lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 27 Nov 2015 11:07:14 +0000
From:	Filipe Manana <fdmanana@...il.com>
To:	Toralf Förster <toralf.foerster@....de>
Cc:	"linux-btrfs@...r.kernel.org" <linux-btrfs@...r.kernel.org>,
	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: PAX: size overflow detected in function try_merge_map fs/btrfs/extent_map.c:238

On Fri, Nov 27, 2015 at 10:47 AM, Toralf Förster <toralf.foerster@....de> wrote:
> Happened today few times in a row at a stable 64 bit Gentoo hardened system:
>
>
>
> Nov 27 10:23:09 t44 kernel: [41619.519921] PAX: size overflow detected in function try_merge_map fs/btrfs/extent_map.c:238 cicus.107_102 max, count: 13, decl: block_len; num: 0; context: extent_map;
> Nov 27 10:23:09 t44 kernel: [41619.519929] CPU: 2 PID: 3361 Comm: host_jskwgen Tainted: G        W       4.2.6-hardened-r6 #3
> Nov 27 10:23:09 t44 kernel: [41619.519932] Hardware name: LENOVO 20AQCTO1WW/20AQCTO1WW, BIOS GJET83WW (2.33 ) 03/09/2015
> Nov 27 10:23:09 t44 kernel: [41619.519934]  ffffffff81831343 0000000000000000 ffffffff8183132d ffffc9000298b6e8
> Nov 27 10:23:09 t44 kernel: [41619.519939]  ffffffff815ee0ea ffff88033e30eec8 ffffffff81831343 ffffc9000298b718
> Nov 27 10:23:09 t44 kernel: [41619.519943]  ffffffff811ade1b ffff8802fb611480 ffff88032b717510 ffff88032b74fae0
> Nov 27 10:23:09 t44 kernel: [41619.519946] Call Trace:
> Nov 27 10:23:09 t44 kernel: [41619.519955]  [<ffffffff815ee0ea>] dump_stack+0x45/0x5d
> Nov 27 10:23:09 t44 kernel: [41619.519959]  [<ffffffff811ade1b>] report_size_overflow+0x3b/0x50
> Nov 27 10:23:09 t44 kernel: [41619.519963]  [<ffffffff8128c701>] try_merge_map+0x1f1/0x310
> Nov 27 10:23:09 t44 kernel: [41619.519966]  [<ffffffff8128ca82>] add_extent_mapping+0x132/0x1c0
> Nov 27 10:23:09 t44 kernel: [41619.519968]  [<ffffffff81273ea9>] btrfs_get_extent+0x659/0xdd0
> Nov 27 10:23:09 t44 kernel: [41619.519972]  [<ffffffff81197b72>] ? kmem_cache_alloc+0x32/0x140
> Nov 27 10:23:09 t44 kernel: [41619.519975]  [<ffffffff81297292>] __do_readpage+0x6f2/0xc30
> Nov 27 10:23:09 t44 kernel: [41619.519977]  [<ffffffff8129353e>] ? __set_extent_bit+0x14e/0x580
> Nov 27 10:23:09 t44 kernel: [41619.519979]  [<ffffffff81273850>] ? btrfs_real_readdir+0x6f0/0x6f0
> Nov 27 10:23:09 t44 kernel: [41619.519983]  [<ffffffff815f4869>] ? _raw_spin_unlock_irq+0x19/0x30
> Nov 27 10:23:09 t44 kernel: [41619.519985]  [<ffffffff81290e92>] ? btrfs_lookup_ordered_extent+0xa2/0xe0
> Nov 27 10:23:09 t44 kernel: [41619.519987]  [<ffffffff812979a6>] __extent_read_full_page+0x1d6/0x210
> Nov 27 10:23:09 t44 kernel: [41619.519989]  [<ffffffff81273850>] ? btrfs_real_readdir+0x6f0/0x6f0
> Nov 27 10:23:09 t44 kernel: [41619.519991]  [<ffffffff81273850>] ? btrfs_real_readdir+0x6f0/0x6f0
> Nov 27 10:23:09 t44 kernel: [41619.519993]  [<ffffffff812990bf>] extent_read_full_page+0x4f/0x80
> Nov 27 10:23:09 t44 kernel: [41619.519997]  [<ffffffff81155cf9>] ? lru_cache_add+0x19/0x30
> Nov 27 10:23:09 t44 kernel: [41619.519999]  [<ffffffff81270ac0>] ? inode_tree_add+0x150/0x150
> Nov 27 10:23:09 t44 kernel: [41619.520000]  [<ffffffff81270af4>] btrfs_readpage+0x34/0x50
> Nov 27 10:23:09 t44 kernel: [41619.520002]  [<ffffffff81270ac0>] ? inode_tree_add+0x150/0x150
> Nov 27 10:23:09 t44 kernel: [41619.520004]  [<ffffffff81147919>] do_read_cache_page+0x99/0x1b0
> Nov 27 10:23:09 t44 kernel: [41619.520006]  [<ffffffff81270ac0>] ? inode_tree_add+0x150/0x150
> Nov 27 10:23:09 t44 kernel: [41619.520008]  [<ffffffff81270ac0>] ? inode_tree_add+0x150/0x150
> Nov 27 10:23:09 t44 kernel: [41619.520009]  [<ffffffff81147a68>] read_cache_page+0x38/0x50
> Nov 27 10:23:09 t44 kernel: [41619.520012]  [<ffffffff811b4d4a>] page_getlink.isra.48.constprop.51+0x3a/0xa0
> Nov 27 10:23:09 t44 kernel: [41619.520014]  [<ffffffff811b4ddb>] page_follow_link_light+0x2b/0x50
> Nov 27 10:23:09 t44 kernel: [41619.520016]  [<ffffffff811b557f>] trailing_symlink+0x27f/0x2b0
> Nov 27 10:23:09 t44 kernel: [41619.520019]  [<ffffffff811b85db>] path_openat+0x16b/0x1700
> Nov 27 10:23:09 t44 kernel: [41619.520021]  [<ffffffff811bae21>] do_filp_open+0x81/0xf0
> Nov 27 10:23:09 t44 kernel: [41619.520024]  [<ffffffff811a4cc3>] do_sys_open+0x133/0x280
> Nov 27 10:23:09 t44 kernel: [41619.520026]  [<ffffffff811a4e41>] SyS_open+0x31/0x50
> Nov 27 10:23:09 t44 kernel: [41619.520028]  [<ffffffff815f5119>] entry_SYSCALL_64_fastpath+0x12/0x83

Try the following (also pasted at
https://friendpaste.com/5O6o1cqWqJZDIKrH1YqG7y):

diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c
index 6a98bdd..26b4c13 100644
--- a/fs/btrfs/extent_map.c
+++ b/fs/btrfs/extent_map.c
@@ -235,7 +235,8 @@ static void try_merge_map(struct extent_map_tree
*tree, struct extent_map *em)
                        em->start = merge->start;
                        em->orig_start = merge->orig_start;
                        em->len += merge->len;
-                       em->block_len += merge->block_len;
+                       if (em->block_start != EXTENT_MAP_HOLE)
+                               em->block_len += merge->block_len;
                        em->block_start = merge->block_start;
                        em->mod_len = (em->mod_len + em->mod_start) -
merge->mod_start;
                        em->mod_start = merge->mod_start;
@@ -252,7 +253,8 @@ static void try_merge_map(struct extent_map_tree
*tree, struct extent_map *em)
                merge = rb_entry(rb, struct extent_map, rb_node);
        if (rb && mergable_maps(em, merge)) {
                em->len += merge->len;
-               em->block_len += merge->block_len;
+               if (em->block_start != EXTENT_MAP_HOLE)
+                       em->block_len += merge->block_len;
                rb_erase(&merge->rb_node, &tree->map);
                RB_CLEAR_NODE(&merge->rb_node);
                em->mod_len = (merge->mod_start + merge->mod_len) -
em->mod_start;

>
>
> Furthermore  neither login into the KDE screen saver nor login at the console could be made, sys-rq keys didn't worked  - power off was my friend.
>
>
>
> --
> Toralf, pgp: C4EACDDE 0076E94E
> --
> To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html



-- 
Filipe David Manana,

"Reasonable men adapt themselves to the world.
 Unreasonable men adapt the world to themselves.
 That's why all progress depends on unreasonable men."
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ