1 |
I've experienced this bug, but I can no longer reproduce it using recent |
2 |
kernels (4.3.5-hardened-r2 or 4.4.2-hardened). |
3 |
|
4 |
BTW, this is the patch you are looking for: |
5 |
diff --git a/fs/btrfs/extent_map.c b/fs/btrfs/extent_map.c |
6 |
index 6a98bdd..fed3da6 100644 |
7 |
--- a/fs/btrfs/extent_map.c |
8 |
+++ b/fs/btrfs/extent_map.c |
9 |
@@ -235,7 +235,9 @@ static void try_merge_map(struct extent_map_tree |
10 |
*tree, struct extent_map *em) |
11 |
em->start = merge->start; |
12 |
em->orig_start = merge->orig_start; |
13 |
em->len += merge->len; |
14 |
- em->block_len += merge->block_len; |
15 |
+ if (em->block_start != EXTENT_MAP_HOLE && |
16 |
+ em->block_start != EXTENT_MAP_INLINE) |
17 |
+ em->block_len += merge->block_len; |
18 |
em->block_start = merge->block_start; |
19 |
em->mod_len = (em->mod_len + em->mod_start) - |
20 |
merge->mod_start; |
21 |
em->mod_start = merge->mod_start; |
22 |
@@ -252,7 +254,9 @@ static void try_merge_map(struct extent_map_tree |
23 |
*tree, struct extent_map *em) |
24 |
merge = rb_entry(rb, struct extent_map, rb_node); |
25 |
if (rb && mergable_maps(em, merge)) { |
26 |
em->len += merge->len; |
27 |
- em->block_len += merge->block_len; |
28 |
+ if (em->block_start != EXTENT_MAP_HOLE && |
29 |
+ em->block_start != EXTENT_MAP_INLINE) |
30 |
+ em->block_len += merge->block_len; |
31 |
rb_erase(&merge->rb_node, &tree->map); |
32 |
RB_CLEAR_NODE(&merge->rb_node); |
33 |
em->mod_len = (merge->mod_start + merge->mod_len) - |
34 |
em->mod_start; |
35 |
|
36 |
This patch has been recently included - if I'm correct. |
37 |
|
38 |
In the mean time: do not enable quota groups, because it causes an error |
39 |
with hardened kernels. |
40 |
https://forums.grsecurity.net/viewtopic.php?f=3&t=4392 |
41 |
|
42 |
BR: Dw. |
43 |
-- |
44 |
dr Tóth Attila, Radiológus, 06-20-825-8057 |
45 |
Attila Toth MD, Radiologist, +36-20-825-8057 |
46 |
|
47 |
2016.Március 3.(Cs) 17:44 időpontban ingo.schmitt@×××××××××××××.net ezt írta: |
48 |
> I'm still facing a bug with btrfs that |
49 |
> occurs since 4.2.6-hardened-r6 till 4.4.2. |
50 |
> |
51 |
> An similar bug has been patched already |
52 |
> https://patchwork.kernel.org/patch/7582351/ |
53 |
> |
54 |
> Is someone able to reproduce this? |
55 |
> |
56 |
> Thx! |
57 |
> |
58 |
> my config: |
59 |
> |
60 |
> https://binarysignals.net/pub/linux-4.2.6-hardened-r5.config |
61 |
> https://binarysignals.net/pub/emerge--info_e10.txt |
62 |
> |
63 |
> dmesg: |
64 |
> |
65 |
> Feb 20 17:21:22 e10 kernel: PAX: size overflow detected in function |
66 |
> btrfs_extent_item_to_extent_map fs/btrfs/file-item.c:913 cicus.463_134 |
67 |
> min, count: 150, decl: orig_start; num: 0; context: extent_map; |
68 |
> Feb 20 17:21:22 e10 kernel: CPU: 0 PID: 4709 Comm: evolution-addre Not |
69 |
> tainted 4.4.2-hardened #1 |
70 |
> Feb 20 17:21:22 e10 kernel: Hardware name: Dell Inc. Latitude E4200 |
71 |
> /0XRV1H, BIOS A24 06/04/2013 |
72 |
> Feb 20 17:21:22 e10 kernel: ffff880100000002 c3eced83898a9252 |
73 |
> 0000000000000000 0000000000000391 |
74 |
> Feb 20 17:21:22 e10 kernel: ffffc90005893630 ffffffffa26152bb |
75 |
> ffffffffa9124d70 c3eced83898a9252 |
76 |
> Feb 20 17:21:22 e10 kernel: ffffffffa9124d70 ffffc90005893660 |
77 |
> ffffffffa2241e6e ffff8800baa0d2f8 |
78 |
> Feb 20 17:21:22 e10 kernel: Call Trace: |
79 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa26152bb>] dump_stack+0x57/0x8c |
80 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa2241e6e>] |
81 |
> report_size_overflow+0x6e/0x80 |
82 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24c2f68>] |
83 |
> btrfs_extent_item_to_extent_map+0x458/0x490 |
84 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24d4a86>] |
85 |
> btrfs_get_extent+0xbe6/0xdb0 |
86 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24f9291>] ? |
87 |
> submit_extent_page+0x101/0x250 |
88 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24fa305>] |
89 |
> __do_readpage+0x2b5/0xe50 |
90 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24fbcf0>] ? |
91 |
> btrfs_create_repair_bio+0x1a0/0x1a0 |
92 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24d3ea0>] ? |
93 |
> btrfs_direct_IO+0x530/0x530 |
94 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24fb3d0>] |
95 |
> __extent_readpages.constprop.44+0x310/0x350 |
96 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24d3ea0>] ? |
97 |
> btrfs_direct_IO+0x530/0x530 |
98 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24fd1e4>] |
99 |
> extent_readpages+0x1e4/0x1f0 |
100 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24d3ea0>] ? |
101 |
> btrfs_direct_IO+0x530/0x530 |
102 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa2212cd9>] ? |
103 |
> alloc_pages_current+0x89/0x110 |
104 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa24d1df2>] |
105 |
> btrfs_readpages+0x32/0x40 |
106 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa21d18b1>] |
107 |
> __do_page_cache_readahead+0x1d1/0x250 |
108 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa21d1a11>] |
109 |
> ondemand_readahead+0xe1/0x2e0 |
110 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa21d1dc6>] |
111 |
> page_cache_sync_readahead+0x46/0x70 |
112 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa21c4e43>] |
113 |
> generic_file_read_iter+0x633/0x7c0 |
114 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa223926b>] __vfs_read+0x10b/0x140 |
115 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa2239e83>] vfs_read+0xc3/0x240 |
116 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa225e8cd>] ? |
117 |
> __fget_light+0x2d/0x70 |
118 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa223b453>] SyS_pread64+0xa3/0xc0 |
119 |
> Feb 20 17:21:22 e10 kernel: [<ffffffffa2d4a999>] |
120 |
> entry_SYSCALL_64_fastpath+0x12/0x83 |
121 |
> Feb 20 17:21:22 e10 kernel: ------------[ cut here ]------------ |
122 |
> |
123 |
> |