[DRBD-user] grsecurity catching overflows

Mike Williams mike.williams at comodo.com
Tue Mar 1 16:29:24 CET 2016

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

Hey All,

After a recent kernel update grsec started catching a size overflow in __disk_conf_from_attrs.
Preventing DRBD from even starting.

Full details, and a fix provided by PaX Team, here;
https://forums.grsecurity.net/viewtopic.php?f=3&t=4366

Looks like a simple copy+paste error.



After fixing that we were good, until one pair got into a bit of an inconsistent state, and caused grsec to throw this warning.


[   45.444342] PAX: size overflow detected in function drbd_send_bitmap drivers/block/drbd/drbd_main.c:1072 cicus.1231_442 min, count: 82, decl: encoding; num: 0; context: p_compressed_bm;
[   45.444371] CPU: 0 PID: 3190 Comm: drbd_w_drbd0 Not tainted 4.3.5-hardened-r2 #1
[   45.444374]  0000000000000430 ffffffff813bd89b ffffffffa0857a60 ffffffff8116908f
[   45.444379]  0000000000000000 ffffc90047c9be10 ffff8800ffff5800 ffff8801f1908010
[   45.444382]  ffffffffa083d844 000000000000d092 0000000000000000 ffff8800fffea6d0
[   45.444385] Call Trace:
[   45.444398]  [<ffffffff813bd89b>] ? dump_stack+0x40/0x55
[   45.444416]  [<ffffffffa0857a60>] ? drbd_nla_find_nested+0x72d0/0x154ad [drbd]
[   45.444432]  [<ffffffff8116908f>] ? report_size_overflow+0x5f/0x70
[   45.444439]  [<ffffffffa083d844>] ? drbd_send_bitmap+0x584/0xae0 [drbd]
[   45.444444]  [<ffffffffa084eaa7>] ? w_after_state_ch+0x897/0x2290 [drbd]
[   45.444450]  [<ffffffffa0836bd6>] ? w_bitmap_io+0xf6/0x340 [drbd]
[   45.444455]  [<ffffffffa0820b5d>] ? drbd_worker+0xdd/0x370 [drbd]
[   45.444460]  [<ffffffffa0837690>] ? drbd_destroy_connection+0xd0/0xd0 [drbd]
[   45.444466]  [<ffffffffa08376d1>] ? drbd_thread_setup+0x41/0x130 [drbd]
[   45.444471]  [<ffffffffa0837690>] ? drbd_destroy_connection+0xd0/0xd0 [drbd]
[   45.444477]  [<ffffffff81077f7c>] ? kthread+0xbc/0xe0
[   45.444480]  [<ffffffff81077ec0>] ? kthread_create_on_node+0x170/0x170
[   45.444485]  [<ffffffff817047be>] ? ret_from_fork+0x3e/0x70
[   45.444487]  [<ffffffff81077ec0>] ? kthread_create_on_node+0x170/0x170


I've spent a while looking at the code, and haven't found anything.
But, honestly, I really don't know what I'm doing.
I'm an admin, not a programmer.

I've got more information if anything will help.


-- 
Mike Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5781 bytes
Desc: not available
URL: <http://lists.linbit.com/pipermail/drbd-user/attachments/20160301/d526a469/attachment.bin>

More information about the drbd-user mailing list