Page 1 of 1

PAX: size overflow detected in function nv_alloc_rx_optimize

PostPosted: Mon Dec 07, 2015 8:02 pm
by fx3
Hello,

on my Arch Linux the following thing happens with linux-grsec-4.2.6.201512051918-1-x86_64 when system is trying to set up network interfaces:

Code: Select all
kernel: PAX: size overflow detected in function nv_alloc_rx_optimized drivers/net/ethernet/nvidia/forcedeth.c:1870 cicus.628_147 max, count: 23, decl: buflow; num: 0; context: ring_desc_ex;
kernel: CPU: 1 PID: 379 Comm: ip Not tainted 4.2.6.201512051918-1-grsec #1
kernel: Hardware name: Gigabyte Technology Co., Ltd. M61P-S3/M61P-S3, BIOS F6 10/02/2007
kernel:  ffffffffafa04847 7ebe619190aff1b1 0000000000000000 ffffffffc027f438
kernel:  ffffc9000099b4d8 ffffffffaf5d24a8 00000000000000b5 ffffffffc0280519
kernel:  ffffc9000099b508 ffffffffaf1a6e24 ffff8800dcd5c020 000000011a19f840
kernel: Call Trace:
kernel:  [<ffffffffc027f438>] ? forcedeth_pci_driver_exit+0x1617/0x39c2 [forcedeth]
kernel:  [<ffffffffaf5d24a8>] dump_stack+0x4c/0x7f
kernel:  [<ffffffffc0280519>] ? forcedeth_pci_driver_exit+0x26f8/0x39c2 [forcedeth]
kernel:  [<ffffffffaf1a6e24>] report_size_overflow+0x34/0x40
kernel:  [<ffffffffc0273fd3>] nv_alloc_rx_optimized+0x253/0x3c0 [forcedeth]
kernel:  [<ffffffffc027428e>] nv_init_ring+0x14e/0x1b0 [forcedeth]
kernel:  [<ffffffffc027b2fc>] nv_open+0xfc/0x640 [forcedeth]
kernel:  [<ffffffffc027e560>] ? forcedeth_pci_driver_exit+0x73f/0x39c2 [forcedeth]
kernel:  [<ffffffffaf4a19b3>] __dev_open+0xe3/0x160
kernel:  [<ffffffffaf4a1d26>] __dev_change_flags+0xb6/0x180
kernel:  [<ffffffffaf4a1e1f>] dev_change_flags+0x2f/0x70
kernel:  [<ffffffffaf4b95a2>] do_setlink+0x352/0xbd0
kernel:  [<ffffffffc027e560>] ? forcedeth_pci_driver_exit+0x73f/0x39c2 [forcedeth]
kernel:  [<ffffffffaf300b39>] ? nla_parse+0x39/0x110
kernel:  [<ffffffffaf4ba5c6>] rtnl_newlink+0x666/0x960
kernel:  [<ffffffffaf06e1f0>] ? ns_capable+0x50/0x80
kernel:  [<ffffffffaf4d7755>] ? __netlink_ns_capable+0x45/0x60
kernel:  [<ffffffffaf4b82c5>] rtnetlink_rcv_msg+0xa5/0x250
kernel:  [<ffffffffaf4b8220>] ? rtnetlink_rcv+0x40/0x40
kernel:  [<ffffffffaf4dd160>] netlink_rcv_skb+0xf0/0x140
kernel:  [<ffffffffaf4b81fb>] ? rtnetlink_rcv+0x1b/0x40
kernel:  [<ffffffffaf4b8207>] rtnetlink_rcv+0x27/0x40
kernel:  [<ffffffffaf4dc4d1>] netlink_unicast+0x131/0x1d0
kernel:  [<ffffffffaf4dcbcd>] netlink_sendmsg+0x58d/0x840
kernel:  [<ffffffffaf2e114c>] ? import_iovec+0x4c/0xf0
kernel:  [<ffffffffaf475f81>] sock_sendmsg+0x51/0x60
kernel:  [<ffffffffaf476cb7>] ___sys_sendmsg+0x377/0x420
kernel:  [<ffffffffaf1c2857>] ? __fdget+0x17/0x30
kernel:  [<ffffffffaf4782eb>] __sys_sendmsg+0x5b/0xb0
kernel:  [<ffffffffaf478367>] SyS_sendmsg+0x27/0x50
kernel:  [<ffffffffaf5d86b0>] entry_SYSCALL_64_fastpath+0x12/0x8a

Re: PAX: size overflow detected in function nv_alloc_rx_opti

PostPosted: Tue Dec 08, 2015 3:55 pm
by ephox
Thanks for the report, it will be fixed in the next grsec patch.

Re: PAX: size overflow detected in function nv_alloc_rx_opti

PostPosted: Tue Dec 15, 2015 5:03 pm
by fx3
Thanks! Tested & it works fine with lastest patch.