| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 12 Nov 2016 14:07:05 -0800
From: Dmitry Vyukov <dvyukov@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>, rkrcmar@...hat.com,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>, KVM list <kvm@...r.kernel.org>,
LKML <linux-kernel@...r.kernel.org>,
Steve Rutherford <srutherford@...gle.com>
Cc: syzkaller <syzkaller@...glegroups.com>
Subject: kvm: GPF in gfn_to_rmap
Hello,
The following program triggers GPF in gfn_to_rmap:
https://gist.githubusercontent.com/dvyukov/6669049830e8786d2cfa0ffec5928186/raw/b7d1ec4dc555146ac0175b5b0aae98c1904299eb/gistfile1.txt
On commit 015ed9433be2b476ec7e2e6a9a411a56e3b5b035 (Nov 11).
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
(ftrace buffer empty)
Modules linked in:
CPU: 1 PID: 29153 Comm: syz-executor Not tainted 4.9.0-rc4+ #49
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8800387e9700 task.stack: ffff88003c200000
RIP: 0010:[<ffffffff810d1c8c>] [< inline >] search_memslots
include/linux/kvm_host.h:913
RIP: 0010:[<ffffffff810d1c8c>] [< inline >] __gfn_to_memslot
include/linux/kvm_host.h:928
RIP: 0010:[<ffffffff810d1c8c>] [<ffffffff810d1c8c>]
gfn_to_rmap+0x33c/0x400 arch/x86/kvm/mmu.c:1060
RSP: 0018:ffff88003c207538 EFLAGS: 00010283
RAX: dffffc0000000000 RBX: ffffc900074980b8 RCX: ffffc90000535000
RDX: 0000000000000867 RSI: ffffc90007498000 RDI: ffffc900074980c0
RBP: ffff88003c207588 R08: 0000000000000000 R09: 000000000003985d
R10: ffffffff84da2600 R11: 1ffff10007840eaa R12: 0000000000000002
R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
FS: 00007f4da434d700(0000) GS:ffff88003ed00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 000000003d850000 CR4: 00000000000026e0
Stack:
1ffff10000000001 ffffc900074a3408 ffff88003b399008 0000000000000002
ffffc90007498000 ffff88003d087000 ffff880039620040 0000000000000000
ffff88003b399008 ffff8800bd087000 ffff88003c207600 ffffffff810d3dbb
Call Trace:
[< inline >] rmap_add arch/x86/kvm/mmu.c:1079
[<ffffffff810d3dbb>] mmu_set_spte+0x36b/0x6f0 arch/x86/kvm/mmu.c:2654
[<ffffffff810e3e90>] __direct_map.part.115+0x2a0/0x400 arch/x86/kvm/mmu.c:2759
[< inline >] __direct_map arch/x86/kvm/mmu.c:3586
[<ffffffff810e4a0c>] tdp_page_fault+0x4fc/0x5e0 arch/x86/kvm/mmu.c:3586
[<ffffffff810cd727>] kvm_mmu_page_fault+0xe7/0x200 arch/x86/kvm/mmu.c:4530
[<ffffffff8115a8f6>] handle_ept_violation+0x116/0x480 arch/x86/kvm/vmx.c:6195
[<ffffffff8116bd65>] vmx_handle_exit+0x545/0x34c0 arch/x86/kvm/vmx.c:8494
[< inline >] vcpu_enter_guest arch/x86/kvm/x86.c:6767
[< inline >] vcpu_run arch/x86/kvm/x86.c:6826
[<ffffffff810bae42>] kvm_arch_vcpu_ioctl_run+0x29c2/0x5a90
arch/x86/kvm/x86.c:6984
[<ffffffff81060cee>] kvm_vcpu_ioctl+0x61e/0xdd0
arch/x86/kvm/../../../virt/kvm/kvm_main.c:2557
[< inline >] vfs_ioctl fs/ioctl.c:43
[<ffffffff816b03cc>] do_vfs_ioctl+0x18c/0x1040 fs/ioctl.c:679
[< inline >] SYSC_ioctl fs/ioctl.c:694
[<ffffffff816b130f>] SyS_ioctl+0x8f/0xc0 fs/ioctl.c:685
[<ffffffff831f0dc1>] entry_SYSCALL_64_fastpath+0x1f/0xc2
Code: 89 d8 8b 5d c8 89 45 c8 e8 72 be 38 00 8b 45 c8 89 5d c8 44 8d
60 01 e9 41 fe ff ff e8 5e be 38 00 48 b8 00 00 00 00 00 fc ff df <80>
38 00 75 0f 4c 8b 24 25 00 00 00 00 31 db e9 67 ff ff ff 31
RIP [< inline >] search_memslots include/linux/kvm_host.h:913
RIP [< inline >] __gfn_to_memslot include/linux/kvm_host.h:928
RIP [<ffffffff810d1c8c>] gfn_to_rmap+0x33c/0x400 arch/x86/kvm/mmu.c:1060
RSP <ffff88003c207538>
---[ end trace 531b7f0c43302f3c ]---
Kernel panic - not syncing: Fatal exception
Dumping ftrace buffer:
(ftrace buffer empty)
Kernel Offset: disabled
reboot: cpu_has_vmx: ecx=80a02021 1
Powered by blists - more mailing lists