| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAeHK+yMhxBTRWPErBaWcA3w2q8m0km+mC7PtCJo=mowDJBFww@mail.gmail.com>
Date: Tue, 9 May 2017 16:04:33 +0200
From: Andrey Konovalov <andreyknvl@...gle.com>
To: Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...hat.com>,
"H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
kvm@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Cc: Dmitry Vyukov <dvyukov@...gle.com>,
Kostya Serebryany <kcc@...gle.com>,
syzkaller <syzkaller@...glegroups.com>
Subject: kvm: warning in kvm_load_guest_fpu
Hi,
I've got the following error report while fuzzing the kernel with syzkaller.
On commit 2868b2513aa732a99ea4a0a6bf10dc93c1f3dac2 (4.11+).
A reproducer and .config are attached.
------------[ cut here ]------------
WARNING: CPU: 0 PID: 4108 at ./arch/x86/include/asm/fpu/internal.h:169
kvm_load_guest_fpu.part.163+0x2a9/0x430
Modules linked in:
CPU: 0 PID: 4108 Comm: a.out Not tainted 4.11.0+ #331
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff880068b2c200 task.stack: ffff880069210000
RIP: 0010:copy_kernel_to_fxregs ./arch/x86/include/asm/fpu/internal.h:169
RIP: 0010:__copy_kernel_to_fpregs ./arch/x86/include/asm/fpu/internal.h:459
RIP: 0010:kvm_load_guest_fpu.part.163+0x2a9/0x430 arch/x86/kvm/x86.c:7596
RSP: 0018:ffff8800692176e8 EFLAGS: 00010297
RAX: ffff880068b2c200 RBX: 1ffff1000d242edd RCX: ffff8800696fc5ec
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880068b2d4c5
RBP: ffff8800692177b0 R08: 1ffff1000d242ebf R09: 00000000fffff8f8
R10: 0000000000000000 R11: 0000000000000002 R12: ffff8800696f8000
R13: ffff880069217788 R14: dffffc0000000000 R15: ffff8800696f8000
FS: 00007fb239f787c0(0000) GS:ffff88006ca00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001f000 CR3: 000000006c55a000 CR4: 00000000000026f0
Call Trace:
kvm_load_guest_fpu arch/x86/kvm/x86.c:6737
vcpu_enter_guest arch/x86/kvm/x86.c:6842
vcpu_run arch/x86/kvm/x86.c:7030
kvm_arch_vcpu_ioctl_run+0x1f61/0x4860 arch/x86/kvm/x86.c:7191
kvm_vcpu_ioctl+0x673/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2568
vfs_ioctl fs/ioctl.c:45
do_vfs_ioctl+0x1bf/0x1660 fs/ioctl.c:685
SYSC_ioctl fs/ioctl.c:700
SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
entry_SYSCALL_64_fastpath+0x1f/0xbe arch/x86/entry/entry_64.S:204
RIP: 0033:0x7fb23968bb79
RSP: 002b:00007ffec57db2d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffec57db480 RCX: 00007fb23968bb79
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 0000000000400b40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffec57db480 R14: 0000000000000000 R15: 0000000000000000
Code: 4e 00 65 ff 0d f9 72 f5 7e e9 5c fe ff ff e8 7f e4 4e 00 31 c0
49 0f ae 8c 24 00 0b 00 00 85 c0 0f 84 35 fe ff ff e8 67 e4 4e 00 <0f>
ff e9 29 fe ff ff e8 5b e4 4e 00 65 ff 05 c4 72 f5 7e 4d 8d
---[ end trace 7a89c6ce24f92b9b ]---
View attachment "kvm_load_guest_fpu-warn-poc.c" of type "text/x-csrc" (11892 bytes)
Download attachment ".config" of type "application/octet-stream" (129025 bytes)
Powered by blists - more mailing lists