Hi drbd fails for me using hardened-sources-4.3.3-rX. last known version is Linux io 4.2.5-hardened-dom0-kvm-at-gw18. This is from 4.3.3-hardened-r7 --8<-- Jan 23 15:26:37 io kernel: drbd XXXXXXXX: Starting worker thread (from drbdsetup [5320]) Jan 23 15:26:37 io kernel: PAX: size overflow detected in function __disk_conf_from_attrs.isra.29.part.30 include/linux/drbd_genl.h:104 cicus.695_112 max, cou nt: 121, decl: meta_dev_idx; num: 0; context: disk_conf; Jan 23 15:26:37 io kernel: CPU: 3 PID: 5320 Comm: drbdsetup Not tainted 4.3.3-hardened-r7-dom0-kvm-at-gw20 #7 Jan 23 15:26:37 io kernel: Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./J1900N-D3V, BIOS F1 01/22/2014 Jan 23 15:26:37 io kernel: 0000000000000000 ffffffff8148a29e ffffffff81c55af9 ffffffff811c69f2 Jan 23 15:26:37 io kernel: ffff88041ffbfc40 ffff88041ffbfa00 ffffc90009fe3ab8 0000000000000000 Jan 23 15:26:37 io kernel: ffffffff81596d1b 00000000ffffffff ffff88041ffbfa00 ffff880420bc7e40 Jan 23 15:26:37 io kernel: Call Trace: Jan 23 15:26:37 io kernel: [<ffffffff8148a29e>] ? dump_stack+0x40/0x56 Jan 23 15:26:37 io kernel: [<ffffffff811c69f2>] ? report_size_overflow+0x35/0x75 Jan 23 15:26:37 io kernel: [<ffffffff81596d1b>] ? __disk_conf_from_attrs.isra.29.part.30+0x114/0x383 Jan 23 15:26:37 io kernel: [<ffffffff8159d790>] ? drbd_adm_attach+0x2f7/0x116c Jan 23 15:26:37 io kernel: [<ffffffff8112d977>] ? enqueue_task_fair+0x3b/0x604 Jan 23 15:26:37 io kernel: [<ffffffff81481ac1>] ? gr_task_acl_is_capable+0x1e/0x146 Jan 23 15:26:37 io kernel: [<ffffffff817a0540>] ? genl_family_rcv_msg+0x28f/0x30a Jan 23 15:26:37 io kernel: [<ffffffff817a05f0>] ? genl_rcv_msg+0x35/0x5b Jan 23 15:26:37 io kernel: [<ffffffff817a05bb>] ? genl_family_rcv_msg+0x30a/0x30a Jan 23 15:26:37 io kernel: [<ffffffff8179feb4>] ? netlink_rcv_skb+0x5e/0x104 Jan 23 15:26:37 io kernel: [<ffffffff817a020b>] ? genl_rcv+0x1f/0x2c Jan 23 15:26:37 io kernel: [<ffffffff8179e55d>] ? netlink_unicast+0x121/0x1e1 Jan 23 15:26:37 io kernel: [<ffffffff8179ee31>] ? netlink_sendmsg+0x405/0x42a Jan 23 15:26:37 io kernel: [<ffffffff81743bec>] ? sock_sendmsg+0x32/0x4c Jan 23 15:26:37 io kernel: [<ffffffff81743c6c>] ? sock_write_iter+0x66/0x8c Jan 23 15:26:37 io kernel: [<ffffffff811bf207>] ? __vfs_write+0xc2/0xf1 Jan 23 15:26:37 io kernel: [<ffffffff811bf477>] ? vfs_write+0x150/0x286 Jan 23 15:26:37 io kernel: [<ffffffff811bf684>] ? SyS_write+0x45/0x92 Jan 23 15:26:37 io kernel: [<ffffffff818c20d4>] ? entry_SYSCALL_64_fastpath+0x12/0x7e Jan 23 15:26:37 io kernel: [<ffffffff8106dfbc>] ? __do_page_fault+0x452/0x51d Jan 23 15:26:37 io /etc/init.d/drbd[5052]: ERROR: drbd failed to start --8<-- Reproducible: Always emerge --info --8<-- Portage 2.2.20 (python 2.7.9-final-0, hardened/linux/amd64/no-multilib, gcc-4.8.3, glibc-2.19-r1, 4.2.5-hardened-dom0-kvm-at-gw18 x86_64) ================================================================= System uname: Linux-4.2.5-hardened-dom0-kvm-at-gw18-x86_64-Intel-R-_Celeron-R-_CPU_J1900_@_1.99GHz-with-gentoo-2.2 KiB Mem: 16337496 total, 102912 free KiB Swap: 0 total, 0 free Timestamp of repository gentoo: Sat, 23 Jan 2016 15:00:01 +0000 sh bash 4.2_p53 ld GNU ld (Gentoo 2.24 p1.4) 2.24 app-shells/bash: 4.2_p53::gentoo dev-lang/perl: 5.20.1-r4::gentoo dev-lang/python: 2.7.9-r1::gentoo, 3.3.5-r1::gentoo, 3.4.1::gentoo dev-util/cmake: 2.8.12.2-r1::gentoo dev-util/pkgconfig: 0.28-r1::gentoo sys-apps/baselayout: 2.2::gentoo sys-apps/openrc: 0.13.11::gentoo sys-apps/sandbox: 2.6-r1::gentoo sys-devel/autoconf: 2.69::gentoo sys-devel/automake: 1.11.6::gentoo, 1.12.6::gentoo, 1.13.4::gentoo, 1.14.1::gentoo, 1.15::gentoo sys-devel/binutils: 2.24-r3::gentoo sys-devel/gcc: 4.8.3::gentoo sys-devel/gcc-config: 1.7.3::gentoo sys-devel/libtool: 2.4.4::gentoo sys-devel/make: 4.1-r1::gentoo sys-kernel/linux-headers: 3.16::gentoo (virtual/os-headers) sys-libs/glibc: 2.19-r1::gentoo Repositories: gentoo location: /usr/portage/tree sync-type: rsync sync-uri: rsync://rsync.gentoo.org/gentoo-portage priority: -1000 x-overlay location: /usr/portage/overlay masters: gentoo priority: 0 ACCEPT_KEYWORDS="amd64" ACCEPT_LICENSE="* -@EULA" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -pipe" DISTDIR="/usr/portage/distfiles" FCFLAGS="-O2 -pipe" FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles merge-sync news parallel-fetch preserve-libs sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe" GENTOO_MIRRORS="http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" LANG="de_DE.UTF-8" LC_ALL="de_DE.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/usr/portage/build" USE="acl acpi amd64 bash-completion bzip2 caps cracklib crypt cxx gpg hardened ipv6 logrotate lzma mmx nls nptl openrc pam pic pie readline sse sse2 sse3 ssl ssp threads udev unicode usb utf8 xtpax zlib" ABI_X86="64" CURL_SSL="openssl" ELIBC="glibc" GRUB_PLATFORMS="efi-64 pc xen" KERNEL="linux" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python2_7 python3_3" QEMU_SOFTMMU_TARGETS="i386 x86_64" USERLAND="GNU" Unset: CC, CPPFLAGS, CTARGET, CXX, EMERGE_DEFAULT_OPTS, INSTALL_MASK, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, USE_PYTHON --8<--
Pax flags from kernel config (probably related to PAX_SIZE_OVERFLOW) --8<-- ganymede linux # grep "^CONFIG_PAX" .config CONFIG_PAX_KERNEXEC_PLUGIN=y CONFIG_PAX_PER_CPU_PGD=y CONFIG_PAX_USERCOPY_SLABS=y CONFIG_PAX=y CONFIG_PAX_PT_PAX_FLAGS=y CONFIG_PAX_XATTR_PAX_FLAGS=y CONFIG_PAX_HAVE_ACL_FLAGS=y CONFIG_PAX_NOEXEC=y CONFIG_PAX_PAGEEXEC=y CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y CONFIG_PAX_KERNEXEC=y CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_BTS=y CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="bts" CONFIG_PAX_ASLR=y CONFIG_PAX_RANDKSTACK=y CONFIG_PAX_RANDUSTACK=y CONFIG_PAX_RANDMMAP=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y CONFIG_PAX_CONSTIFY_PLUGIN=y CONFIG_PAX_USERCOPY=y CONFIG_PAX_SIZE_OVERFLOW=y CONFIG_PAX_LATENT_ENTROPY=y ganymede linux # --8<-- from another machine --8<-- [ 53.407413] drbd XXXXXXXX: Starting worker thread (from drbdsetup [5241]) [ 53.407461] PAX: size overflow detected in function __disk_conf_from_attrs include/linux/drbd_genl.h:104 cicus.683_132 max, count: 121, decl: meta_dev_idx; num: 0; context: disk_conf; [ 53.455065] CPU: 1 PID: 5241 Comm: drbdsetup Not tainted 4.3.3-hardened-r7-dom0-kvm-at-gw20 #1 [ 53.455065] Hardware name: System manufacturer P5K-V/P5K-V, BIOS 1001 05/05/2008 [ 53.455069] 0000000000000000 2aa0e1d6f39208ad ffffffffa846fc9e ffffffffa8c3f3ba [ 53.455071] ffffffffa8195574 ffffffffa8ef1ec0 ffff8800c96da000 ffffc90003893a30 [ 53.455072] 0000000000000000 ffffffffa8585ed2 ffffffffa857cb39 2aa0e1d6f39208ad [ 53.455073] Call Trace: [ 53.455080] [<ffffffffa846fc9e>] ? dump_stack+0x40/0x56 [ 53.455083] [<ffffffffa8195574>] ? report_size_overflow+0x35/0x75 [ 53.455087] [<ffffffffa8585ed2>] ? __disk_conf_from_attrs+0x21e/0x499 [ 53.455090] [<ffffffffa857cb39>] ? drbd_destroy_resource+0x37/0x37 [ 53.455092] [<ffffffffa858ccb2>] ? drbd_adm_attach+0x24b/0x1035 [ 53.455094] [<ffffffffa858ccb2>] ? drbd_adm_attach+0x24b/0x1035 [ 53.455097] [<ffffffffa8467c45>] ? gr_task_acl_is_capable+0x33/0x170 [ 53.455100] [<ffffffffa879fcd5>] ? genl_family_rcv_msg+0x2da/0x36d [ 53.455103] [<ffffffffa81c3d37>] ? bd_set_size+0x5c/0xe9 [ 53.455106] [<ffffffffa81c40c1>] ? __blkdev_get+0x2fd/0x3b7 [ 53.455108] [<ffffffffa879fda2>] ? genl_rcv_msg+0x3a/0x59 [ 53.455109] [<ffffffffa879fda2>] ? genl_rcv_msg+0x3a/0x59 [ 53.455111] [<ffffffffa879fd68>] ? genl_family_rcv_msg+0x36d/0x36d [ 53.455114] [<ffffffffa879f5b9>] ? netlink_rcv_skb+0x5e/0x102 [ 53.455116] [<ffffffffa879f934>] ? genl_rcv+0x1f/0x2c [ 53.455118] [<ffffffffa879dbe9>] ? netlink_unicast+0x135/0x1f0 [ 53.455120] [<ffffffffa879e4d8>] ? netlink_sendmsg+0x415/0x432 [ 53.455123] [<ffffffffa873ef75>] ? sock_sendmsg+0x35/0x4c [ 53.455125] [<ffffffffa873f00a>] ? sock_write_iter+0x7e/0xaf [ 53.455128] [<ffffffffa818d3b5>] ? __vfs_write+0xce/0x111 [ 53.455129] [<ffffffffa818d652>] ? vfs_write+0x170/0x281 [ 53.455131] [<ffffffffa818d874>] ? SyS_write+0x5b/0xb6 [ 53.455133] [<ffffffffa818d874>] ? SyS_write+0x5b/0xb6 [ 53.455136] [<ffffffffa88c8f14>] ? entry_SYSCALL_64_fastpath+0x12/0x7e [ 65.560017] dom0_wlan0: port 1(wlan) entered forwarding state --8<--
Yes, try turning off CONFIG_PAX_SIZE_OVERFLOW and it should work around the issue. I'm letting upstream know because drdb is a pretty important feature to have working right.
(In reply to Anthony Basile from comment #2) > I'm letting upstream know It seems you forgot to CC upstream.
i think we fixed this one already, can you verify with a newer kernel?
(In reply to PaX Team from comment #4) > i think we fixed this one already, can you verify with a newer kernel? 4.4.2 has grsecurity-3.1-4.4.2-201602182048 which is the latest from usptream.
Can confirm that 4.4.2-hardened fixes my issue with CONFIG_PAX_SIZE_OVERFLOW and drbd. Thanks
(In reply to Georg Weiss from comment #6) > Can confirm that 4.4.2-hardened fixes my issue with CONFIG_PAX_SIZE_OVERFLOW > and drbd. > > Thanks 4.4.2 is shaping up nicely. it iwll be the next stabilized.