Nvidia driver 550.90.07 needs access to /sys/module/nvidia*

[GreatBigWhiteWorld]

Description

Steam fail to launch (it has been ok for a long time in the past).

Steps to Reproduce

Steps to reproduce the behavior
With 'ignore noroot' and 'ignore private-dev' in firejail.local already, I got X error:

Expected behavior

Launch normally as before.

Actual behavior

steam showing in running process without any window or system tray.

Behavior without a profile

What changed calling LC_ALL=C firejail --noprofile /path/to/program in a
terminal?

Nothing changes. I get the same error with '--noprofile' option.

Additional context

This issue is new. It has been running fine with firejail. It started to appear after an OS update and reboot.

Environment

• opensusetumbleweed
• firejail version 0.9.72

Checklist

• The issues is caused by firejail (i.e. running the program by path (e.g. /usr/bin/vlc) "fixes" it).
• I can reproduce the issue without custom modifications (e.g. globals.local).
• The program has a profile. (If not, request one in https://github.com/netblue30/firejail/issues/1139)
• The profile (and redirect profile if exists) hasn't already been fixed upstream.
• [x ] I have performed a short search for similar issues (to avoid opening a duplicate).
  • [x ] I'm aware of browser-allow-drm yes/browser-disable-u2f no in firejail.config to allow DRM/U2F in browsers.
• I used --profile=PROFILENAME to set the right profile. (Only relevant for AppImages)

[kmk3]

06/07 19:00:32 Init: Installing breakpad exception handler for appid(steam)/version(1716584667)/tid(119)
SteamUpdateUI: An X Error occurred
X Error of failed request:  BadValue (integer parameter out of range for operation)

The error is rather vague, so it's hard to tell.

I'd try commenting lines in steam.profile until it works to narrow it down.

Also, I see that there are quite a few results when searching for this error on
the steam issue tracker:

• https://github.com/search?q=repo%3AValveSoftware%2Fsteam-for-linux+SteamUpdateUI%3A+An+X+Error+occurred&type=issues

The following issue has the same exact error in the title:

• Steam doesn't launch - SteamUpdateUI: An X Error occurred ValveSoftware/steam-for-linux#4909

Maybe the workarounds posted there could help.

[orzogc]

I had also encountered this error after upgrading the NVIDIA driver from 550.78 to 550.90.07 on Arch Linux KDE wayland desktop. I ran firejail with --noprofile option but the error was the same.

Parent pid 5245, child pid 5246
Child process initialized in 7.50 ms
steam.sh[4]: Running Steam on arch rolling 64-bit
steam.sh[4]: STEAM_RUNTIME is disabled by the user
steam.sh[4]: Can't find 'steam-runtime-check-requirements', continuing anyway
[2024-06-14 17:39:39] Startup - updater built May 24 2024 20:46:19
[2024-06-14 17:39:39] Startup - Steam Client launched with: '/home/orzogc/.local/share/Steam/ubuntu12_32/steam'
06/14 17:39:39 minidumps folder is set to /tmp/dumps
06/14 17:39:39 Init: Installing breakpad exception handler for appid(steam)/version(1716584667)/tid(86)
SteamUpdateUI: An X Error occurred
X Error of failed request:  BadValue (integer parameter out of range for operation)

This error is used to be fixed by installing the 32-bits NVIDIA driver, but I had installed lib32-nvidia-utils on Arch Linux.

[kmk3]

I had also encountered this error after upgrading the NVIDIA driver from
550.78 to 550.90.07 on Arch Linux KDE wayland desktop. I ran firejail
with --noprofile option but the error was the same.

Does anything change with firejail --profile=noprofile /usr/bin/steam?

Does anything change with Xorg?

Parent pid 5245, child pid 5246
Child process initialized in 7.50 ms
steam.sh[4]: Running Steam on arch rolling 64-bit
steam.sh[4]: STEAM_RUNTIME is disabled by the user
steam.sh[4]: Can't find 'steam-runtime-check-requirements', continuing anyway
[2024-06-14 17:39:39] Startup - updater built May 24 2024 20:46:19
[2024-06-14 17:39:39] Startup - Steam Client launched with: '/home/orzogc/.local/share/Steam/ubuntu12_32/steam'
06/14 17:39:39 minidumps folder is set to /tmp/dumps
06/14 17:39:39 Init: Installing breakpad exception handler for appid(steam)/version(1716584667)/tid(86)
SteamUpdateUI: An X Error occurred
X Error of failed request:  BadValue (integer parameter out of range for operation)

This error is used to be fixed by installing the 32-bits NVIDIA driver

To clarify, do you mean that in the past the error could be fixed by installing
that driver but now it doesn't fix the error anymore?

but I had installed lib32-nvidia-utils on Arch Linux.

Is that the "32-bits NVIDIA driver" or something else?

Does installing that fix the error?

[orzogc]

Does anything change with firejail --profile=noprofile /usr/bin/steam?

Nothing changes. Output is here:

Parent pid 8379, child pid 8380
Child process initialized in 6.34 ms
steam.sh[4]: Running Steam on arch rolling 64-bit
steam.sh[4]: STEAM_RUNTIME is enabled automatically
libEGL warning: egl: failed to create dri2 screen
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
libEGL warning: egl: failed to create dri2 screen
libEGL warning: egl: failed to create dri2 screen
MESA: error: ZINK: vkCreateInstance failed (VK_ERROR_INCOMPATIBLE_DRIVER)
libEGL warning: egl: failed to create dri2 screen
setup.sh[221]: Forced use of runtime version for 32-bit libgtk-x11-2.0.so.0
setup.sh[221]: Found newer runtime version for 32-bit libGLU.so.1. Host: 1.3.1 Runtime: 1.3.8004
setup.sh[221]: Forced use of runtime version for 32-bit libcurl-gnutls.so.4
setup.sh[221]: Forced use of runtime version for 32-bit libcurl.so.4
setup.sh[221]: Forced use of runtime version for 32-bit libdbusmenu-glib.so.4
setup.sh[221]: Forced use of runtime version for 32-bit libdbusmenu-gtk.so.4
setup.sh[221]: Found newer runtime version for 64-bit libGLU.so.1. Host: 1.3.1 Runtime: 1.3.8004
setup.sh[221]: Forced use of runtime version for 64-bit libcurl-gnutls.so.4
setup.sh[221]: Forced use of runtime version for 64-bit libcurl.so.4
setup.sh[221]: Found newer runtime version for 64-bit libdbusmenu-glib.so.4. Host: 4.0.12 Runtime: 4.0.13
setup.sh[221]: Found newer runtime version for 64-bit libdbusmenu-gtk.so.4. Host: 4.0.12 Runtime: 4.0.13
steam.sh[4]: Steam client's requirements are satisfied
[2024-06-14 19:21:14] Startup - updater built May 24 2024 20:46:19
[2024-06-14 19:21:14] Startup - Steam Client launched with: '/home/orzogc/.local/share/Steam/ubuntu12_32/steam'
06/14 19:21:14 minidumps folder is set to /tmp/dumps
06/14 19:21:14 Init: Installing breakpad exception handler for appid(steam)/version(1716584667)/tid(1123)
SteamUpdateUI: An X Error occurred
X Error of failed request:  BadValue (integer parameter out of range for operation)

Does anything change with Xorg?

I will test it later.

To clarify, do you mean that in the past the error could be fixed by installing that driver but now it doesn't fix the error anymore?

People said they fixed this error by installing the 32-bit NVIDIA driver in ValveSoftware/steam-for-linux#4909.

Is that the "32-bits NVIDIA driver" or something else?

Does installing that fix the error?

lib32-nvidia-utils on Arch Linux contains the 32-bit NVIDIA driver. I had installed it before upgrading NVIDIA driver so installing it doesn't fix this error anymore.

[krop]

https://bbs.archlinux.org/viewtopic.php?id=296675 is probably related.

Even a simple firejail glxgears produces the same error (same thing with --noprofile but --profile=noprofile works)

I'm also using openSUSE Tumbleweed with NVidia driver 550.90.07

[krop]

https://bbs.archlinux.org/viewtopic.php?id=296675 is probably related.

Even a simple firejail glxgears produces the same error (same thing with --noprofile but --profile=noprofile works)

firejail --trace glxgears reported 5:glxgears:access /sys/module/nvidia/initstate:-1

Adding noblacklist /sys/module to the default profile helps

Adding the line to steam.profile also allows running it with firejail

Edit

For anyone finding this bug report, you can also be a bit more restrictive and only un-blacklist what the NVidia driver wants to access:

• Create a ~/.config/firejail folder if it doesn't exist

• Add:

noblacklist /sys/module/nvidia/initstate
noblacklist /sys/module/nvidia_drm/initstate
noblacklist /sys/module/nvidia_uvm/initstate
noblacklist /sys/module/nvidia_modeset/initstate

to ~/.config/firejail/globals.local

[orzogc]

I can confirm adding noblacklist /sys/module to profile fixes the error.

[GreatBigWhiteWorld]

I can confirm adding noblacklist /sys/module to profile fixes the error.

I'm having another kind of error now (popup window) after using noblacklist /sys/module in ~/.config/firejail/globals.local.

A popup window that says "Error: Couldn't setup Steam data. Please contact technical support" when in console:

Reading profile /home/johnDoe/.config/firejail/steam.profile
Parent pid 22806, child pid 22807
Warning: cannot find /var/run/utmp
Child process initialized in 5.42 ms
bin_steam.sh[4]: Setting up Steam content in /home/johnDoe/.local/share/Steam

I have the following in ~/.config/firejail/steam.profile

ignore private-dev
ignore noroot
...

Running steam directly has no problem.

[glitsj16]

@GreatBigWhiteWorld

The current steam.profile in git changed the seccomp option compared to 0.9.72. You might want to give that a try.

firejail/etc/profile-m-z/steam.profile

Line 170 in 0fb4753

seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!process_vm_readv,!ptrace,!umount2

[GreatBigWhiteWorld]

@GreatBigWhiteWorld

The current steam.profile in git changed the seccomp option compared to 0.9.72. You might want to give that a try.

firejail/etc/profile-m-z/steam.profile

Line 170 in 0fb4753

seccomp !chroot,!mount,!name_to_handle_at,!pivot_root,!process_vm_readv,!ptrace,!umount2

Tried 'ignore seccomp' and I got the same error of not able to setup steam data.

[krop]

Note: I edited my previous comment: both /sys/module/nvidia/initstate and /sys/module/nvidia_modeset/initstate need to be un-blacklisted for e.g the Steam of itch.io clients.

I ran more tests with other applications and added /sys/module/nvidia_uvm/initstate which is needed by e.g Blender. While I didn't find a user yet for /sys/module/nvidia_drm/initstate, I also added it to the snippet to add to $HOME/.config/firejail/globals.local.

[GreatBigWhiteWorld]

I can confirm adding noblacklist /sys/module to profile fixes the error.

I'm having another kind of error now (popup window) after using noblacklist /sys/module in ~/.config/firejail/globals.local.

A popup window that says "Error: Couldn't setup Steam data. Please contact technical support" when in console:

Reading profile /home/johnDoe/.config/firejail/steam.profile
Parent pid 22806, child pid 22807
Warning: cannot find /var/run/utmp
Child process initialized in 5.42 ms
bin_steam.sh[4]: Setting up Steam content in /home/johnDoe/.local/share/Steam

I have the following in ~/.config/firejail/steam.profile

ignore private-dev
ignore noroot
...

Running steam directly has no problem.

This might be an unrelated problem to this thread, since adding 'noblacklist /sys/module' to globals.profile fix 'firejail glxgear'.
But I don't know why the new issue emerges after the first one fixed.
firejail steam had worked for a long time before all of this.

[glitsj16]

Update

On the arch linux forum thread someone confirmed they've got a working steam when using the below (cfr. what we do in the blender profile):

noblacklist /sys/module
whitelist /sys/module/nvidia*
read-only /sys/module/nvidia*

[kmk3]

On the arch linux forum
thread someone
confirmed they've got a working steam when using the below (cfr. what we do
in the blender profile):

noblacklist /sys/module
whitelist /sys/module/nvidia*
read-only /sys/module/nvidia*

Good catch!

I found a way to allow the amd/nvidia modules by default in the code (as in the
above entries) if no3d is not used and it seems to work.

Though I'm not sure what exactly the files in /sys/module provide, so it might
be better to only do so if the proprietary driver is in use/installed.

For nvidia it seems that the presence of the proprietary driver can be detected
by checking whether /dev/nvidiactl exists.

Any idea about AMDGPU Pro?

If not, I think I'll just do it for nvidia for now.

Relates to #841 #1932.

Cc: @RDProjekt (from #1932)

[glitsj16]

Any idea about AMDGPU Pro?

Alas, no. We can add that later like you suggested when we find out. I'll ask around on our IRC channel.

[kmk3]

Related:

• NVIDIA PRIME offload fails with nvidia driver 550.90.07 #6385

[kmk3]

(Quoting the following comment for reference as its OpenGL error output is more
complete)

@michelesr on Jun 16:

I'm not sure why, but since last nvidia driver:

$ vkcube
Selected GPU 0: NVIDIA GeForce GTX 1050 Ti with Max-Q Design, type: DiscreteGpu

$ firejail --noprofile /bin/vkcube
Parent pid 13174, child pid 13175
Child process initialized in 6.22 ms
Selected GPU 0: Intel(R) UHD Graphics 630 (CFL GT2), type: IntegratedGpu

OpenGL apps work fine with prime-run without firejail but they crash with firejail --noprofile

$ firejail --noprofile prime-run /bin/glxdemo
Parent pid 14198, child pid 14199
Child process initialized in 6.04 ms
X Error of failed request:  BadValue (integer parameter out of range for operation)
  Major opcode of failed request:  150 (GLX)
  Minor opcode of failed request:  3 (X_GLXCreateContext)
  Value in failed request:  0x0
  Serial number of failed request:  22
  Current serial number in output stream:  23

Parent is shutting down, bye...

What could be causing this?

[kmk3]

Fixed in #6387; thanks for all the reports and tests!