linux-kernel - Re: kvm: GPF in kvm_irq_map

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite for Android: free password hash cracker in your pocket

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <CACT4Y+Ya+gZS+V3CE8tAYsvHCEAN-c8hsU-Ef6UizBoAqhJ67w@mail.gmail.com>
Date:	Tue, 21 Jun 2016 20:13:49 +0200
From:	Dmitry Vyukov <dvyukov@...gle.com>
To:	Paolo Bonzini <pbonzini@...hat.com>
Cc:	Gleb Natapov <gleb@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Ingo Molnar <mingo@...hat.com>,
	"H. Peter Anvin" <hpa@...or.com>,
	"x86@...nel.org" <x86@...nel.org>, KVM list <kvm@...r.kernel.org>,
	LKML <linux-kernel@...r.kernel.org>,
	Eric Northup <digitaleric@...gle.com>,
	Andrew Honig <ahonig@...gle.com>,
	Steve Rutherford <srutherford@...gle.com>,
	Robert Swiecki <swiecki@...gle.com>,
	Kostya Serebryany <kcc@...gle.com>,
	Alexander Potapenko <glider@...gle.com>,
	syzkaller <syzkaller@...glegroups.com>
Subject: Re: kvm: GPF in kvm_irq_map_gsi

On Tue, May 31, 2016 at 11:56 AM, Paolo Bonzini <pbonzini@...hat.com> wrote:
>
>
> On 15/02/2016 14:30, Dmitry Vyukov wrote:
>>     *(uint32_t*)0x2000a6b9 = (uint32_t)0x3e;
>>     *(uint16_t*)0x2000a6bd = (uint16_t)0x8;
>>     *(uint8_t*)0x2000a6bf = (uint8_t)0x8d4;
>>     *(uint8_t*)0x2000a6c0 = (uint8_t)0xffffffffffff5fe9;
>>     *(uint8_t*)0x2000a6c1 = (uint8_t)0x80000001;
>>     *(uint8_t*)0x2000a6c2 = (uint8_t)0x0;
>>     *(uint8_t*)0x2000a6c3 = (uint8_t)0xbe2;
>>     *(uint8_t*)0x2000a6c4 = (uint8_t)0x9;
>>     *(uint8_t*)0x2000a6c5 = (uint8_t)0x7ff;
>>     *(uint8_t*)0x2000a6c6 = (uint8_t)0x1;
>>     *(uint8_t*)0x2000a6c7 = (uint8_t)0x1f;
>>     *(uint8_t*)0x2000a6c8 = (uint8_t)0x1d8;
>>     *(uint16_t*)0x2000a6c9 = (uint16_t)0x8;
>
> This field (.channels[0].count_load_time) should be uint64_t.  I
> understand that it's all random, but it makes it even harder to follow
> what's going on...

Thanks! Fixed in:
https://github.com/google/syzkaller/commit/1816c21f2bed9b6015f1af1c5423779d2c6e58ad