PAX: size overflow detected in function cifs_write_from_iter
Posted: Wed Jan 27, 2016 5:16 amHello,
I enabled pax size overflow and I noticed issues with CIFS, a share mounted and active (read/writes).
grsecurity-3.1-4.3.4-201601231215.patch
gcc version 4.9.2 (Debian 4.9.2-10)
config-4.3.4-grsec
fs/cifs/file.c:2538 on grsec maps to this line: http://lxr.free-electrons.com/source/fs ... =4.3#L2534
Results: http://stalkr.net/grsec/fs-cifs-file.tgz
Let me know if you need any other info. Thanks for pax_size_overflow_report_only btw!
I enabled pax size overflow and I noticed issues with CIFS, a share mounted and active (read/writes).
grsecurity-3.1-4.3.4-201601231215.patch
gcc version 4.9.2 (Debian 4.9.2-10)
config-4.3.4-grsec
- Code: Select all
[ 443.970175] PAX: size overflow detected in function cifs_write_from_iter.isra.30 fs/cifs/file.c:2538 cicus.725_289 max, count: 61, decl: tailsz; num: 0; context: cifs_writedata;
[ 443.972643] CPU: 0 PID: 1554 Comm: duplicity Not tainted 4.3.4-grsec #1
[ 443.972645] ffffffff81e048eb 0000000000000000 00000000000009ea ffffc90002fb3aa0
[ 443.972648] ffffffff813a6269 ffffffffa05d08f6 ffffc90002fb3ad0 ffffffff811feb7e
[ 443.972649] 0000000100001000 00000000ffff4000 0000000000001000 0000000000000000
[ 443.972651] Call Trace:
[ 443.972654] [<ffffffff813a6269>] dump_stack+0x44/0x5b
[ 443.972659] [<ffffffffa05d08f6>] ? cifs_dfs_referral_inode_operations+0xfb6/0xc010 [cifs]
[ 443.972662] [<ffffffff811feb7e>] report_size_overflow+0x6e/0x80
[ 443.972667] [<ffffffffa05b1173>] cifs_write_from_iter.isra.30+0x8c3/0x980 [cifs]
[ 443.972671] [<ffffffffa05af270>] ? cifs_nt_open+0x1d0/0x1d0 [cifs]
[ 443.972676] [<ffffffffa05b5ed0>] cifs_user_writev+0xe0/0x3d0 [cifs]
[ 443.972680] [<ffffffffa05b6316>] cifs_strict_writev+0x156/0x210 [cifs]
[ 443.972682] [<ffffffff811f6c8e>] __vfs_write+0xde/0x110
[ 443.972683] [<ffffffff811f75fc>] vfs_write+0xfc/0x2b0
[ 443.972685] [<ffffffff811f8796>] SyS_write+0x46/0xb0
[ 443.972687] [<ffffffff817cd319>] entry_SYSCALL_64_fastpath+0x12/0x83
fs/cifs/file.c:2538 on grsec maps to this line: http://lxr.free-electrons.com/source/fs ... =4.3#L2534
- Code: Select all
# make fs/cifs/file.o EXTRA_CFLAGS="-fdump-tree-all -fdump-ipa-all"
Results: http://stalkr.net/grsec/fs-cifs-file.tgz
Let me know if you need any other info. Thanks for pax_size_overflow_report_only btw!
It will be fixed in the next grsec patch.
Thanks for the quick reply and fix, I'll check it out when it's available. Update: confirmed fixed!