Hi,
With grsecurity-2.9.1-3.8.10-201304262208 I got this when logging onto an already running nfs client after having rebooted the server:
Apr 27 14:33:47 [kernel] PAX: size overflow detected in function nfsd_cache_update fs/nfsd/nfscache.c:267 cicus.155_59 min, count: 26
Apr 27 14:33:47 [kernel] Pid: 2832, comm: nfsd Not tainted 3.8.10-grsec #1
Apr 27 14:33:47 [kernel] Call Trace:
Apr 27 14:33:47 [kernel] [<ffffffff810f91de>] report_size_overflow+0x3a/0x44
Apr 27 14:33:47 [kernel] [<ffffffff811d1311>] nfsd_cache_update+0xac/0x1db
Apr 27 14:33:47 [kernel] [<ffffffff811c86ec>] nfsd_dispatch+0x171/0x188
Apr 27 14:33:47 [kernel] [<ffffffff81722964>] svc_process+0x485/0x73b
Apr 27 14:33:47 [kernel] [<ffffffff811c816b>] nfsd+0xc6/0x116
Apr 27 14:33:47 [kernel] [<ffffffff811c80a5>] ? nfsd_destroy+0x7d/0x7d
- Last output repeated twice -
Apr 27 14:33:47 [kernel] [<ffffffff8106d887>] kthread+0xc1/0xc9
Apr 27 14:33:47 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
Apr 27 14:33:47 [kernel] [<ffffffff817c1462>] ret_from_fork+0x72/0xa0
Apr 27 14:33:47 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
Edit: rebooting the client did not help.
nfs overflow
6 posts
• Page 1 of 1
nfs overflow
by forsaken » Sat Apr 27, 2013 8:39 am
- forsaken
- Posts: 74
- Joined: Tue May 18, 2004 3:04 am
Re: nfs overflow
by forsaken » Sat Apr 27, 2013 9:26 am
Thanks, unfortunately Jason's patch does not seem to solve the problem:
Apr 27 15:18:46 [kernel] PAX: size overflow detected in function nfsd_cache_update fs/nfsd/nfscache.c:269 cicus.156_64 min, count: 26
Apr 27 15:18:46 [kernel] Pid: 2826, comm: nfsd Not tainted 3.8.10-grsec #2
Apr 27 15:18:46 [kernel] Call Trace:
Apr 27 15:18:46 [kernel] [<ffffffff810f91de>] report_size_overflow+0x3a/0x44
Apr 27 15:18:46 [kernel] [<ffffffff811d131b>] nfsd_cache_update+0xb6/0x1f3
Apr 27 15:18:46 [kernel] [<ffffffff811c86ec>] nfsd_dispatch+0x171/0x188
Apr 27 15:18:46 [kernel] [<ffffffff81722964>] svc_process+0x485/0x73b
Apr 27 15:18:46 [kernel] [<ffffffff811c816b>] nfsd+0xc6/0x116
Apr 27 15:18:46 [kernel] [<ffffffff811c80a5>] ? nfsd_destroy+0x7d/0x7d
- Last output repeated twice -
Apr 27 15:18:46 [kernel] [<ffffffff8106d887>] kthread+0xc1/0xc9
Apr 27 15:18:46 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
Apr 27 15:18:46 [kernel] [<ffffffff817c1462>] ret_from_fork+0x72/0xa0
Apr 27 15:18:46 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
Apr 27 15:18:46 [kernel] PAX: size overflow detected in function nfsd_cache_update fs/nfsd/nfscache.c:269 cicus.156_64 min, count: 26
Apr 27 15:18:46 [kernel] Pid: 2826, comm: nfsd Not tainted 3.8.10-grsec #2
Apr 27 15:18:46 [kernel] Call Trace:
Apr 27 15:18:46 [kernel] [<ffffffff810f91de>] report_size_overflow+0x3a/0x44
Apr 27 15:18:46 [kernel] [<ffffffff811d131b>] nfsd_cache_update+0xb6/0x1f3
Apr 27 15:18:46 [kernel] [<ffffffff811c86ec>] nfsd_dispatch+0x171/0x188
Apr 27 15:18:46 [kernel] [<ffffffff81722964>] svc_process+0x485/0x73b
Apr 27 15:18:46 [kernel] [<ffffffff811c816b>] nfsd+0xc6/0x116
Apr 27 15:18:46 [kernel] [<ffffffff811c80a5>] ? nfsd_destroy+0x7d/0x7d
- Last output repeated twice -
Apr 27 15:18:46 [kernel] [<ffffffff8106d887>] kthread+0xc1/0xc9
Apr 27 15:18:46 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
Apr 27 15:18:46 [kernel] [<ffffffff817c1462>] ret_from_fork+0x72/0xa0
Apr 27 15:18:46 [kernel] [<ffffffff8106d7c6>] ? __kthread_parkme+0x66/0x66
- forsaken
- Posts: 74
- Joined: Tue May 18, 2004 3:04 am
Re: nfs overflow
by forsaken » Sat Apr 27, 2013 10:06 am
I added a printk before the overflow:
printk(KERN_ERR "resv: %d, statp: %X, iov_base: %X", resv->iov_len, statp, resv->iov_base);
Apr 27 16:00:55 [kernel] resv: 148, statp: E7F401C, iov_base: E7F4000
Don't see why that would overflow.
printk(KERN_ERR "resv: %d, statp: %X, iov_base: %X", resv->iov_len, statp, resv->iov_base);
Apr 27 16:00:55 [kernel] resv: 148, statp: E7F401C, iov_base: E7F4000
Don't see why that would overflow.
- forsaken
- Posts: 74
- Joined: Tue May 18, 2004 3:04 am
Re: nfs overflow
by PaX Team » Sun Apr 28, 2013 2:37 am
thanks for the info, that's a new/different issue, i believe it's the usual false positive due to gcc's canonicalization of the expression that introduces an intentional overflow and that the overflow plugin will have to recognize and not trigger on.
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: nfs overflow
by gaima » Mon Apr 29, 2013 5:10 pm
PaX Team wrote:thanks for the info, that's a new/different issue, i believe it's the usual false positive due to gcc's canonicalization of the expression that introduces an intentional overflow and that the overflow plugin will have to recognize and not trigger on.
Hi
I've got a very similar problem with 3.2.43.
- Code: Select all
[685687.851952] PAX: size overflow detected in function nfsd_cache_update fs/nfsd/nfscache.c:267 cicus.32_58 min, count: 8
[685687.851958] Pid: 8887, comm: nfsd Not tainted 3.2.43-hardened-r1 #1
[685687.851961] Call Trace:
[685687.851970] [<ffffffff810c685f>] ? report_size_overflow+0x22/0x2c
[685687.851982] [<ffffffffa05a7f57>] ? nfsd_cache_update+0xa8/0x1d1 [nfsd]
[685687.851989] [<ffffffffa05bfcb8>] ? nfs_cb_stat_to_errno+0x19ed/0xb8a1 [nfsd]
[685687.851996] [<ffffffffa059f8bc>] ? nfsd_dispatch+0x1d4/0x1ea [nfsd]
[685687.852002] [<ffffffffa05bfcb8>] ? nfs_cb_stat_to_errno+0x19ed/0xb8a1 [nfsd]
[685687.852019] [<ffffffffa034e1a9>] ? svc_process+0x4b1/0x7b8 [sunrpc]
[685687.852023] [<ffffffff8102c8d7>] ? try_to_wake_up+0x21a/0x21a
[685687.852028] [<ffffffffa059f0e3>] ? nfsd+0xe3/0x127 [nfsd]
[685687.852041] [<ffffffffa059f000>] ? 0xffffffffa059efff
[685687.852045] [<ffffffff8104d8c1>] ? kthread+0x82/0x8a
[685687.852049] [<ffffffff81441eb9>] ? kernel_thread_helper+0x9/0x20
[685687.852052] [<ffffffff8143f72a>] ? retint_restore_args+0x6/0xd
[685687.852055] [<ffffffff8104d83f>] ? kthread_worker_fn+0x13f/0x13f
[685687.852058] [<ffffffff81441eb0>] ? gs_change+0x1b/0x1b
As you can see from the dmesg timestamp it took nearly 8 days for the problem to occur.
Thanks
- gaima
- Posts: 27
- Joined: Fri Feb 12, 2010 12:17 pm
6 posts
• Page 1 of 1