.807191260 +0100
***************
*** 360,365 ****
--- 360,366 ----
alias char_major_14_* soundcore
alias char_major_161_* ircomm_tty
alias char_major_166_* cdc_acm
+ alias char_major_195_* nvidia
alias char_major_19_* cyclades
alias char_major_204_* altera_uart
alias char_major_206_* osst
***************
*** 573,579 ****
--- 574,582 ----
alias crypto_serpent_generic serpent_generic
alias crypto_sha1 sha1_ssse3
alias crypto_sha1 sha1_mb
+ alias crypto_sha1 sha1_generic
alias crypto_sha1_all padlock_sha
+ alias crypto_sha1_generic sha1_generic
alias crypto_sha1_padlock padlock_sha
alias crypto_sha224 sha256_ssse3
alias crypto_sha224 sha256_generic
***************
*** 4517,4522 ****
--- 4520,4527 ----
alias pci:v000010DBd0000801Dsv*sd*bc0Csc03iFE* pch_udc
alias pci:v000010DBd00008808sv*sd*bc0Csc03iFE* pch_udc
alias pci:v000010DEd*sv*sd*bc03sc*i* nouveau
+ alias pci:v000010DEd*sv*sd*bc03sc00i00* nvidia
+ alias pci:v000010DEd*sv*sd*bc03sc02i00* nvidia
alias pci:v000010DEd*sv*sd*bc04sc03i00* snd_hda_intel
alias pci:v000010DEd00000034sv*sd*bc*sc*i* i2c_nforce2
alias pci:v000010DEd00000035sv*sd*bc*sc*i* pata_amd
***************
*** 4701,4706 ****
--- 4706,4712 ----
alias pci:v000010DEd00000D8Dsv*sd*bc*sc*i* ahci
alias pci:v000010DEd00000D8Esv*sd*bc*sc*i* ahci
alias pci:v000010DEd00000D8Fsv*sd*bc*sc*i* ahci
+ alias pci:v000010DEd00000E00sv*sd*bc04sc80i00* nvidia
alias pci:v000010DFd00000720sv*sd*bc*sc*i* be2net
alias pci:v000010DFd00000722sv*sd*bc*sc*i* be2iscsi
alias pci:v000010DFd00000724sv*sd*bc*sc*i* lpfc
***************
*** 10471,10477 ****
--- 10477,10485 ----
alias serpent_generic serpent_generic
alias sha1 sha1_ssse3
alias sha1 sha1_mb
+ alias sha1 sha1_generic
alias sha1_all padlock_sha
+ alias sha1_generic sha1_generic
alias sha1_padlock padlock_sha
alias sha224 sha256_ssse3
alias sha224 sha256_generic
***************
*** 20508,20513 ****
--- 20516,20523 ----
alias symbol:crypto_authenc_extractkeys authenc
alias symbol:crypto_get_default_null_skcipher crypto_null
alias symbol:crypto_put_default_null_skcipher crypto_null
+ alias symbol:crypto_sha1_finup sha1_generic
+ alias symbol:crypto_sha1_update sha1_generic
alias symbol:crypto_sha256_finup sha256_generic
alias symbol:crypto_sha256_update sha256_generic
alias symbol:crypto_sha512_finup sha512_generic
***************
*** 25438,25445 ****
--- 25448,25503 ----
alias symbol:notify_wx_assoc_event rtllib
alias symbol:notify_wx_assoc_event_rsl r8192u_usb
alias symbol:null_ax25_address ax25
+ alias symbol:nvUvmInterfaceAddressSpaceCreate nvidia
+ alias symbol:nvUvmInterfaceAddressSpaceCreateMirrored nvidia
+ alias symbol:nvUvmInterfaceAddressSpaceDestroy nvidia
+ alias symbol:nvUvmInterfaceChannelAllocate nvidia
+ alias symbol:nvUvmInterfaceChannelDestroy nvidia
+ alias symbol:nvUvmInterfaceChannelTranslateError nvidia
+ alias symbol:nvUvmInterfaceCheckEccErrorSlowpath nvidia
+ alias symbol:nvUvmInterfaceCopyEngineAllocate nvidia
+ alias symbol:nvUvmInterfaceDeRegisterUvmOps nvidia
+ alias symbol:nvUvmInterfaceDestroyFaultInfo nvidia
+ alias symbol:nvUvmInterfaceDupAllocation nvidia
+ alias symbol:nvUvmInterfaceFreeDupedHandle nvidia
+ alias symbol:nvUvmInterfaceGetAttachedUuids nvidia
+ alias symbol:nvUvmInterfaceGetChannelPhysInfo nvidia
+ alias symbol:nvUvmInterfaceGetFbInfo nvidia
+ alias symbol:nvUvmInterfaceGetGmmuFmt nvidia
+ alias symbol:nvUvmInterfaceGetGpuIds nvidia
+ alias symbol:nvUvmInterfaceGetGpuInfo nvidia
+ alias symbol:nvUvmInterfaceGetPageLevelInfo nvidia
+ alias symbol:nvUvmInterfaceGetUvmPrivRegion nvidia
+ alias symbol:nvUvmInterfaceInitFaultInfo nvidia
+ alias symbol:nvUvmInterfaceKillChannel nvidia
+ alias symbol:nvUvmInterfaceMemoryAllocFB nvidia
+ alias symbol:nvUvmInterfaceMemoryAllocGpuPa nvidia
+ alias symbol:nvUvmInterfaceMemoryAllocGpuVa nvidia
+ alias symbol:nvUvmInterfaceMemoryAllocSys nvidia
+ alias symbol:nvUvmInterfaceMemoryCpuMap nvidia
+ alias symbol:nvUvmInterfaceMemoryCpuUnMap nvidia
+ alias symbol:nvUvmInterfaceMemoryFree nvidia
+ alias symbol:nvUvmInterfaceMemoryFreePa nvidia
+ alias symbol:nvUvmInterfaceMemoryFreeVa nvidia
+ alias symbol:nvUvmInterfaceQueryCaps nvidia
+ alias symbol:nvUvmInterfaceRegisterGpu nvidia
+ alias symbol:nvUvmInterfaceRegisterUvmCallbacks nvidia
+ alias symbol:nvUvmInterfaceServiceDeviceInterruptsRM nvidia
+ alias symbol:nvUvmInterfaceSessionCreate nvidia
+ alias symbol:nvUvmInterfaceSessionDestroy nvidia
+ alias symbol:nvUvmInterfaceUnregisterGpu nvidia
alias symbol:nvdimm_namespace_attach_btt nd_btt
alias symbol:nvdimm_namespace_detach_btt nd_btt
+ alias symbol:nvidia_frontend_add_device nvidia
+ alias symbol:nvidia_frontend_remove_device nvidia
+ alias symbol:nvidia_get_rm_ops nvidia
+ alias symbol:nvidia_p2p_destroy_mapping nvidia
+ alias symbol:nvidia_p2p_free_page_table nvidia
+ alias symbol:nvidia_p2p_get_pages nvidia
+ alias symbol:nvidia_p2p_init_mapping nvidia
+ alias symbol:nvidia_p2p_put_pages nvidia
+ alias symbol:nvidia_register_module nvidia
+ alias symbol:nvidia_unregister_module nvidia
alias symbol:nvram_check_checksum nvram
alias symbol:nvram_read_byte nvram
alias symbol:nvram_write_byte nvram
More information about the arch-general
mailing list