PAX: size overflow detected in function elf_core_dump

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

PAX: size overflow detected in function elf_core_dump

Postby Dwokfur » Wed Jun 15, 2016 7:13 pm

It happens during gcc compile while configtest.
On one machine:
PAX: size overflow detected in function elf_core_dump fs/binfmt_elf.c:2609 cicus.537_1386 min, count: 96, decl: # size_overflow MARK_NO copy_user_generic 3; num: 0; context: attr;
Another machine:
PAX: size overflow detected in function elf_core_dump fs/binfmt_elf.c:2609 cicus.533_1343 min, count: 96, decl: # size_overflow MARK_NO copy_user_generic 3; num: 0; context: attr;
Running kernels hardened-sources-4.5.5-r2 and hardened-sources-4.5.6.
I'm about to test hardened-sources-4.5.7-r1, but I'm having problems with -fstack-protector-strong detection... It works, but kernel Makefile detects it wrong.
Dwokfur
 
Posts: 99
Joined: Tue Jun 08, 2004 10:07 am

Re: PAX: size overflow detected in function elf_core_dump

Postby Dwokfur » Sat Jun 18, 2016 5:18 pm

Dear Emese,

Please find the requested information below.
Please let me know if you need anything else...
I can provide the core file systemd created, it seems to be too small, ELF information in it(???) - maybe truncated?

Code: Select all
(admin:S:/) denied resource overstep by requesting 36864 for RLIMIT_STACK against limit 32768 for /var/tmp/portage/sys-devel/gcc-5.4.0/work/build/x86_64-pc-linux-gnu/libjava/conftest[conftest:10205] uid/euid:250/250 gid/egid:250/250, parent /bin/bash[bash:8790] uid/euid:250/250 gid/egid:250/250
(admin:S:/) Segmentation fault occurred at            (nil) in /var/tmp/portage/sys-devel/gcc-5.4.0/work/build/x86_64-pc-linux-gnu/libjava/conftest[conftest:10205] uid/euid:250/250 gid/egid:250/250, parent /bin/bash[bash:8790] uid/euid:250/250 gid/egid:250/250


Code: Select all
PAX end: 0 start: 3f6da19ad78


Code: Select all
PAX: size overflow detected in function elf_core_dump fs/binfmt_elf.c:2610 cicus.537_1389 min, count: 96, decl: # size_overflow MARK_NO copy_user_generic 3; num: 0; context: attr;
CPU: 3 PID: 10205 Comm: conftest Not tainted 4.5.7-hardened-r1 #2
Hardware name: Hewlett-Packard HP, BIOS Ver. F.60 03/12/2015
 0000000000000000 bbb2a1c873139295 0000000000000286 0000000000000000
 ffffffff9e667970 ffffffffa545f17a bbb2a1c873139295 ffffffffa545f17a
 0000000000000a32 ffffffff9e238981 000003f6da19ad78 ffffc9000995bb98
Call Trace:
 [<ffffffff9e667970>] ? dump_stack+0x5a/0xaa
 [<ffffffff9e238981>] ? report_size_overflow+0x61/0x80
 [<ffffffff9e2a1c74>] ? elf_core_dump+0x1f64/0x20d0
 [<ffffffff9e11656d>] ? get_vtime_delta+0xd/0x90
 [<ffffffff9e11f375>] ? put_prev_entity+0x25/0x7e0
 [<ffffffff9f0458a2>] ? schedule_timeout+0x1a2/0x230
 [<ffffffff9e0ded2a>] ? unshare_files+0x3a/0xc0
 [<ffffffff9e2acc77>] ? do_coredump+0x7f7/0xf50
 [<ffffffff9e0f16e5>] ? get_signal+0x1e5/0x570
 [<ffffffff9e004043>] ? do_signal+0x43/0x780
 [<ffffffff9e001262>] ? exit_to_usermode_loop+0x52/0xa0
 [<ffffffff9e0018d7>] ? syscall_return_slowpath+0xa7/0xc0
 [<ffffffff9f046e01>] ? int_ret_from_sys_call+0x20/0x9a
jún 18 22:27:42 szk-simor systemd[1]: Created slice system-systemd\x2dcoredump.slice.
Dwokfur
 
Posts: 99
Joined: Tue Jun 08, 2004 10:07 am

Re: PAX: size overflow detected in function elf_core_dump

Postby PaX Team » Sat Jun 18, 2016 6:46 pm

can you try the following patch please:
Code: Select all
--- a/fs/exec.c        2016-04-12 22:12:51.769109042 +0200
+++ b/fs/exec.c   2016-06-19 00:42:59.888658506 +0200
@@ -704,7 +704,7 @@ int setup_arg_pages(struct linux_binprm
        stack_base = PAGE_ALIGN(stack_top - stack_base);

        stack_shift = vma->vm_start - stack_base;
-       mm->arg_start = bprm->p - stack_shift;
+       mm->arg_end = mm->arg_start = bprm->p - stack_shift;
        bprm->p = vma->vm_end - stack_shift;
 #else
        stack_top = arch_align_stack(stack_top);
@@ -713,7 +713,7 @@ int setup_arg_pages(struct linux_binprm
        stack_shift = vma->vm_end - stack_top;

        bprm->p -= stack_shift;
-       mm->arg_start = bprm->p;
+       mm->arg_end = mm->arg_start = bprm->p;
 #endif

        if (bprm->loader)
PaX Team
 
Posts: 2310
Joined: Mon Mar 18, 2002 4:35 pm


Return to grsecurity support