tvtime gets killed CONFIG_PAX_SIZE_OVERFLOW
Posted: Fri Jan 04, 2013 3:00 pmHello,
I run a current Debian (testing/Wheezy) system with a custom compiled kernel (stock source + grsecurity patch). When I enabled the option CONFIG_PAX_SIZE_OVERFLOW last year most of the system (as far as I tested) kept working without problem, the notable exception was tvtime, which got killed on startup with the following in the system log:
Mar 25 22:05:21 sneo kernel: Pid: 18699, comm: tvtime Not tainted 3.2.12sneo.01-grsec #1
Mar 25 22:05:21 sneo kernel: Call Trace:
Mar 25 22:05:21 sneo kernel: [<ffffffffa0098ba0>] ? __videobuf_iolock+0xa90/0x1268 [videobuf_dma_sg]
Mar 25 22:05:21 sneo kernel: [<ffffffff810dae49>] ? report_size_overflow+0x29/0x40
Mar 25 22:05:21 sneo kernel: [<ffffffffa009823a>] ? __videobuf_iolock+0x12a/0x1268 [videobuf_dma_sg]
Mar 25 22:05:21 sneo kernel: [<ffffffffa014ff12>] ? buffer_prepare+0x1d2/0x300 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffffa015d4a0>] ? init_bttv_i2c_ir+0x1415/0x86f9 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffffa007ad8c>] ? videobuf_qbuf+0x2fc/0x4e0 [videobuf_core]
Mar 25 22:05:21 sneo kernel: [<ffffffff8131829e>] ? __video_do_ioctl+0x24de/0x5760
Mar 25 22:05:21 sneo kernel: [<ffffffffa0150d90>] ? bttv_dqbuf+0x50/0x50 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffff81315331>] ? video_usercopy+0x121/0xa90
Mar 25 22:05:21 sneo kernel: [<ffffffff81315dc0>] ? v4l_printk_ioctl+0x70/0x70
Mar 25 22:05:21 sneo kernel: [<ffffffff81314547>] ? v4l2_ioctl+0xc7/0x160
Mar 25 22:05:21 sneo kernel: [<ffffffff810e8d0c>] ? do_vfs_ioctl+0xbc/0x8e0
Mar 25 22:05:21 sneo kernel: [<ffffffff810e95c8>] ? sys_ioctl+0x98/0xa0
Mar 25 22:05:21 sneo kernel: [<ffffffff81417fab>] ? system_call_fastpath+0x18/0x1d
To track down the problem, I reported the issue to the Debian maintainer, who asked for more input but did not state which kind of input he required. Eventually he closed the bug, stating that grsecurity on Debian is not a supported combination. Unfortunately he did not react on my suggestion, that this fault might reveal an security issue in tvtime on a "stock" kernel. (For reference, the bug is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665868).
I'm not a programmer per se (though involved in the IT security field) and was unable to understand the kernel help (including the referenced link) for CONFIG_PAX_SIZE_OVERFLOW.
Is this crash revealing a problematic issue within tvtime (i.e. something a user on an ordinary kernel should worry about) or just a minor hassle? (Or is there a longer description for the CONFIG_PAX_SIZE_OVERFLOW overflow option available, I'm perfectly fine reading a FAQ (first)).
Thanks
Helge
I run a current Debian (testing/Wheezy) system with a custom compiled kernel (stock source + grsecurity patch). When I enabled the option CONFIG_PAX_SIZE_OVERFLOW last year most of the system (as far as I tested) kept working without problem, the notable exception was tvtime, which got killed on startup with the following in the system log:
Mar 25 22:05:21 sneo kernel: Pid: 18699, comm: tvtime Not tainted 3.2.12sneo.01-grsec #1
Mar 25 22:05:21 sneo kernel: Call Trace:
Mar 25 22:05:21 sneo kernel: [<ffffffffa0098ba0>] ? __videobuf_iolock+0xa90/0x1268 [videobuf_dma_sg]
Mar 25 22:05:21 sneo kernel: [<ffffffff810dae49>] ? report_size_overflow+0x29/0x40
Mar 25 22:05:21 sneo kernel: [<ffffffffa009823a>] ? __videobuf_iolock+0x12a/0x1268 [videobuf_dma_sg]
Mar 25 22:05:21 sneo kernel: [<ffffffffa014ff12>] ? buffer_prepare+0x1d2/0x300 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffffa015d4a0>] ? init_bttv_i2c_ir+0x1415/0x86f9 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffffa007ad8c>] ? videobuf_qbuf+0x2fc/0x4e0 [videobuf_core]
Mar 25 22:05:21 sneo kernel: [<ffffffff8131829e>] ? __video_do_ioctl+0x24de/0x5760
Mar 25 22:05:21 sneo kernel: [<ffffffffa0150d90>] ? bttv_dqbuf+0x50/0x50 [bttv]
Mar 25 22:05:21 sneo kernel: [<ffffffff81315331>] ? video_usercopy+0x121/0xa90
Mar 25 22:05:21 sneo kernel: [<ffffffff81315dc0>] ? v4l_printk_ioctl+0x70/0x70
Mar 25 22:05:21 sneo kernel: [<ffffffff81314547>] ? v4l2_ioctl+0xc7/0x160
Mar 25 22:05:21 sneo kernel: [<ffffffff810e8d0c>] ? do_vfs_ioctl+0xbc/0x8e0
Mar 25 22:05:21 sneo kernel: [<ffffffff810e95c8>] ? sys_ioctl+0x98/0xa0
Mar 25 22:05:21 sneo kernel: [<ffffffff81417fab>] ? system_call_fastpath+0x18/0x1d
To track down the problem, I reported the issue to the Debian maintainer, who asked for more input but did not state which kind of input he required. Eventually he closed the bug, stating that grsecurity on Debian is not a supported combination. Unfortunately he did not react on my suggestion, that this fault might reveal an security issue in tvtime on a "stock" kernel. (For reference, the bug is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665868).
I'm not a programmer per se (though involved in the IT security field) and was unable to understand the kernel help (including the referenced link) for CONFIG_PAX_SIZE_OVERFLOW.
Is this crash revealing a problematic issue within tvtime (i.e. something a user on an ordinary kernel should worry about) or just a minor hassle? (Or is there a longer description for the CONFIG_PAX_SIZE_OVERFLOW overflow option available, I'm perfectly fine reading a FAQ (first)).
Thanks
Helge
.