Cannot access DVDs anymore

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

Cannot access DVDs anymore

Postby kreutzm » Sun Oct 18, 2015 12:03 pm

Hello,
I very infrequently watch a DVD. Until the last time (probably many, many month ago) it worked without a problem. Now with 3.2.70 (with grsecurity-3.1-3.2.70-201508102127.patch) as well as with kernel 3.2.71 with grsecurity-3.1-3.2.71-201508142231.patch the process hangs in D state, actually PAX throws an error:

Oct 17 19:34:25 sneo kernel: PAX: size overflow detected in function sr_done drivers/scsi/sr.c:299 cicus.129_73 min, count: 8
Oct 17 19:34:25 sneo kernel: Pid: 1098, comm: scsi_eh_1 Not tainted 3.2.71sneo.01-grsec #1
Oct 17 19:34:25 sneo kernel: [<ffffffffa0041c9e>] ? exit_sr+0x531/0xb5a [sr_mod]
Oct 17 19:34:25 sneo kernel: [<ffffffff810efc45>] ? report_size_overflow+0x35/0x40
Oct 17 19:34:25 sneo kernel: [<ffffffffa00405df>] ? sr_done+0x1cf/0x1d0 [sr_mod]
Oct 17 19:34:25 sneo kernel: [<ffffffff812c8e67>] ? scsi_finish_command+0xc7/0x190
Oct 17 19:34:25 sneo kernel: [<ffffffff812ce51c>] ? scsi_eh_flush_done_q+0xec/0x140
Oct 17 19:34:25 sneo kernel: [<ffffffff812f07d0>] ? ata_scsi_port_error_handler+0x540/0x690
Oct 17 19:34:25 sneo kernel: [<ffffffff812f09b2>] ? ata_scsi_error+0x92/0xd0
Oct 17 19:34:25 sneo kernel: [<ffffffff812ceaa4>] ? scsi_error_handler+0x164/0x6d0
Oct 17 19:34:25 sneo kernel: [<ffffffff812ce940>] ? scsi_eh_get_sense+0x1f0/0x1f0
Oct 17 19:34:25 sneo kernel: [<ffffffff8106b9ee>] ? kthread+0x9e/0xb0
Oct 17 19:34:25 sneo kernel: [<ffffffff81461e49>] ? kernel_thread_helper+0x9/0x20
Oct 17 19:34:25 sneo kernel: [<ffffffff8106b950>] ? kthread_flush_work_fn+0x10/0x10
Oct 17 19:34:25 sneo kernel: [<ffffffff81461e40>] ? gs_change+0x1b/0x1b
Oct 17 19:37:49 sneo kernel: INFO: task xine:14455 blocked for more than 120 seconds.
Oct 17 19:37:49 sneo kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
Oct 17 19:37:49 sneo kernel: xine D ffff88022ec26e08 0 14455 5389 0x00000000
Oct 17 19:37:49 sneo kernel: ffff88022ec26860 0000000000000082 ffff8802369327e0 ffff88022ec26ce0
Oct 17 19:37:49 sneo kernel: ffff88022ec26ce0 000000000000c500 ffffffffffff4111 ffffffff00000001
Oct 17 19:37:49 sneo kernel: ffffffffffff4111 ffffffffffff4111 ffffffffffff4111 ffffffffffff4111
Oct 17 19:37:49 sneo kernel: [<ffffffff8145e3a5>] ? schedule_timeout+0x185/0x200
Oct 17 19:37:49 sneo kernel: [<ffffffff8145de7f>] ? wait_for_common+0x10f/0x180
Oct 17 19:37:49 sneo kernel: [<ffffffff81041b20>] ? wake_up_process+0x50/0x50
Oct 17 19:37:49 sneo kernel: [<ffffffff81063bc8>] ? wait_on_work+0x168/0x170
Oct 17 19:37:49 sneo kernel: [<ffffffff81063300>] ? send_mayday+0x70/0x70
Oct 17 19:37:49 sneo kernel: [<ffffffff811e0101>] ? sha256_transform+0x471/0x1af0
Oct 17 19:37:49 sneo kernel: [<ffffffff81065ea4>] ? __cancel_work_timer+0x44/0x150
Oct 17 19:37:49 sneo kernel: [<ffffffff811f0258>] ? disk_block_events+0x98/0xd0
Oct 17 19:37:49 sneo kernel: [<ffffffff81126783>] ? __blkdev_get+0x43/0x420
Oct 17 19:37:49 sneo kernel: [<ffffffff81126c86>] ? blkdev_get+0x126/0x340
Oct 17 19:37:49 sneo kernel: [<ffffffff81125c4f>] ? bd_acquire+0x2f/0xd0
Oct 17 19:37:49 sneo kernel: [<ffffffff81126f10>] ? blkdev_get_by_dev+0x70/0x70
Oct 17 19:37:49 sneo kernel: [<ffffffff810e67c7>] ? __dentry_open+0x267/0x360
Oct 17 19:37:49 sneo kernel: [<ffffffff810f631e>] ? path_get+0x1e/0x30
Oct 17 19:37:49 sneo kernel: [<ffffffff810fa2c4>] ? do_last.isra.34+0x374/0xa60
Oct 17 19:37:49 sneo kernel: [<ffffffff810fbe02>] ? path_openat+0x382/0x4c0
Oct 17 19:37:49 sneo kernel: [<ffffffff810fc0ee>] ? do_filp_open+0x4e/0xd0
Oct 17 19:37:49 sneo kernel: [<ffffffff8110ac02>] ? alloc_fd+0x42/0x120
Oct 17 19:37:49 sneo kernel: [<ffffffff810e7e76>] ? do_sys_open+0xf6/0x1f0
Oct 17 19:37:49 sneo kernel: [<ffffffff81460060>] ? system_call_fastpath+0x16/0x1b
(then similar blocks with udeved and xine appear, I can post them if it helps).

If I reboot without removing the DVD then the boot hangs as well (I did not copy down the exact last output, but if needed I can do so).

I'v used grsecurity with 3.2 since 3.2.2 (albeit not every release) with grsecurity without this problem (however, I don't know the last one which worked). (And with much older kernels as well, though I cannot remember when I first tried to watch a DVD).

Previously I used Debian 7 and now I'm using Debian 8.

I've tried to apply the 71 patch on the 72 kernel, however, it did not apply cleanly so I did not test further atm. Since this is my main work machine, I'd rather remain on stable kernels (at least as long as they are supported).

Listening to audio from CD-ROMs / grabbing tracks works without any problems.

If you need further information I'll gladly provide them.

Do you have any suggestions about possible options to avoid that error?
kreutzm
 
Posts: 9
Joined: Fri Jan 04, 2013 1:12 pm

Re: Cannot access DVDs anymore

Postby spender » Sun Oct 18, 2015 3:12 pm

The following patch should fix the issue (it will apply with some offsets to the 3.2 kernel):
https://grsecurity.net/~spender/scsi.diff

Do note however that the 3.2 and 3.14 patches aren't publicly available anymore, so you'll eventually want to transition to the test patches.

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm

Re: Cannot access DVDs anymore

Postby kreutzm » Thu Oct 22, 2015 2:47 pm

Hello Brad,
thanks a lot, this works.

Regarding transition to test patches I'm still hope that there might be some way for (longterm) users to get some access to stable patches. I simply don't have the resources to constantly update test kernels and adjust my monitoring infrastructure rapidly (I'm not a paid sysadmin).

Regards

Helge
kreutzm
 
Posts: 9
Joined: Fri Jan 04, 2013 1:12 pm


Return to grsecurity support