* [Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa
@ 2017-02-24 13:11 bugzilla-daemon
2017-02-27 20:55 ` [Bug 194695] " bugzilla-daemon
2017-02-28 5:28 ` bugzilla-daemon
0 siblings, 2 replies; 3+ messages in thread
From: bugzilla-daemon @ 2017-02-24 13:11 UTC (permalink / raw)
To: linux-ext4
https://bugzilla.kernel.org/show_bug.cgi?id=194695
Bug ID: 194695
Summary: size overflow detected in function
ext4_mb_new_group_pa
Product: File System
Version: 2.5
Kernel Version: 4.9.10-1+grsec201702162016+1
Hardware: x86-64
OS: Linux
Tree: Mainline
Status: NEW
Severity: normal
Priority: P1
Component: ext4
Assignee: fs_ext4@kernel-bugs.osdl.org
Reporter: matthijs@cacholong.nl
Regression: No
I am trying to run a kernel with grsecurity with the size overflow
protection and am getting the following warnings / errors:
dmesg: http://pastebin.com/wr3UGLS9
config: http://pastebin.com/sr8M9bP0
mballoc.* (make fs/ext4/mballoc.o EXTRA_CFLAGS="-fdump-tree-all
-fdump-ipa-all") http://filebin.ca/3DMIChVw9lQM/mballoc.tgz
According to the grsecurity developers it seems to be a bug in ext4, see for
some background here:
https://forums.grsecurity.net/viewtopic.php?f=1&t=4678&p=16971
The response from ephox (PAX team / grsecurity developer):
--
Thanks for the report. I think this is an upstream bug. Based on the
runtime values provided by you, ext4_mb_new_group_pa() tries to store a
value into pa->pa_lstart which larger than UINT_MAX which comes from
ext4_group_first_block_no().
Could you please report it to the ext4 developers?
--
I'll try to answer all the questions but I'm not an expert in this area.
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 194695] size overflow detected in function ext4_mb_new_group_pa
2017-02-24 13:11 [Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa bugzilla-daemon
@ 2017-02-27 20:55 ` bugzilla-daemon
2017-02-28 5:28 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2017-02-27 20:55 UTC (permalink / raw)
To: linux-ext4
https://bugzilla.kernel.org/show_bug.cgi?id=194695
Andreas Dilger (adilger.kernelbugzilla@dilger.ca) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |adilger.kernelbugzilla@dilg
| |er.ca
--- Comment #1 from Andreas Dilger (adilger.kernelbugzilla@dilger.ca) ---
Definitely looks like a real bug in:
pa->pa_pstart = ext4_grp_offs_to_block(sb, &ac->ac_b_ex);
pa->pa_lstart = pa->pa_pstart;
pa_pstart is 64-bit, pa_lstart is 32-bit.
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [Bug 194695] size overflow detected in function ext4_mb_new_group_pa
2017-02-24 13:11 [Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa bugzilla-daemon
2017-02-27 20:55 ` [Bug 194695] " bugzilla-daemon
@ 2017-02-28 5:28 ` bugzilla-daemon
1 sibling, 0 replies; 3+ messages in thread
From: bugzilla-daemon @ 2017-02-28 5:28 UTC (permalink / raw)
To: linux-ext4
https://bugzilla.kernel.org/show_bug.cgi?id=194695
Theodore Tso (tytso@mit.edu) changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |tytso@mit.edu
--- Comment #2 from Theodore Tso (tytso@mit.edu) ---
I don't think we use the pa_lstart value for group preallocations --- a logical
number doesn't really have meaning for group pa's. That being said, the
preallocation code is really quite a mess, and it makes it hard to follow. We
should really look at cleaning it up....
--
You are receiving this mail because:
You are watching the assignee of the bug.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-28 5:37 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-24 13:11 [Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa bugzilla-daemon
2017-02-27 20:55 ` [Bug 194695] " bugzilla-daemon
2017-02-28 5:28 ` bugzilla-daemon
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.