I recently moved from Gentoos hardened-sources 3.18.8, to 4.0.6-r2 (then 4.0.7-r1), and have hit the following size overflow since running Xen VMs.
- Code: Select all
Jul 6 22:12:02 minixen2 kernel: [ 70.506894] PAX: size overflow detected in function evtchn_read drivers/xen/evtchn.c:232 cicus.194_307 min, count: 18
Jul 6 22:12:02 minixen2 kernel: [ 70.506949] CPU: 0 PID: 4217 Comm: xenstored Not tainted 4.0.6-hardened-r2 #1
Jul 6 22:12:02 minixen2 kernel: [ 70.506951] Hardware name: MSI MS-7677/H61I-E35 (MS-7677), BIOS V6.2 09/10/2012
Jul 6 22:12:02 minixen2 kernel: [ 70.506952] 0000000000000000 0000000000000001 ffffffff817216b0 ffff88005afdc840
Jul 6 22:12:02 minixen2 kernel: [ 70.506954] ffffffff8119a879 ffff88005afdc888 ffffffff814bc723 0000000000000004
Jul 6 22:12:02 minixen2 kernel: [ 70.506956] 0000734ac07df994 0000734ac07df998 ffff880062a33ffc ffff880058a5e300
Jul 6 22:12:02 minixen2 kernel: [ 70.506958] Call Trace:
Jul 6 22:12:02 minixen2 kernel: [ 70.506964] [<ffffffff817216b0>] ? dump_stack+0x40/0x50
Jul 6 22:12:02 minixen2 kernel: [ 70.506967] [<ffffffff8119a879>] ? report_size_overflow+0x29/0x40
Jul 6 22:12:02 minixen2 kernel: [ 70.506970] [<ffffffff814bc723>] ? evtchn_read+0x563/0x590
Jul 6 22:12:02 minixen2 kernel: [ 70.506972] [<ffffffff811a8796>] ? do_vfs_ioctl+0x456/0x780
Jul 6 22:12:02 minixen2 kernel: [ 70.506975] [<ffffffff811d5acb>] ? fsnotify+0x2eb/0x420
Jul 6 22:12:02 minixen2 kernel: [ 70.506979] [<ffffffff8100a13f>] ? xen_restore_fl_direct_reloc+0x4/0x4
Jul 6 22:12:02 minixen2 kernel: [ 70.506980] [<ffffffff814bcce0>] ? evtchn_ioctl+0x1c0/0x680
Jul 6 22:12:02 minixen2 kernel: [ 70.506982] [<ffffffff81194bd9>] ? vfs_read+0x129/0x230
Jul 6 22:12:02 minixen2 kernel: [ 70.506984] [<ffffffff81194d29>] ? SyS_read+0x49/0xc0
Jul 6 22:12:02 minixen2 kernel: [ 70.506987] [<ffffffff81727475>] ? system_call_fastpath+0x12/0x17
Jul 6 22:12:02 minixen2 kernel: [ 70.506990] [<ffffffff8101d691>] ? pax_randomize_kstack+0x51/0x70
Jul 6 22:12:02 minixen2 kernel: [ 70.506992] [<ffffffff8172749c>] ? ret_from_sys_call+0x22/0x64
Had this happen on two entirely unrelated servers too.
Naturally disabling CONFIG_PAX_SIZE_OVERFLOW stops the overflow failure.
CONFIG_XEN_DEV_EVTCHN=y
This looks similar to this;
https://forums.grsecurity.net/viewtopic.php?f=3&t=4045
However my knowledge of C and kernel programming is a million miles off sufficient to make any useful attempts at resolving it.
Mike