| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Aug 2022 08:13:59 +0200
From: Dmitry Vyukov <dvyukov@...gle.com>
To: mst@...hat.com
Cc: James.Bottomley@...senpartnership.com, andres@...razel.de,
axboe@...nel.dk, c@...hat.com, davem@...emloft.net,
edumazet@...gle.com, gregkh@...uxfoundation.org,
jasowang@...hat.com, kuba@...nel.org, linux-kernel@...r.kernel.org,
linux@...ck-us.net, martin.petersen@...cle.com,
netdev@...r.kernel.org, pabeni@...hat.com,
torvalds@...ux-foundation.org,
virtualization@...ts.linux-foundation.org,
xuanzhuo@...ux.alibaba.com, kasan-dev@...glegroups.com
Subject: Re: upstream kernel crashes
On Mon, 15 Aug 2022 17:32:06 -0400, Michael wrote:
> So if you pass the size parameter for a legacy device it will
> try to make the ring smaller and that is not legal with
> legacy at all. But the driver treats legacy and modern
> the same, it allocates a smaller queue anyway.
>
> Lo and behold, I pass disable-modern=on to qemu and it happily
> corrupts memory exactly the same as GCP does.
Ouch!
I understand that the host does the actual corruption,
but could you think of any additional debug checking in the guest
that would caught this in future? Potentially only when KASAN
is enabled which can verify validity of memory ranges.
Some kind of additional layer of sanity checking.
This caused a bit of a havoc for syzbot with almost 100 unique
crash signatures, so would be useful to catch such issues more
reliably in future.
Thanks
Powered by blists - more mailing lists