lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <56CC6D1E.5070503@redhat.com>
Date:	Tue, 23 Feb 2016 15:30:54 +0100
From:	Paolo Bonzini <pbonzini@...hat.com>
To:	Sasha Levin <sasha.levin@...cle.com>,
	Gleb Natapov <gleb@...nel.org>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Dmitry Vyukov <dvyukov@...gle.com>,
	syzkaller <syzkaller@...glegroups.com>
Subject: Re: kvm: using uninitialized var in tdp_page_fault



On 15/01/2016 18:02, Sasha Levin wrote:
> Hi all,
> 
> While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
> guest, I've hit the following use of an uninitialized variable:
> 
> [  810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6
> 
> [  810.785650] load of value 179 is not a valid value for type '_Bool'

Can you check this patch:

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index be3cef12706c..fd54613a1204 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct
 	if (addr == KVM_HVA_ERR_RO_BAD)
 		return KVM_PFN_ERR_RO_FAULT;
 
-	if (kvm_is_error_hva(addr))
+	if (kvm_is_error_hva(addr)) {
+		if (writable)
+			*writable = false;
 		return KVM_PFN_NOSLOT;
+	}
 
 	/* Do not map writable pfn in the readonly memslot. */
 	if (writable && memslot_is_readonly(slot)) {

Thanks,

Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ