lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56d33822-e577-c8a8-673b-675d6920c379@huawei.com>
Date:   Mon, 15 Mar 2021 10:29:08 +0000
From:   John Garry <john.garry@...wei.com>
To:     Dmitry Vyukov <dvyukov@...gle.com>
CC:     Arnd Bergmann <arnd@...db.de>, Mark Rutland <mark.rutland@....com>,
        "Marc Zyngier" <maz@...nel.org>, Will Deacon <will@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        Linux ARM <linux-arm-kernel@...ts.infradead.org>,
        syzkaller <syzkaller@...glegroups.com>,
        LKML <linux-kernel@...r.kernel.org>,
        Peter Maydell <peter.maydell@...aro.org>,
        Alex Bennée <alex.bennee@...aro.org>,
        Jiahui Cen <cenjiahui@...wei.com>
Subject: Re: arm64 syzbot instances

On 15/03/2021 10:01, Dmitry Vyukov wrote:
> On Mon, Mar 15, 2021 at 10:45 AM John Garry<john.garry@...wei.com>  wrote:
>>>> It does not happen too often on syzbot so far, so let's try to do the
>>>> right thing first.
>>>> I've filed:https://bugs.launchpad.net/qemu/+bug/1918917
>>>> with a link to this thread. To be fair, I don't fully understand what
>>>> I am talking about, I hope I proxied your description properly.
>>> Thanks, looks good. I provided a little more detail in a comment there.
>>>
>>>           Arnd
>>> .
>>>
>>   From looking at the bug report, my impression is that this is a qemu
>> issue, as the logical IO space is mapped to the PCI host bridge IO
>> space, and qemu does not handle accesses to that CPU addressable region
>> at all. As Arnd said.
>>
>> However, we really should not be accessing logical IO ports 0 or 0x2f8
>> at all via ttyS3 if not enumerated from PCI device at that logical IO
>> port. That is what I think anyway, as who knows what device - if any -
>> really exists at that location. That is why I had this patch to just
>> stop accesses to legacy IO port regions on arm64:
>>
>> https://lore.kernel.org/lkml/1610729929-188490-2-git-send-email-john.garry@huawei.com/
> Hi John,
> 
> Thanks for the info.
> 
> The patch is from January, but it's not merged yet, right?
> It will fix the crash we see, right?
> .

It's not merged, and it probably would solve this issue. But following 
discussion with Arnd when it was originally posted, I still need to do 
some analysis whether it is the proper thing to do.

However, as mentioned, the fundamental issue looks like qemu IO port 
access, so it would be good to check that first.

On a related topic, I will cc colleague Jiahui Cen, who I think was 
doing some work arm on qemu support in a related area, so may share some 
experience here.

Jiahui Cen did have a patch to fix logical PIO code from this work [0], 
which is not merged, but I don't think would help here. I will cc you on it.

Thanks,
John

[0] 
https://lore.kernel.org/lkml/006ad6ce-d6b2-59cb-8209-aca3f6e53fec@huawei.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ