[Drbd-dev] integer signedness mixup problem in drbd_main.c
Marc Schiffbauer
m at sys4.de
Tue Mar 22 00:18:17 CET 2016
hi all,
using a kernel hardened with grsecurity/PaX we discovered a problem
where PaX detects a size overflow after a quite large uptime:
PAX: size overflow detected in function drbd_send_dblock
drivers/block/drbd/drbd_main.c:1625 cicus.964_133 max, count: 1
this was in kernel 3.14.19, but 4.4.5 still seems to have that problem.
The line triggering this is:
p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq));
(line 1625 in linux 3.14.19 and 1637 in linux 4.4.5)
please see [1] for more details.
Please can you tell whether this should be fixed in drbd? Or might this
be some false positive in PaX?
regards
-Marc
[1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4425
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linbit.com/pipermail/drbd-dev/attachments/20160322/35fb16f4/attachment.pgp>
More information about the drbd-dev
mailing list