PAX: size overflow detected in function em_ret_far

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

PAX: size overflow detected in function em_ret_far

Postby fx3 » Tue Dec 08, 2015 11:26 am

Hello,

I've got another crash on my Arch Linux with linux-grsec-4.2.6.201512051918-1-x86_64 when starting VMs with qemu:

Code: Select all
[   25.520431] PAX: size overflow detected in function em_ret_far arch/x86/kvm/emulate.c:2198 cicus.1345_63 max, count: 243, decl: __load_segment_descriptor; num: 2; context: fndecl;
[   25.520517] CPU: 0 PID: 1212 Comm: qemu-system-x86 Not tainted 4.2.6.201512051918-1-grsec #1
[   25.520519] Hardware name: Intel Corporation S5500HCV/S5500HCV, BIOS S5500.86B.01.00.0059.082320111421 08/23/2011
[   25.520521]  ffffffff89a04847 2d5adece4769f79e 0000000000000000 ffffffffc02c93f2
[   25.520524]  ffffc90006ff3a58 ffffffff895d24a8 00000000000000a7 ffffffffc02c9455
[   25.520527]  ffffc90006ff3a88 ffffffff891a6e24 ffff88064d9d1570 0000000000000000
[   25.520530] Call Trace:
[   25.520540]  [<ffffffff895d24a8>] dump_stack+0x4c/0x7f
[   25.520545]  [<ffffffff891a6e24>] report_size_overflow+0x34/0x40
[   25.520561]  [<ffffffffc01f78c2>] em_ret_far+0xf2/0x1a0 [kvm]
[   25.520570]  [<ffffffffc01fd237>] ? kvm_irq_delivery_to_apic_fast+0x217/0x2c0 [kvm]
[   25.520578]  [<ffffffffc01f98ad>] x86_emulate_insn+0x2cd/0x1070 [kvm]
[   25.520586]  [<ffffffffc01f86e8>] ? x86_decode_insn+0x3d8/0x1250 [kvm]
[   25.520595]  [<ffffffffc01dd177>] x86_emulate_instruction+0x1a7/0x750 [kvm]
[   25.520602]  [<ffffffffc024e600>] vmx_handle_exit+0x200/0x1370 [kvm_intel]
[   25.520605]  [<ffffffffc02456e1>] ? vmx_set_rflags+0x41/0x50 [kvm_intel]
[   25.520613]  [<ffffffffc01d5f85>] ? __kvm_set_rflags+0x55/0x70 [kvm]
[   25.520617]  [<ffffffffc02488a4>] ? update_cr8_intercept+0x64/0x70 [kvm_intel]
[   25.520620]  [<ffffffffc0244970>] ? vmx_get_exit_info+0x40/0x40 [kvm_intel]
[   25.520623]  [<ffffffffc0244380>] ? vmx_invpcid_supported+0x30/0x30 [kvm_intel]
[   25.520632]  [<ffffffffc01e1bac>] kvm_arch_vcpu_ioctl_run+0x73c/0x1270 [kvm]
[   25.520638]  [<ffffffffc01cabed>] kvm_vcpu_ioctl+0x52d/0xe10 [kvm]
[   25.520642]  [<ffffffff891b5f52>] do_vfs_ioctl+0x5c2/0x8a0
[   25.520646]  [<ffffffff891c2749>] ? __fget+0x79/0xa0
[   25.520648]  [<ffffffff891b62ad>] SyS_ioctl+0x7d/0x90
[   25.520653]  [<ffffffff895d86b0>] entry_SYSCALL_64_fastpath+0x12/0x8a
fx3
 
Posts: 8
Joined: Mon Dec 07, 2015 7:55 pm

Re: PAX: size overflow detected in function em_ret_far

Postby ephox » Tue Dec 08, 2015 4:12 pm

Thanks for the report, it will be fixed in the next grsec patch.
ephox
 
Posts: 134
Joined: Tue Mar 20, 2012 4:36 pm


Return to grsecurity support

cron