run into the following at a 64bit hardened stable Gentoo Linux while running the following command at the host (probably just the ssh login was it yet) :
$ cd ~/devel/linux/; git archive --prefix linux-4.4.x/ v4.4-rc3 | (ssh root@n22kvm "cd /usr/src/; sudo tar -xf-")
Dec 5 20:39:26 t44 kernel: PAX: size overflow detected in function __vhost_add_used_n drivers/vhost/vhost.c:1517 cicus.491_193 max, count: 7, decl: last_used_idx; num: 0; context: vhost_virtqueue;
Dec 5 20:39:26 t44 kernel: CPU: 2 PID: 3708 Comm: vhost-3706 Tainted: G W 4.2.6-hardened-r7 #2
Dec 5 20:39:26 t44 kernel: Hardware name: LENOVO 20AQCTO1WW/20AQCTO1WW, BIOS GJET83WW (2.33 ) 03/09/2015
Dec 5 20:39:26 t44 kernel: ffffffffc096fe5a 0000000000000000 ffffffffc096fddc ffffc9000043bb78
Dec 5 20:39:26 t44 kernel: ffffffff815ef500 ffff88033e30eec8 ffffffffc096fe5a ffffc9000043bba8
Dec 5 20:39:26 t44 kernel: ffffffff811ae28b 000000000000fffb ffff880326d300a0 0000000000000005
Dec 5 20:39:26 t44 kernel: Call Trace:
Dec 5 20:39:26 t44 kernel: [<ffffffffc096fe5a>] ? __param_str_max_mem_regions+0x9a/0xae8 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffffc096fddc>] ? __param_str_max_mem_regions+0x1c/0xae8 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffff815ef500>] dump_stack+0x45/0x5d
Dec 5 20:39:26 t44 kernel: [<ffffffffc096fe5a>] ? __param_str_max_mem_regions+0x9a/0xae8 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffff811ae28b>] report_size_overflow+0x3b/0x50
Dec 5 20:39:26 t44 kernel: [<ffffffffc096da7b>] __vhost_add_used_n+0x1db/0x1e0 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffff8137a0e6>] ? copy_user_enhanced_fast_string+0x16/0x20
Dec 5 20:39:26 t44 kernel: [<ffffffffc096e0e2>] vhost_add_used_n+0x92/0x1b0 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffffc096eb7a>] vhost_add_used_and_signal_n+0x2a/0x50 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffffc097bd1b>] handle_rx+0x63b/0x910 [vhost_net]
Dec 5 20:39:26 t44 kernel: [<ffffffffc097c00d>] handle_rx_net+0x1d/0x30 [vhost_net]
Dec 5 20:39:26 t44 kernel: [<ffffffffc096d7f8>] vhost_worker+0xf8/0x1a0 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffffc096d700>] ? vhost_log_write+0xa0/0xa0 [vhost]
Dec 5 20:39:26 t44 kernel: [<ffffffff81085877>] kthread+0xf7/0x110
Dec 5 20:39:26 t44 kernel: [<ffffffff81085780>] ? kthread_create_on_node+0x1b0/0x1b0
Dec 5 20:39:26 t44 kernel: [<ffffffff815f690e>] ret_from_fork+0x3e/0x70
Dec 5 20:39:26 t44 kernel: [<ffffffff81085780>] ? kthread_create_on_node+0x1b0/0x1b0
--
Toralf, pgp: C4EACDDE 0076E94E
On 5 Dec 2015 at 20:51, Toralf Förster wrote:
> run into the following at a 64bit hardened stable Gentoo Linux while
> running the following command at the host (probably just the ssh login
> was it yet) :
>
> $ cd ~/devel/linux/; git archive --prefix linux-4.4.x/ v4.4-rc3 | (ssh root@n22kvm "cd /usr/src/; sudo tar -xf-")
>
>
> Dec 5 20:39:26 t44 kernel: PAX: size overflow detected in function __vhost_add_used_n drivers/vhost/vhost.c:1517 cicus.491_193 max, count: 7, decl: last_used_idx; num: 0; context: vhost_virtqueue;
it was already reported (and is fixed):
https://forums.grsecurity.net/viewtopic.php?f=3&t=4329