[Drbd-dev] integer signedness mixup problem in drbd_main.c

Marc Schiffbauer m at sys4.de
Tue Mar 22 00:18:17 CET 2016

hi all,

using a kernel hardened with grsecurity/PaX we discovered a problem 
where PaX detects a size overflow after a quite large uptime:

PAX: size overflow detected in function drbd_send_dblock 
drivers/block/drbd/drbd_main.c:1625 cicus.964_133 max, count: 1

this was in kernel 3.14.19, but 4.4.5 still seems to have that problem.  
The line triggering this is:

p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq));

(line 1625 in linux 3.14.19 and 1637 in linux 4.4.5)

please see [1] for more details.

Please can you tell whether this should be fixed in drbd? Or might this 
be some false positive in PaX?


[1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4425

[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München

Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.linbit.com/pipermail/drbd-dev/attachments/20160322/35fb16f4/attachment.pgp>

More information about the drbd-dev mailing list