grsecurity forums

[Dwokfur]

kernel: PAX: size overflow detected in function canon_copy_from_read_buf drivers/tty/n_tty.c:2008 cicus.277_577 min, count: 4
kernel: CPU: 2 PID: 32640 Comm: apcsmart Not tainted 3.12.4-hardened #4
kernel: Hardware name: System manufacturer System Product Name/Z8P(N)E-D12(X), BIOS 1302 06/25/2012
kernel: e3a88658fbfe4e65 0000000000000000 ffffffff84e2cb1d ffffffff81b6a481
kernel: ffffffff84e2cc07 ffffffff8117ee41 0000000000000000 ffff880231237ea8
kernel: 0000000000000000 ffffc90011f05000 ffffffff8146b10c ffffffffffff4111
kernel: Call Trace:
kernel: [<ffffffff81b6a481>] ? dump_stack+0x41/0x57
kernel: [<ffffffff8117ee41>] ? report_size_overflow+0x31/0x40
kernel: [<ffffffff8146b10c>] ? n_tty_read+0x137c/0x1380
kernel: [<ffffffff810a89c0>] ? wake_up_state+0x20/0x20
kernel: [<ffffffff81465050>] ? tty_read+0x90/0x100
kernel: [<ffffffff811781af>] ? vfs_read+0xdf/0x240
kernel: [<ffffffff811791c8>] ? SyS_read+0x48/0xa0
kernel: [<ffffffff81b764d3>] ? system_call_fastpath+0x18/0x1d

I tried to start nut upsd which would communicate with an APC Smart UPS connected through a serial cable. The problem popped up immediately.
Is this problem have already been fixed? If not: how can I manually take care of the issue without disabling size overflow plugin?
I'm still using 3.12.4-hardened, because I was busy with systemd transition.

Thx: Dw.

[ephox]

Can you trigger it with latest kernel version? Could you please send me the result (all n_tty.c.*, n_tty.o files) of make drivers/tty/n_tty.o EXTRA_CFLAGS=-fdump-tree-all?

[ephox]

Thanks for the report. This bug will be fixed in the next PaX version.