tcp_recvmsg overflow, is this Pax or Kernel bug?

Discuss usability issues, general maintenance, and general support issues for a grsecurity-enabled system.

tcp_recvmsg overflow, is this Pax or Kernel bug?

Postby cmouse » Wed Jul 11, 2012 6:22 am

During file transfer, the transfer hangs and this is found in kernel logs. Kernel version 3.2.22 x86_64.

[ 3158.261458] PAX: size overflow detected in function tcp_recvmsg net/ipv4/tcp.c:1690
[ 3158.261536] Pid: 8471, comm: ssh Not tainted 3.2.22-grsec #2
[ 3158.261538] Call Trace:
[ 3158.261549] [<ffffffff811818d4>] report_size_overflow+0x24/0x30
[ 3158.261552] [<ffffffff8157a429>] tcp_recvmsg+0x1139/0x1290
[ 3158.261556] [<ffffffff81191290>] ? __pollwait+0x100/0x100
[ 3158.261559] [<ffffffff816486e9>] ? _raw_spin_unlock_bh+0x19/0x20
[ 3158.261563] [<ffffffff8151a18a>] ? release_sock+0xfa/0x120
[ 3158.261567] [<ffffffff8159e66b>] inet_recvmsg+0x6b/0x80
[ 3158.261569] [<ffffffff81515182>] sock_aio_read.part.15+0x142/0x150
[ 3158.261571] [<ffffffff815151bd>] sock_aio_read+0x2d/0x40
[ 3158.261573] [<ffffffff8117b822>] do_sync_read+0xd2/0x110
[ 3158.261578] [<ffffffff812ad523>] ? security_file_permission+0x93/0xb0
[ 3158.261579] [<ffffffff8117bd11>] ? rw_verify_area+0x61/0xf0
[ 3158.261581] [<ffffffff8117c345>] vfs_read+0x195/0x200
[ 3158.261582] [<ffffffff8117c3fa>] sys_read+0x4a/0x90
[ 3158.261587] [<ffffffff816506bd>] system_call_fastpath+0x18/0x1d
[ 3158.261590] [<ffffffff8101c706>] ? pax_randomize_kstack+0x56/0x70
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am

Re: tcp_recvmsg overflow, is this Pax or Kernel bug?

Postby ephox » Wed Jul 11, 2012 11:48 am

I think it is false positive, I will fix it in the next plugin version.
ephox
 
Posts: 134
Joined: Tue Mar 20, 2012 4:36 pm

Re: tcp_recvmsg overflow, is this Pax or Kernel bug?

Postby cmouse » Wed Jul 11, 2012 1:36 pm

Ok. I'll just disable this feature then, since the server cannot function correctly.
cmouse
 
Posts: 98
Joined: Tue Dec 17, 2002 10:58 am


Return to grsecurity support

cron