- Code: Select all
[ 123.353876] PAX: size overflow detected in function bio_split block/bio.c:1800 cicus.904_41 max, count: 139, decl: bi_size; num: 0; context: bvec_iter;
[ 123.361433] CPU: 0 PID: 1723 Comm: blkdiscard Not tainted 4.7.6-v7 #1
[ 123.361449] Hardware name: BCM2835
[ 123.361462] Backtrace:
[ 123.361509] [<8010d710>] (dump_backtrace+0x0/0x118) from [<8010d8b8>] (show_stack+0x18/0x1c)
[ 123.361522] r7:600f0013 r6:80b20714 r5:80b03788 r4:00000000
[ 123.361568] [<8010d8a0>] (show_stack+0x0/0x1c) from [<8047658c>] (dump_stack+0xac/0xe0)
[ 123.361597] [<804764e0>] (dump_stack+0x0/0xe0) from [<80221600>] (report_size_overflow+0x80/0x90)
[ 123.361608] r7:809269d0 r6:00000708 r5:80925af0 r4:8099f898
[ 123.361648] [<80221580>] (report_size_overflow+0x0/0x90) from [<80435280>] (bio_split+0xe4/0x114)
[ 123.361659] r8:9d300000 r7:004e9800 r6:bd161b40 r5:00000000 r4:9d300000
[ 123.361704] [<8043519c>] (bio_split+0x0/0x114) from [<80440804>] (blk_queue_split+0x408/0x844)
[ 123.361716] r10:bd161a80 r9:00000000 r8:00500000 r7:00000000 r6:bd385500 r5:00000000
[ 123.361749] r4:004e9800 r3:bd385500
[ 123.361781] [<804403fc>] (blk_queue_split+0x0/0x844) from [<8043b970>] (blk_queue_bio+0x44/0x2ec)
[ 123.361793] r10:bd161a80 r9:00000000 r8:bcab0010 r7:bd398000 r6:00000000 r5:80b03788
[ 123.361826] r4:bd398000
[ 123.361853] [<8043b92c>] (blk_queue_bio+0x0/0x2ec) from [<804392b4>] (generic_make_request+0xe8/0x1a4)
[ 123.361864] r7:bd398000 r6:ffffffff r5:bd161a80 r4:80b03788
[ 123.361905] [<804391cc>] (generic_make_request+0x0/0x1a4) from [<8043940c>] (submit_bio+0x9c/0x1c8)
[ 123.361916] r8:00000081 r7:bd15c880 r6:024000c0 r5:80b03788 r4:bd161a80
[ 123.361961] [<80439370>] (submit_bio+0x0/0x1c8) from [<804431b8>] (next_bio+0x6c/0x98)
[ 123.361972] r10:bd161a80 r9:00000000 r8:00000081 r7:bd15c880 r6:024000c0 r5:bd1619c0
[ 123.362006] r4:bd161a80
[ 123.362030] [<8044314c>] (next_bio+0x0/0x98) from [<804432b8>] (__blkdev_issue_discard+0xd4/0x364)
[ 123.362041] r9:00000000 r8:fd300000 r7:00000000 r6:007e0000 r5:007e0000 r4:007e9800
[ 123.362089] [<804431e4>] (__blkdev_issue_discard+0x0/0x364) from [<804435c0>] (blkdev_issue_discard+0x78/0xd8)
[ 123.362100] r10:00000081 r9:00000000 r8:00000000 r7:00000000 r6:073f1800 r5:80b03788
[ 123.362133] r4:bcd0a200
[ 123.362159] [<80443548>] (blkdev_issue_discard+0x0/0xd8) from [<8044a290>] (blk_ioctl_discard+0x194/0x200)
[ 123.362170] r10:00000000 r9:bcd0a200 r8:80b03788 r7:00000000 r6:073f1800 r5:00000000
[ 123.362203] r4:00000000
[ 123.362225] [<8044a0fc>] (blk_ioctl_discard+0x0/0x200) from [<8044b1fc>] (blkdev_ioctl+0x774/0xfb8)
[ 123.362236] r10:00000000 r9:00000003 r8:0004001e r7:7e417ed0 r6:00001277 r5:bcd0a200
[ 123.362270] r4:80b03788
[ 123.362297] [<8044aa88>] (blkdev_ioctl+0x0/0xfb8) from [<80258660>] (block_ioctl+0x3c/0x40)
[ 123.362308] r10:00000000 r9:00000003 r8:bd2cf598 r7:00001277 r6:bd0f9f00 r5:7e417ed0
[ 123.362341] r4:80b03788
[ 123.362368] [<80258624>] (block_ioctl+0x0/0x40) from [<8022ca5c>] (do_vfs_ioctl+0xb8/0xd54)
[ 123.362394] [<8022c9a4>] (do_vfs_ioctl+0x0/0xd54) from [<8022d734>] (sys_ioctl+0x3c/0x64)
[ 123.362405] r10:00000000 r9:bcab0000 r8:7e417ed0 r7:00001277 r6:bd0f9f00 r5:00000003
[ 123.362438] r4:bd0f9f00
[ 123.362464] [<8022d6f8>] (sys_ioctl+0x0/0x64) from [<801084a0>] (ret_fast_syscall+0x0/0x70)
[ 123.362475] r9:bcab0000 r8:80108704 r7:00000036 r6:7e300000 r5:00000003 r4:7e417ed0
size overflow in bio_split block/bio.c:1800
6 posts
• Page 1 of 1
size overflow in bio_split block/bio.c:1800
by jotik » Fri Oct 07, 2016 10:49 pm
With Gentoo's hardened-sources on an Raspberry Pi 2 when running `blkdiscard /dev/mmcblk0p2`.
- jotik
- Posts: 22
- Joined: Mon Oct 19, 2015 5:11 am
Re: size overflow in bio_split block/bio.c:1800
by ephox » Sat Oct 08, 2016 8:03 am
Hi,
Could you please apply this patch and send me the results from dmesg?
Could you please apply this patch and send me the results from dmesg?
- Code: Select all
--- block/bio.c.orig 2016-10-08 14:01:28.477164927 +0200
+++ block/bio.c 2016-10-08 14:02:32.013168614 +0200
@@ -1797,6 +1797,7 @@
if (!split)
return NULL;
+ printk(KERN_ERR "PAX: %x\n", sectors);
split->bi_iter.bi_size = sectors << 9;
if (bio_integrity(split))
- ephox
- Posts: 134
- Joined: Tue Mar 20, 2012 4:36 pm
Re: size overflow in bio_split block/bio.c:1800
by jotik » Sat Oct 08, 2016 3:29 pm
This added a number of
lines to dmesg. All with value f0, except the ones right before the crash which are all
- Code: Select all
PAX: f0
lines to dmesg. All with value f0, except the ones right before the crash which are all
- Code: Select all
PAX: 4e9800
- jotik
- Posts: 22
- Joined: Mon Oct 19, 2015 5:11 am
Re: size overflow in bio_split block/bio.c:1800
by jotik » Sat Nov 05, 2016 12:56 pm
Any progress on this?
- jotik
- Posts: 22
- Joined: Mon Oct 19, 2015 5:11 am
Re: size overflow in bio_split block/bio.c:1800
by PaX Team » Sat Nov 05, 2016 3:46 pm
it should be fixed already (the kernel code triggered undefined behaviour), do you still have the problem?
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: size overflow in bio_split block/bio.c:1800
by jotik » Sat Nov 05, 2016 5:03 pm
PaX Team wrote:it should be fixed already (the kernel code triggered undefined behaviour), do you still have the problem?
I was not notified that it was fixed. So I didn't know to test.
- jotik
- Posts: 22
- Joined: Mon Oct 19, 2015 5:11 am
6 posts
• Page 1 of 1