grsecurity forums

[ 336.731052] PAX: size overflow detected in function make_request drivers/md/raid1.c:1362 cicus.606_684 max, count: 91, decl: sector; num: 0; context: r1bio;
[ 336.731324] CPU: 1 PID: 1721 Comm: qemu-system-x86 Not tainted 4.2.6-grsec #1
[ 336.731330] Hardware name: REMOVED
[ 336.731335] 0000000000000000 9ee91efc4ea5ba16 ffffc900037b33e8 ffffffff9b6ef2d2
[ 336.731345] ffff88021fc8ddc0 0000000100400100 ffffc900037b33f8 ffffffff9b185e92
[ 336.731353] ffffc900037b35b8 ffffffffc005c8de 0000000000000001 0000000000000292
[ 336.731360] Call Trace:
[ 336.731376] [<ffffffff9b6ef2d2>] dump_stack+0x45/0x5d
[ 336.731386] [<ffffffff9b185e92>] report_size_overflow+0x22/0x30
[ 336.731400] [<ffffffffc005c8de>] make_request+0x95e/0x1640 [raid1]
[ 336.731409] [<ffffffff9b0970f3>] ? __wake_up+0x43/0x60
[ 336.731418] [<ffffffff9b2f3b6a>] ? __blkg_lookup+0x3a/0x70
[ 336.731425] [<ffffffff9b2f6825>] ? blk_throtl_bio+0x205/0x370
[ 336.731431] [<ffffffff9b2f3b6a>] ? __blkg_lookup+0x3a/0x70
[ 336.731437] [<ffffffff9b2f6825>] ? blk_throtl_bio+0x205/0x370
[ 336.731446] [<ffffffff9b5589c8>] md_make_request+0xf8/0x230
[ 336.731453] [<ffffffff9b2d3398>] generic_make_request+0xe8/0x130
[ 336.731460] [<ffffffff9b2d3451>] submit_bio+0x71/0x170
[ 336.731468] [<ffffffff9b1c42e3>] do_blockdev_direct_IO+0x3503/0x46c0
[ 336.731474] [<ffffffff9b1c43b7>] ? do_blockdev_direct_IO+0x35d7/0x46c0
[ 336.731487] [<ffffffff9b1bdbb0>] ? I_BDEV+0x20/0x20
[ 336.731494] [<ffffffff9b1c54de>] __blockdev_direct_IO+0x3e/0x50
[ 336.731502] [<ffffffff9b10f4b5>] ? filemap_write_and_wait_range+0x65/0x70
[ 336.731508] [<ffffffff9b1be5b7>] blkdev_direct_IO+0x47/0x50
[ 336.731515] [<ffffffff9b10fd52>] generic_file_direct_write+0xf2/0x340
[ 336.731522] [<ffffffff9b110061>] __generic_file_write_iter+0xc1/0x3e0
[ 336.731530] [<ffffffff9b31673a>] ? rb_insert_color+0x1aa/0x2c0
[ 336.731536] [<ffffffff9b1bf1d0>] ? blkdev_close+0x30/0x30
[ 336.731542] [<ffffffff9b1bf256>] blkdev_write_iter+0x86/0x120
[ 336.731550] [<ffffffff9b2b3e43>] ? apparmor_file_permission+0x13/0x20
[ 336.731557] [<ffffffff9b29eca8>] ? security_file_permission+0x48/0xc0
[ 336.731564] [<ffffffff9b1d3d65>] aio_run_iocb+0x275/0x2d0
[ 336.731571] [<ffffffff9b2d179f>] ? __blk_run_queue+0x3f/0x60
[ 336.731580] [<ffffffff9b1a0c50>] ? __fget_light+0x20/0x60
[ 336.731586] [<ffffffff9b1d4cf2>] do_io_submit+0x342/0x5b0
[ 336.731593] [<ffffffff9b1d4f6b>] SyS_io_submit+0xb/0x20
[ 336.731601] [<ffffffff9b6f5bdb>] entry_SYSCALL_64_fastpath+0x12/0x79

this looks like the same code we fixed in raid10, the following patch should resolve it:

Code: Select all

--- a/drivers/md/raid1.c   2015-11-10 01:38:00.178813965 +0100
+++ b/drivers/md/raid1.c  2015-12-03 13:55:58.770088860 +0100
@@ -1095,7 +1095,7 @@
        struct blk_plug_cb *cb;
        struct raid1_plug_cb *plug = NULL;
        int first_clone;
-       int sectors_handled;
+       sector_t sectors_handled;
        int max_sectors;
        sector_t start_next_window;