[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Y/jOTXCgySjAQnuX@ziepe.ca>
Date: Fri, 24 Feb 2023 10:48:45 -0400
From: Jason Gunthorpe <jgg@...pe.ca>
To: Pengfei Xu <pengfei.xu@...el.com>
Cc: baolu.lu@...el.com, yi.l.liu@...el.com, kevin.tian@...el.com,
heng.su@...el.com, linux-kernel@...r.kernel.org
Subject: Re: [Syzkaller & bisect] There was "iommufd_test" WARNING in v6.2 in
guest
On Fri, Feb 24, 2023 at 01:43:38PM +0800, Pengfei Xu wrote:
> Hi Jason,
>
> Greeting!
>
> Platform: ADL-S and x86 platforms
> Host kernel 6.2.0-rc7 which doesn't enable iommufd by host kconfig setting as
> below:
> "# CONFIG_IOMMUFD is not set"
>
> Guest kconfig with iommufd enabled: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/kconfig_origin
> Reproduced code: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/repro.c
> v6.2 problem dmesg: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/v6.2_c9c3395d5e3dcc6daee66c6908354d47bf98cb0c_dmesg.log
> Bisect info: https://github.com/xupengfe/syzkaller_logs/blob/main/230224_044002_iommufd_test/bisect_info.log
>
> There was "iommufd_test" WARNING in v6.2 in guest:
> [ 32.012827] ------------[ cut here ]------------
> [ 32.013027] WARNING: CPU: 1 PID: 393 at drivers/iommu/iommufd/selftest.c:403 iommufd_test+0xb19/0x16f0
> [ 32.013410] Modules linked in:
I didn't include the IOMMU_TEST_OP_MD_CHECK_REFS in the syzkaller
descriptions, how did you hit this?
Anyhow, it is a small issue in the test suite because uptr + length overflows:
--- a/drivers/iommu/iommufd/selftest.c
+++ b/drivers/iommu/iommufd/selftest.c
@@ -568,13 +568,17 @@ static int iommufd_test_md_check_refs(struct iommufd_ucmd *ucmd,
void __user *uptr, size_t length,
unsigned int refs)
{
- if (length % PAGE_SIZE || (uintptr_t)uptr % PAGE_SIZE)
+ uintptr_t end;
+
+ if (length % PAGE_SIZE || (uintptr_t)uptr % PAGE_SIZE ||
+ check_add_overflow((uintptr_t)uptr, (uintptr_t)length, &end))
return -EINVAL;
Jason
Powered by blists - more mailing lists