Hi, When trying to reshape an array, i got a PAX size overflow that reads: PAX: size overflow detected in function super_1_sync drivers/md/md.c:1683 cicus.1522_314 min, count: 158, decl: new_offset; num: 0; context mdp_superblock_1; I initially reported the bug upstream (you can find more details on the bug's url), but were told it's a normal case. Regards
(In reply to Étienne Buira from comment #0) > Hi, > > When trying to reshape an array, i got a PAX size overflow that reads: > PAX: size overflow detected in function super_1_sync drivers/md/md.c:1683 > cicus.1522_314 min, count: 158, decl: new_offset; num: 0; context > mdp_superblock_1; > > I initially reported the bug upstream (you can find more details on the > bug's url), but were told it's a normal case. > > Regards thanks. i'll pass it by the pax folks.
(In reply to Anthony Basile from comment #1) > (In reply to Étienne Buira from comment #0) > > > > Regards > > thanks. i'll pass it by the pax folks. linux-raid@vger suggested testing on a vanilla kernel. did you do so? i always ask people to do that since its a good first step to decide if this is a grsec/pax issue or vanilla.
Hi, i did some testing with vanilla 4.4.6 on a dummy array, but could not enter the 'if' in which sb->new_offset were set.
the problem is that mdp_superblock_1.new_offset is defined as an unsigned int even though its own comment says it holds a signed value (which in turn is because the kernel doesn't have signed versions of the endian-specific types). the overflow plugin merely catches the u64->u32 conversion where the u64 value would really have to be s64 which then would be converted to s32 without loss. i guess we'll just have to disable tracking this field in the overflow plugin. something like the following: a/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data --- b/tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data 2016-03-24 00:48:23.981420686 +0100 +++ tools/gcc/size_overflow_plugin/disable_size_overflow_hash.data 2016-03-29 13:36:49.217021709 +0200 @@ -12437,3 +12437,4 @@ enable_so_dsack_tcp_options_received_277 enable_so_inbufBits_bunzip_data_13788 inbufBits bunzip_data 0 13788 NULL enable_so_i_ino_inode_8428 i_ino inode 0 8428 NULL enable_so_squashfs_iget_fndecl_37485 squashfs_iget fndecl 3 37485 NULL +enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL --- a/tools/gcc/size_overflow_plugin/size_overflow_hash.data 2016-03-24 00:48:23.997453111 +0100 +++ b/tools/gcc/size_overflow_plugin/size_overflow_hash.data 2016-03-29 13:36:52.624798122 +0200 @@ -2084,7 +2084,6 @@ enable_so_datasize_vub300_mmc_host_6490 enable_so_beep_amp_ad198x_spec_6490 beep_amp ad198x_spec 0 6490 &enable_so_datasize_vub300_mmc_host_6490 nohasharray enable_so_probe_kernel_write_fndecl_6490 probe_kernel_write fndecl 3 6490 &enable_so_beep_amp_ad198x_spec_6490 enable_so_curr_dma_words_tegra_spi_data_6500 curr_dma_words tegra_spi_data 0 6500 NULL -enable_so_new_offset_mdp_superblock_1_6501 new_offset mdp_superblock_1 0 6501 NULL enable_so_f_read_cntrs_qib_devdata_6502 f_read_cntrs qib_devdata 0 6502 NULL enable_so_inc_remap_and_issue_cell_fndecl_6505 inc_remap_and_issue_cell fndecl 3 6505 NULL enable_so_hugetlb_file_setup_fndecl_6506 hugetlb_file_setup fndecl 2 6506 NULL
@pageexec did you guys apply your fix?
(In reply to Anthony Basile from comment #5) > @pageexec did you guys apply your fix? sure, at the time i answered.