PAX: size overflow detected in function cifs_write_from_iter

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

PAX: size overflow detected in function cifs_write_from_iter

Postby StalkR » Wed Jan 27, 2016 5:16 am

Hello,

I enabled pax size overflow and I noticed issues with CIFS, a share mounted and active (read/writes).
grsecurity-3.1-4.3.4-201601231215.patch
gcc version 4.9.2 (Debian 4.9.2-10)
config-4.3.4-grsec

Code: Select all
[  443.970175] PAX: size overflow detected in function cifs_write_from_iter.isra.30 fs/cifs/file.c:2538 cicus.725_289 max, count: 61, decl: tailsz; num: 0; context: cifs_writedata;
[  443.972643] CPU: 0 PID: 1554 Comm: duplicity Not tainted 4.3.4-grsec #1
[  443.972645]  ffffffff81e048eb 0000000000000000 00000000000009ea ffffc90002fb3aa0
[  443.972648]  ffffffff813a6269 ffffffffa05d08f6 ffffc90002fb3ad0 ffffffff811feb7e
[  443.972649]  0000000100001000 00000000ffff4000 0000000000001000 0000000000000000
[  443.972651] Call Trace:
[  443.972654]  [<ffffffff813a6269>] dump_stack+0x44/0x5b
[  443.972659]  [<ffffffffa05d08f6>] ? cifs_dfs_referral_inode_operations+0xfb6/0xc010 [cifs]
[  443.972662]  [<ffffffff811feb7e>] report_size_overflow+0x6e/0x80
[  443.972667]  [<ffffffffa05b1173>] cifs_write_from_iter.isra.30+0x8c3/0x980 [cifs]
[  443.972671]  [<ffffffffa05af270>] ? cifs_nt_open+0x1d0/0x1d0 [cifs]
[  443.972676]  [<ffffffffa05b5ed0>] cifs_user_writev+0xe0/0x3d0 [cifs]
[  443.972680]  [<ffffffffa05b6316>] cifs_strict_writev+0x156/0x210 [cifs]
[  443.972682]  [<ffffffff811f6c8e>] __vfs_write+0xde/0x110
[  443.972683]  [<ffffffff811f75fc>] vfs_write+0xfc/0x2b0
[  443.972685]  [<ffffffff811f8796>] SyS_write+0x46/0xb0
[  443.972687]  [<ffffffff817cd319>] entry_SYSCALL_64_fastpath+0x12/0x83


fs/cifs/file.c:2538 on grsec maps to this line: http://lxr.free-electrons.com/source/fs ... =4.3#L2534

Code: Select all
# make fs/cifs/file.o EXTRA_CFLAGS="-fdump-tree-all -fdump-ipa-all"

Results: http://stalkr.net/grsec/fs-cifs-file.tgz

Let me know if you need any other info. Thanks for pax_size_overflow_report_only btw!
StalkR
 
Posts: 3
Joined: Wed May 15, 2013 7:23 pm

Re: PAX: size overflow detected in function cifs_write_from_

Postby ephox » Thu Jan 28, 2016 5:13 pm

Thanks for this perfect bug report. :) It will be fixed in the next grsec patch.
ephox
 
Posts: 134
Joined: Tue Mar 20, 2012 4:36 pm

Re: PAX: size overflow detected in function cifs_write_from_

Postby StalkR » Thu Jan 28, 2016 5:37 pm

I looked at the other bug reports see what was asked so it can be as helpful as possible ;) Thanks for the quick reply and fix, I'll check it out when it's available. Update: confirmed fixed!
StalkR
 
Posts: 3
Joined: Wed May 15, 2013 7:23 pm


Return to grsecurity support

cron