Since the 3.19 kernel series (I started testing with 3.19.1) the LZMA initramfs image decompression has not been working. After getting the earlyprintk output via USB debug, I see the following in the kernel logs: [ 0.342973] PAX: size overflow detected in function unlzma lib/decompress_unlzma.c:607 cicus.202_642 max, count: 5 After looking around I saw #548505 which had a similar issue with bzip2. After disabling LZMA support and enable bzip2 everything looks fine on sys-kernel/hardened-sources-4.0.5. decompress_unlzma.c has not changed between 3.18 and 4.0. Reproducible: Always
Related to: https://bugs.gentoo.org/show_bug.cgi?id=548508 Steps to reproduce: 1. Create a lzma-compressed initramfs on any kernel between 3.19.1-hardened and 4.0.5-hardened 2. Enable the pax overflow plugin 3. Try to boot linux with said initramfs
Gcc version: Using built-in specs. COLLECT_GCC=/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4/gcc COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/4.8.4/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: /var/tmp/portage/sys-devel/gcc-4.8.4/work/gcc-4.8.4/configure --host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr --bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/4.8.4 --includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.8.4/include --datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4 --mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/man --infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/info --with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/4.8.4/include/g++-v4 --with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/4.8.4/python --enable-languages=c,c++ --enable-obsolete --enable-secureplt --disable-werror --with-system-zlib --enable-nls --without-included-gettext --enable-checking=release --with-bugurl=https://bugs.gentoo.org/ --with-pkgversion='Gentoo Hardened 4.8.4 p1.6, pie-0.6.1' --enable-esp --enable-libstdcxx-time --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu --enable-multilib --with-multilib-list=m32,m64 --disable-altivec --disable-fixed-point --enable-targets=all --disable-libgcj --disable-libgomp --disable-libmudflap --disable-libssp --disable-libquadmath --enable-lto --without-cloog --disable-libsanitizer Thread model: posix gcc version 4.8.4 (Gentoo Hardened 4.8.4 p1.6, pie-0.6.1)
(In reply to Vladimir Lushnikov from comment #1) > Related to: https://bugs.gentoo.org/show_bug.cgi?id=548508 > > Steps to reproduce: > > 1. Create a lzma-compressed initramfs on any kernel between 3.19.1-hardened > and 4.0.5-hardened > 2. Enable the pax overflow plugin > 3. Try to boot linux with said initramfs Is this fixed on 4.0.5?
No, not fixed in 4.0.5 (apologies if my range was confusing)
can you try the following patch please? --- a/lib/decompress_unlzma.c 2014-10-05 21:52:23.767986012 +0200 +++ b/lib/decompress_unlzma.c 2015-06-21 00:10:34.632649318 +0200 @@ -39,10 +39,10 @@ #define MIN(a, b) (((a) < (b)) ? (a) : (b)) -static long long INIT read_int(unsigned char *ptr, int size) +static unsigned long long INIT read_int(unsigned char *ptr, int size) { int i; - long long ret = 0; + unsigned long long ret = 0; for (i = 0; i < size; i++) ret = (ret << 8) | ptr[size-i-1];
Thanks for the patch, it works.
(In reply to Vladimir Lushnikov from comment #6) > Thanks for the patch, it works. @pipacs, did that land yet in a grsec patcset?
(In reply to Anthony Basile from comment #7) > @pipacs, did that land yet in a grsec patcset? sure, a few days ago (you can also check the grsec changelog, we always put an url back to the bugreport if one exists ;).
