Comment 1 Anthony Basile 2016-03-29 10:50:11 UTC

(In reply to Étienne Buira from comment #0)
> Hi,
> 
> When trying to reshape an array, i got a PAX size overflow that reads:
> PAX: size overflow detected in function super_1_sync drivers/md/md.c:1683
> cicus.1522_314 min, count: 158, decl: new_offset; num: 0; context
> mdp_superblock_1;
> 
> I initially reported the bug upstream (you can find more details on the
> bug's url), but were told it's a normal case.
> 
> Regards

thanks. i'll pass it by the pax folks.

Comment 2 Anthony Basile 2016-03-29 10:52:51 UTC

(In reply to Anthony Basile from comment #1)
> (In reply to Étienne Buira from comment #0)
> > 
> > Regards
> 
> thanks. i'll pass it by the pax folks.

linux-raid@vger suggested testing on a vanilla kernel.  did you do so?  i always ask people to do that since its a good first step to decide if this is a grsec/pax issue or vanilla.

Hi,

i did some testing with vanilla 4.4.6 on a dummy array, but could not enter the 'if' in which sb->new_offset were set.

the problem is that mdp_superblock_1.new_offset is defined as an unsigned int even though its own comment says it holds a signed value (which in turn is because the kernel doesn't have signed versions of the endian-specific types). the overflow plugin merely catches the u64->u32 conversion where the u64 value would really have to be s64 which then would be converted to s32 without loss. i guess we'll just have to disable tracking this field in the overflow plugin. something like the following:

a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data
--- b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data     2016-03-24 00:48:23.981420686 +0100
+++ tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data      2016-03-29 13:36:49.217021709 +0200
@@ -12437,3 +12437,4 @@ enable_so_dsack_tcp_options_received_277
 enable_so_inbufBits_bunzip_data_13788 inbufBits bunzip_data 0 13788 NULL
 enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL
 enable_so_squashfs_iget_fndecl_37485 squashfs_iget fndecl 3 37485 NULL
+enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL
--- a/tools/gcc/size_overflow_plugin/size_overflow_hash.data     2016-03-24 00:48:23.997453111 +0100
+++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data      2016-03-29 13:36:52.624798122 +0200
@@ -2084,7 +2084,6 @@ enable_so_datasize_vub300_mmc_host_6490
 enable_so_beep_amp_ad198x_spec_6490 beep_amp ad198x_spec 0 6490 &enable_so_datasize_vub300_mmc_host_6490 nohasharray
 enable_so_probe_kernel_write_fndecl_6490 probe_kernel_write fndecl 3 6490 &enable_so_beep_amp_ad198x_spec_6490
 enable_so_curr_dma_words_tegra_spi_data_6500 curr_dma_words tegra_spi_data 0 6500 NULL
-enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL
 enable_so_f_read_cntrs_qib_devdata_6502 f_read_cntrs qib_devdata 0 6502 NULL
 enable_so_inc_remap_and_issue_cell_fndecl_6505 inc_remap_and_issue_cell fndecl 3 6505 NULL
 enable_so_hugetlb_file_setup_fndecl_6506 hugetlb_file_setup fndecl 2 6506 NULL

Comment 5 Anthony Basile 2016-07-21 16:49:46 UTC

@pageexec did you guys apply your fix?

(In reply to Anthony Basile from comment #5)
> @pageexec did you guys apply your fix?
sure, at the time i answered.