lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56634031.5030208@gmx.de>
Date:	Sat, 5 Dec 2015 20:51:13 +0100
From:	Toralf Förster <toralf.foerster@....de>
To:	kvm@...r.kernel.org, pageexec@...email.hu
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>
Subject: PAX: size overflow detected in function __vhost_add_used_n
 drivers/vhost/vhost.c:1517


run into the following at a 64bit hardened stable Gentoo Linux while running the following command at the host (probably just the ssh login was it yet) :

$ cd ~/devel/linux/; git archive --prefix linux-4.4.x/ v4.4-rc3 | (ssh root@...kvm "cd /usr/src/; sudo tar -xf-")



Dec  5 20:39:26 t44 kernel: PAX: size overflow detected in function __vhost_add_used_n drivers/vhost/vhost.c:1517 cicus.491_193 max, count: 7, decl: last_used_idx; num: 0; context: vhost_virtqueue;
Dec  5 20:39:26 t44 kernel: CPU: 2 PID: 3708 Comm: vhost-3706 Tainted: G        W       4.2.6-hardened-r7 #2
Dec  5 20:39:26 t44 kernel: Hardware name: LENOVO 20AQCTO1WW/20AQCTO1WW, BIOS GJET83WW (2.33 ) 03/09/2015
Dec  5 20:39:26 t44 kernel:  ffffffffc096fe5a 0000000000000000 ffffffffc096fddc ffffc9000043bb78
Dec  5 20:39:26 t44 kernel:  ffffffff815ef500 ffff88033e30eec8 ffffffffc096fe5a ffffc9000043bba8
Dec  5 20:39:26 t44 kernel:  ffffffff811ae28b 000000000000fffb ffff880326d300a0 0000000000000005
Dec  5 20:39:26 t44 kernel: Call Trace:
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096fe5a>] ? __param_str_max_mem_regions+0x9a/0xae8 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096fddc>] ? __param_str_max_mem_regions+0x1c/0xae8 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffff815ef500>] dump_stack+0x45/0x5d
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096fe5a>] ? __param_str_max_mem_regions+0x9a/0xae8 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffff811ae28b>] report_size_overflow+0x3b/0x50
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096da7b>] __vhost_add_used_n+0x1db/0x1e0 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffff8137a0e6>] ? copy_user_enhanced_fast_string+0x16/0x20
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096e0e2>] vhost_add_used_n+0x92/0x1b0 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096eb7a>] vhost_add_used_and_signal_n+0x2a/0x50 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc097bd1b>] handle_rx+0x63b/0x910 [vhost_net]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc097c00d>] handle_rx_net+0x1d/0x30 [vhost_net]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096d7f8>] vhost_worker+0xf8/0x1a0 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffffc096d700>] ? vhost_log_write+0xa0/0xa0 [vhost]
Dec  5 20:39:26 t44 kernel:  [<ffffffff81085877>] kthread+0xf7/0x110
Dec  5 20:39:26 t44 kernel:  [<ffffffff81085780>] ? kthread_create_on_node+0x1b0/0x1b0
Dec  5 20:39:26 t44 kernel:  [<ffffffff815f690e>] ret_from_fork+0x3e/0x70
Dec  5 20:39:26 t44 kernel:  [<ffffffff81085780>] ? kthread_create_on_node+0x1b0/0x1b0


-- 
Toralf, pgp: C4EACDDE 0076E94E
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ