Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52461 - [linux-grsec] 4.8.18 kernel build may not include patch from grsecurity, causing PAX size overflow
Attached to Project:
Community Packages
Opened by Clayton Craft (craftyguy) - Tuesday, 10 January 2017, 03:26 GMT
Last edited by Daniel Micay (thestinger) - Wednesday, 25 January 2017, 17:21 GMT
Opened by Clayton Craft (craftyguy) - Tuesday, 10 January 2017, 03:26 GMT
Last edited by Daniel Micay (thestinger) - Wednesday, 25 January 2017, 17:21 GMT
|
DetailsDescription:
I reported a kernel panic I receive quite reliably when I enable tc qdisc on a network interface and then preceed to generate traffic over that interface. Grsecurity folks suggest that this kernel (linux-grsec) might be compiled with GCC 6 with the forwprop option, which effectively undoes a patch they included to resolve this issue I am encountering. See this thread for more information: http://forums.grsecurity.net/viewtopic.php?f=3&t=4640 Additional info: linux-grsec-4.8.17.r201701090823-1-grsec Steps to reproduce: Enable tc qdisc on interface, generate traffic, receive kernel panic due to PAX overflow |
This task depends upon
Comment by Daniel Micay (thestinger) -
Tuesday, 10 January 2017, 17:23 GMT
You can pass pax_size_overflow_report_only for now. I'll disable PAX_SIZE_OVERFLOW_EXTRA until they work out more fixes for these issues, but hopefully nothing comes up blocking the feature as a whole. They told you that the problem comes up with GCC 6.x optimizations. I could build with an older GCC but that just means opting into a separate set of problems since the regular Arch kernels are tested only with the current GCC. It doesn't make sense to disable core optimizations to work around the known limitations of the SIZE_OVERFLOW plugin either. It has false positives, and there's little that can be done about it beyond working to improve GCC to provide what it needs.
Comment by Clayton Craft (craftyguy) -
Tuesday, 10 January 2017, 17:33 GMT
Excuse the ignorance, but where do I set 'pax_size_overflow_report_only'? I don't see it in /proc/sys/kernel/grsecurity. Can it be set at runtime (or boot)?
Comment by Daniel Micay (thestinger) -
Tuesday, 10 January 2017, 17:35 GMT
On the kernel line, likely in your bootloader configuration.