-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ZFS Crypto: size overflow detected #6714
Comments
@sempervictus I'm not really sure what I'm looking at here..... What happened exactly? I see the size overflow message but who's printing that? That line of code is just an end brace for me so I don't know what exactly it thinks overflowed. Do you have any more specific info about the workload or steps to reproduce? |
The overflow detection is being done by pax (https://forums.grsecurity.net/viewtopic.php?f=7&t=3043), integral component of the grsecurity patch set. This functionality is being upstreamed/adapted to mainline now that grsec has closed its sources to the public - will happen on every kernel soon. Indicates we have a dangerous math problem...
|
What about the line number? Can you tell me what line it thinks is causing the problem? Like I said, for me this is just an end brace. |
@tcaputi: from my source tree, this is happening in:
There was a prior issue with overflow checks a few years back - #2505, which has response from the grsec folks stating that we use some unsafe C semantics in our code which should be fixed to avoid logical false positives which are functional true positives from the perspective of the GCC plugin. |
I've looked over this several times (along with a few of my coworkers) and I can't see any reason this might be happening. All variables involved are |
Actually, looking at the current version of the code might have given me the answer; Can you try changing the type of |
Signed-off-by: Tom Caputi <[email protected]>
WIth this morning's commits, zloop doesnt catch it, but it didn't catch it with the broken branch either. However, the fix looks rational. I'm pushing to the original system affected, lets see how the fares. |
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
This 2 line patch fixes a possible integer overflow reported by grsec. Signed-off-by: Tom Caputi <[email protected]>
System information
Describe the problem you're observing
During a chef deployment run writing out a reasonable amount of data to a raidz1 on 2T spinners, process was killed by grsec detecting a size overflow:
Ping @tcaputi @behlendorf: Might be a good target for #6595, mysql atop encrypted ZFS is going to be a pretty common use case.
The text was updated successfully, but these errors were encountered: