[DRBD-user] grsecurity catching overflows

Roland Kammerer roland.kammerer at linbit.com
Wed Mar 2 17:19:40 CET 2016

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

On Tue, Mar 01, 2016 at 03:29:24PM +0000, Mike Williams wrote:
> Hey All,
> After a recent kernel update grsec started catching a size overflow in __disk_conf_from_attrs.
> Preventing DRBD from even starting.
> Full details, and a fix provided by PaX Team, here;
> https://forums.grsecurity.net/viewtopic.php?f=3&t=4366
> Looks like a simple copy+paste error.

No, that was correct at the time the code was written. But yes, recent
kernels should change that. Patches applied to our internal repos, will
land in mainline linux eventually.

> After fixing that we were good, until one pair got into a bit of an inconsistent state, and caused grsec to throw this warning.
> [   45.444342] PAX: size overflow detected in function drbd_send_bitmap drivers/block/drbd/drbd_main.c:1072 cicus.1231_442 min, count: 82, decl: encoding; num: 0; context: p_compressed_bm;

K. That needs more investigation. For now, thanks for reporting.

Regards, rck

More information about the drbd-user mailing list