lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 9 May 2017 16:04:33 +0200
From:   Andrey Konovalov <andreyknvl@...gle.com>
To:     Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H. Peter Anvin" <hpa@...or.com>, x86@...nel.org,
        kvm@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        Kostya Serebryany <kcc@...gle.com>,
        syzkaller <syzkaller@...glegroups.com>
Subject: kvm: warning in kvm_load_guest_fpu

Hi,

I've got the following error report while fuzzing the kernel with syzkaller.

On commit 2868b2513aa732a99ea4a0a6bf10dc93c1f3dac2 (4.11+).

A reproducer and .config are attached.

------------[ cut here ]------------
WARNING: CPU: 0 PID: 4108 at ./arch/x86/include/asm/fpu/internal.h:169
kvm_load_guest_fpu.part.163+0x2a9/0x430
Modules linked in:
CPU: 0 PID: 4108 Comm: a.out Not tainted 4.11.0+ #331
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff880068b2c200 task.stack: ffff880069210000
RIP: 0010:copy_kernel_to_fxregs ./arch/x86/include/asm/fpu/internal.h:169
RIP: 0010:__copy_kernel_to_fpregs ./arch/x86/include/asm/fpu/internal.h:459
RIP: 0010:kvm_load_guest_fpu.part.163+0x2a9/0x430 arch/x86/kvm/x86.c:7596
RSP: 0018:ffff8800692176e8 EFLAGS: 00010297
RAX: ffff880068b2c200 RBX: 1ffff1000d242edd RCX: ffff8800696fc5ec
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880068b2d4c5
RBP: ffff8800692177b0 R08: 1ffff1000d242ebf R09: 00000000fffff8f8
R10: 0000000000000000 R11: 0000000000000002 R12: ffff8800696f8000
R13: ffff880069217788 R14: dffffc0000000000 R15: ffff8800696f8000
FS:  00007fb239f787c0(0000) GS:ffff88006ca00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000002001f000 CR3: 000000006c55a000 CR4: 00000000000026f0
Call Trace:
 kvm_load_guest_fpu arch/x86/kvm/x86.c:6737
 vcpu_enter_guest arch/x86/kvm/x86.c:6842
 vcpu_run arch/x86/kvm/x86.c:7030
 kvm_arch_vcpu_ioctl_run+0x1f61/0x4860 arch/x86/kvm/x86.c:7191
 kvm_vcpu_ioctl+0x673/0x1120 arch/x86/kvm/../../../virt/kvm/kvm_main.c:2568
 vfs_ioctl fs/ioctl.c:45
 do_vfs_ioctl+0x1bf/0x1660 fs/ioctl.c:685
 SYSC_ioctl fs/ioctl.c:700
 SyS_ioctl+0x8f/0xc0 fs/ioctl.c:691
 entry_SYSCALL_64_fastpath+0x1f/0xbe arch/x86/entry/entry_64.S:204
RIP: 0033:0x7fb23968bb79
RSP: 002b:00007ffec57db2d8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
RAX: ffffffffffffffda RBX: 00007ffec57db480 RCX: 00007fb23968bb79
RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
RBP: 0000000000400b40 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 00007ffec57db480 R14: 0000000000000000 R15: 0000000000000000
Code: 4e 00 65 ff 0d f9 72 f5 7e e9 5c fe ff ff e8 7f e4 4e 00 31 c0
49 0f ae 8c 24 00 0b 00 00 85 c0 0f 84 35 fe ff ff e8 67 e4 4e 00 <0f>
ff e9 29 fe ff ff e8 5b e4 4e 00 65 ff 05 c4 72 f5 7e 4d 8d
---[ end trace 7a89c6ce24f92b9b ]---

View attachment "kvm_load_guest_fpu-warn-poc.c" of type "text/x-csrc" (11892 bytes)

Download attachment ".config" of type "application/octet-stream" (129025 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ