lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220817061359.200970-1-dvyukov@google.com>
Date:   Wed, 17 Aug 2022 08:13:59 +0200
From:   Dmitry Vyukov <dvyukov@...gle.com>
To:     mst@...hat.com
Cc:     James.Bottomley@...senpartnership.com, andres@...razel.de,
        axboe@...nel.dk, c@...hat.com, davem@...emloft.net,
        edumazet@...gle.com, gregkh@...uxfoundation.org,
        jasowang@...hat.com, kuba@...nel.org, linux-kernel@...r.kernel.org,
        linux@...ck-us.net, martin.petersen@...cle.com,
        netdev@...r.kernel.org, pabeni@...hat.com,
        torvalds@...ux-foundation.org,
        virtualization@...ts.linux-foundation.org,
        xuanzhuo@...ux.alibaba.com, kasan-dev@...glegroups.com
Subject: Re: upstream kernel crashes

On Mon, 15 Aug 2022 17:32:06 -0400, Michael wrote:
> So if you pass the size parameter for a legacy device it will
> try to make the ring smaller and that is not legal with
> legacy at all. But the driver treats legacy and modern
> the same, it allocates a smaller queue anyway.
>
> Lo and behold, I pass disable-modern=on to qemu and it happily
> corrupts memory exactly the same as GCP does.

Ouch!

I understand that the host does the actual corruption,
but could you think of any additional debug checking in the guest
that would caught this in future? Potentially only when KASAN
is enabled which can verify validity of memory ranges.
Some kind of additional layer of sanity checking.

This caused a bit of a havoc for syzbot with almost 100 unique
crash signatures, so would be useful to catch such issues more
reliably in future.

Thanks

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ