[Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa

linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: bugzilla-daemon@bugzilla.kernel.org
To: linux-ext4@kernel.org
Subject: [Bug 194695] New: size overflow detected in function ext4_mb_new_group_pa
Date: Fri, 24 Feb 2017 13:11:16 +0000	[thread overview]
Message-ID: <bug-194695-13602@https.bugzilla.kernel.org/> (raw)

https://bugzilla.kernel.org/show_bug.cgi?id=194695

            Bug ID: 194695
           Summary: size overflow detected in function
                    ext4_mb_new_group_pa
           Product: File System
           Version: 2.5
    Kernel Version: 4.9.10-1+grsec201702162016+1
          Hardware: x86-64
                OS: Linux
              Tree: Mainline
            Status: NEW
          Severity: normal
          Priority: P1
         Component: ext4
          Assignee: fs_ext4@kernel-bugs.osdl.org
          Reporter: matthijs@cacholong.nl
        Regression: No

I am trying to run a kernel with grsecurity with the size overflow
protection and am getting the following warnings / errors:

dmesg: http://pastebin.com/wr3UGLS9
config: http://pastebin.com/sr8M9bP0
mballoc.* (make fs/ext4/mballoc.o EXTRA_CFLAGS="-fdump-tree-all
-fdump-ipa-all") http://filebin.ca/3DMIChVw9lQM/mballoc.tgz

According to the grsecurity developers it seems to be a bug in ext4, see for
some background here:
https://forums.grsecurity.net/viewtopic.php?f=1&t=4678&p=16971

The response from ephox (PAX team / grsecurity developer):
--
Thanks for the report. I think this is an upstream bug. Based on the
runtime values provided by you, ext4_mb_new_group_pa() tries to store a
value into pa->pa_lstart which larger than UINT_MAX which comes from
ext4_group_first_block_no().
Could you please report it to the ext4 developers?
--

I'll try to answer all the questions but I'm not an expert in this area.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

next             reply	other threads:[~2017-02-24 13:11 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-24 13:11 bugzilla-daemon [this message]
2017-02-27 20:55 ` [Bug 194695] size overflow detected in function ext4_mb_new_group_pa bugzilla-daemon
2017-02-28  5:28 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-194695-13602@https.bugzilla.kernel.org/ \
    --to=bugzilla-daemon@bugzilla.kernel.org \
    --cc=linux-ext4@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).