grsecurity forums

Skip to content

Size overflow in bcache (3.13.6)

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.
Topic locked

Size overflow in bcache (3.13.6)

Postby marcin1j » Fri Apr 11, 2014 1:23 pm

Hi

After upgrading my kernel to 3.13.6 (grsecurity 3.0-3.13.6-201403202349) I was hit by a nasty bug.
Bcache module crashes during backing device scan and PAX reports:
Code: Select all
PAX: size overflow detected in function bch_btree_iter_next drivers/md/bcache/bset.h:196 cicus.980_437 min, count: 12

Is this a bug in bcache module or a false positive?

kr
marcin1j
 
Posts: 3
Joined: Sat Sep 14, 2013 7:20 pm
Top

Re: Size overflow in bcache (3.13.6)

Postby ephox » Fri Apr 11, 2014 5:29 pm

Hi,

Could you please send me your kernel .config, gcc version and the whole kernel backtrace from dmesg?
ephox
 
Posts: 134
Joined: Tue Mar 20, 2012 4:36 pm
Top

Re: Size overflow in bcache (3.13.6)

Postby marcin1j » Sun Apr 13, 2014 4:11 pm

ephox wrote:Could you please send me your kernel .config, gcc version and the whole kernel backtrace from dmesg?

Hi

The backtrace from oops message is:
Code: Select all
[   20.418468] Call Trace:
[   20.418473]  [<ffffffff814f3669>] dump_stack+0x46/0x5c
[   20.418476]  [<ffffffff81115b44>] report_size_overflow+0x24/0x30
[   20.418480]  [<ffffffffa0898811>] bch_btree_iter_next+0x5f1/0x710 [bcache]
[   20.418482]  [<ffffffff8123c693>] ? cpumask_next_and+0x23/0x50
[   20.418485]  [<ffffffff81074492>] ? find_busiest_group+0x122/0x850
[   20.418488]  [<ffffffff810c5550>] ? mempool_alloc_slab+0x10/0x20
[   20.418489]  [<ffffffff810c5737>] ? mempool_alloc+0x57/0x160
[   20.418492]  [<ffffffffa08989c2>] btree_mergesort+0x92/0x1290 [bcache]
[   20.418495]  [<ffffffff81257c11>] ? list_del+0x11/0x30
[   20.418497]  [<ffffffff810c8677>] ? __rmqueue+0x77/0x370
[   20.418498]  [<ffffffff81257a72>] ? __list_add+0x22/0x50
[   20.418500]  [<ffffffff810c86dc>] ? __rmqueue+0xdc/0x370
[   20.418502]  [<ffffffffa08961f0>] ? bch_btree_exit+0x20/0x20 [bcache]
[   20.418505]  [<ffffffff810c9eb0>] ? __alloc_pages_nodemask+0x120/0x910
[   20.418507]  [<ffffffff81069c70>] ? dequeue_task+0x60/0x90
[   20.418508]  [<ffffffff8106f1b5>] ? sched_clock_cpu+0xb5/0x100
[   20.418511]  [<ffffffffa0899c2a>] __btree_sort+0x6a/0x270 [bcache]
[   20.418512]  [<ffffffff810c5539>] ? mempool_kfree+0x9/0x10
[   20.418515]  [<ffffffffa089a032>] bch_btree_sort_and_fix_extents+0x22/0x30 [bcache]
[   20.418517]  [<ffffffffa08911b6>] bch_btree_node_read+0x446/0x530 [bcache]
[   20.418519]  [<ffffffffa0892513>] bch_btree_node_get+0x163/0x270 [bcache]
[   20.418521]  [<ffffffffa08ad7ed>] ? __closure_lock+0x211d/0x8032 [bcache]
[   20.418524]  [<ffffffffa08a46ed>] run_cache_set+0x20d/0x830 [bcache]
[   20.418526]  [<ffffffffa08a6a4b>] register_bcache+0x166b/0x1980 [bcache]
[   20.418528]  [<ffffffffa08ad970>] ? __closure_lock+0x22a0/0x8032 [bcache]
[   20.418530]  [<ffffffff811169ff>] ? __check_object_size+0x4f/0x1c0
[   20.418532]  [<ffffffff8123e982>] kobj_attr_store+0x12/0x30
[   20.418535]  [<ffffffff81187145>] sysfs_write_file+0x1c5/0x3e0
[   20.418537]  [<ffffffff81110548>] vfs_write+0xe8/0x2b0
[   20.418540]  [<ffffffff814f9a72>] ? retint_swapgs+0x9/0xc
[   20.418542]  [<ffffffff81110bcd>] SyS_write+0x4d/0xa0
[   20.418543]  [<ffffffff814fa1dd>] system_call_fastpath+0x16/0x1b

I've uploaded kernel config to http://pastebin.com/m0zV9rUJ. Gcc version is 4.7.3 (Gentoo Hardened 4.7.3-r1 p1.4, pie-0.5.5).

kr
marcin1j
 
Posts: 3
Joined: Sat Sep 14, 2013 7:20 pm
Top

Re: Size overflow in bcache (3.13.6)

Postby ephox » Tue Apr 15, 2014 2:50 pm

Thanks for the report. It will be fixed in the next PaX version.
ephox
 
Posts: 134
Joined: Tue Mar 20, 2012 4:36 pm
Top
Topic locked

Return to grsecurity support

Powered by phpBB® Forum Software © phpBB Group