Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 433000

Summary: sys-kernel/hardened-sources-3.4.7: ssh Not tainted, PAX: size overflow detected in function tcp_recvmsg net/ipv4/tcp.c:1696
Product: Gentoo Linux Reporter: Nikoli <nikoli>
Component: HardenedAssignee: Anthony Basile <blueness>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hardened, pageexec, re.emese, spender
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: kernel config
System.map-3.4.7-hardened.xz

Description Nikoli 2012-08-27 20:45:25 UTC 
With 3.4.7-hardened kernel ssh (started with sshfs) hangs (not able to kill -9) after every reboot. But the problem arrives only after several days of uptime, now i have uptime '7 days, 18:48'. dmesg has such errors:

[664665.099316] PAX: size overflow detected in function tcp_recvmsg net/ipv4/tcp.c:1696
[664665.099320] Pid: 20357, comm: ssh Not tainted 3.4.7-hardened #5
[664665.099322] Call Trace:
[664665.099329]  [<ffffffff810f7232>] ? report_size_overflow+0x29/0x33
[664665.099333]  [<ffffffff81286d4b>] ? tcp_recvmsg+0x653/0x975
[664665.099337]  [<ffffffff812a267c>] ? inet_recvmsg+0x65/0x7d
[664665.099340]  [<ffffffff812359da>] ? sock_aio_read+0x109/0x125
[664665.099344]  [<ffffffff810f21c0>] ? do_sync_read+0xcc/0x109
[664665.099347]  [<ffffffff810f2afe>] ? vfs_read+0x12c/0x191
[664665.099350]  [<ffffffff810f2bae>] ? sys_read+0x4b/0x75
[664665.099354]  [<ffffffff812d3068>] ? system_call_fastpath+0x18/0x1d
[664665.099357]  [<ffffffff812d3094>] ? sysret_check+0x22/0x5d

[670188.146394] PAX: size overflow detected in function tcp_recvmsg net/ipv4/tcp.c:1696
[670188.146398] Pid: 30037, comm: ssh Not tainted 3.4.7-hardened #5
[670188.146400] Call Trace:
[670188.146407]  [<ffffffff810f7232>] ? report_size_overflow+0x29/0x33
[670188.146412]  [<ffffffff81286d4b>] ? tcp_recvmsg+0x653/0x975
[670188.146416]  [<ffffffff812a267c>] ? inet_recvmsg+0x65/0x7d
[670188.146420]  [<ffffffff812359da>] ? sock_aio_read+0x109/0x125
[670188.146424]  [<ffffffff810f21c0>] ? do_sync_read+0xcc/0x109
[670188.146428]  [<ffffffff810f2afe>] ? vfs_read+0x12c/0x191
[670188.146431]  [<ffffffff810f2bae>] ? sys_read+0x4b/0x75
[670188.146434]  [<ffffffff812d3068>] ? system_call_fastpath+0x18/0x1d
[670188.146438]  [<ffffffff812d3094>] ? sysret_check+0x22/0x5d


Portage 2.1.11.9 (hardened/linux/amd64, gcc-4.5.3, glibc-2.15-r2, 3.4.7-hardened x86_64)
=================================================================
Timestamp of tree: Mon, 27 Aug 2012 19:15:01 +0000
app-shells/bash:          4.2_p37
dev-java/java-config:     2.1.11-r3
dev-lang/python:          2.7.3-r2
sys-apps/baselayout:      2.1-r1
sys-apps/openrc:          0.9.8.4
sys-apps/sandbox:         2.5
sys-devel/binutils:       2.22-r1
sys-devel/gcc:            4.5.3-r2
sys-devel/gcc-config:     1.7.3
sys-devel/libtool:        2.4-r1
sys-devel/make:           3.82-r3
sys-kernel/linux-headers: 3.4-r2 (virtual/os-headers)
sys-libs/glibc:           2.15-r2
Repositories: gentoo nikoli
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -mtune=generic -mavx -maes -mpclmul -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/gnupg/qualified.txt /usr/share/openvpn/easy-rsa /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -mtune=generic -mavx -maes -mpclmul -O2 -pipe"
DISTDIR="/var/package-manager/distfiles"
FCFLAGS="-O2 -pipe"
FEATURES="assume-digests binpkg-logs config-protect-if-modified distlocks ebuild-locks fixlafiles news parallel-fetch parse-eapi-ebuild-head protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-O2 -pipe"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="ru en"
MAKEOPTS="-j9"
PKGDIR="/var/package-manager/packages/corei7-avx_hardened"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR="/var/package-manager/portage"
PORTDIR_OVERLAY="/var/lib/layman/nikoli"
USE="X a52 aac acl acpi aes-ni akonadi alsa amd64 amr atm audiofile avx bash-completion bluetooth bzip2 cairo caps cdda cddb cdio cdparanoia cdr celt cli consolekit cracklib crypt css cups cxx dbus djvu dri dts dv dvd dvdr encode exif fat ffmpeg flac fluidsynth fontconfig fortran gd geoip gif gimp gmp gnutls gphoto2 gpm graphviz gsm gstreamer gtk handbook hardened iconv icu id3tag idn ilbc imagemagick imap imlib ios ipod ipv6 jbig jpeg jpeg2k justify kde kipi kontact lame laptop lcms libass libnotify libproxy libsamplerate lm_sensors lzma lzo mac mad matroska mikmod mmx mmxext mng modplug modules mp3 mp4 mpeg mtp mudflap multilib musepack musicbrainz ncurses networkmanager nls nptl nptlonly ntfs ogg openal openexr opengl openmp pam pango pax_kernel pcre pdf pg-intdatetime phonon plasma pm-utils png policykit postscript pppd qt3support qt4 quicktime rar raw readline reiserfs replaygain rtmp sasl scanner schroedinger semantic-desktop session sid smp sndfile socks5 speex spell sqlite sse sse2 sse3 sse4_1 ssl ssse3 startup-notification svg symlink sysfs taglib theora threads thumbnail tiff truetype tta udev unicode upnp usb v4l v4l2 vaapi vcd vdpau vorbis vpx wavpack webkit webp wifi wma wmf wps x264 xattr xcb xcomposite xface xinerama xml xmp xpm xscreensaver xv xvid xz zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="*" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LINGUAS="ru en" NGINX_MODULES_HTTP="access auth_basic autoindex fastcgi gzip rewrite" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="radeon r600 modesetting vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 1 Nikoli 2012-08-27 20:46:55 UTC 
Created attachment 322390 [details]
kernel config
Comment 2 Nikoli 2012-08-27 20:54:21 UTC 
Created attachment 322393 [details]
System.map-3.4.7-hardened.xz
Comment 3 kfm 2012-08-27 22:46:15 UTC 
It's a false positive, according to upstream:-

http://forums.grsecurity.net/viewtopic.php?f=1&t=2991#p11910
Comment 4 Anthony Basile gentoo-dev 2012-08-28 00:27:38 UTC 
(In reply to comment #2)
> It's a false positive, according to upstream:-
> 
> http://forums.grsecurity.net/viewtopic.php?f=1&t=2991#p11910

Is it a problem in the most recent hardened-sources added to the tree?
Comment 5 PaX Team 2012-08-28 08:37:42 UTC 
it's a dupe of bug #430906.
Comment 6 Anthony Basile gentoo-dev 2012-08-28 10:06:02 UTC 

*** This bug has been marked as a duplicate of bug 430906 ***