| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <56CC6D1E.5070503@redhat.com>
Date: Tue, 23 Feb 2016 15:30:54 +0100
From: Paolo Bonzini <pbonzini@...hat.com>
To: Sasha Levin <sasha.levin@...cle.com>,
Gleb Natapov <gleb@...nel.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
Dmitry Vyukov <dvyukov@...gle.com>,
syzkaller <syzkaller@...glegroups.com>
Subject: Re: kvm: using uninitialized var in tdp_page_fault
On 15/01/2016 18:02, Sasha Levin wrote:
> Hi all,
>
> While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
> guest, I've hit the following use of an uninitialized variable:
>
> [ 810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6
>
> [ 810.785650] load of value 179 is not a valid value for type '_Bool'
Can you check this patch:
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index be3cef12706c..fd54613a1204 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct
if (addr == KVM_HVA_ERR_RO_BAD)
return KVM_PFN_ERR_RO_FAULT;
- if (kvm_is_error_hva(addr))
+ if (kvm_is_error_hva(addr)) {
+ if (writable)
+ *writable = false;
return KVM_PFN_NOSLOT;
+ }
/* Do not map writable pfn in the readonly memslot. */
if (writable && memslot_is_readonly(slot)) {
Thanks,
Paolo
Powered by blists - more mailing lists