lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87ttlap1pc.wl-maz@kernel.org>
Date: Wed, 13 Mar 2024 15:54:07 +0000
From: Marc Zyngier <maz@...nel.org>
To: cheung wall <zzqq0103.hey@...il.com>
Cc: Oliver Upton <oliver.upton@...ux.dev>,
	Catalin Marinas <catalin.marinas@....com>,
	Will Deacon <will@...nel.org>,
	James Morse <james.morse@....com>,
	Suzuki K Poulose <suzuki.poulose@....com>,
	Zenghui Yu <yuzenghui@...wei.com>,
	linux-arm-kernel@...ts.infradead.org,
	kvmarm@...ts.linux.dev,
	linux-kernel@...r.kernel.org
Subject: Re: memory leak in kvm_init_stage2_mmu

On Wed, 13 Mar 2024 04:53:52 +0000,
cheung wall <zzqq0103.hey@...il.com> wrote:
> 
> Hello,
> 
> when using Syzkaller to fuzz the latest Linux Kernel arm64 version,
> the following crash
> 
> was triggered on:
> 
> 
> HEAD commit: 0dd3ee31125508cd67f7e7172247f05b7fd1753a  (tag: v6.7)
> 
> git tree: upstream
> 
> console output: https://pastebin.com/raw/MLVZbN01

This reports "Forbidden".

> kernel config: https://pastebin.com/raw/PFD96ZwE

# CONFIG_KVM is not set

How do you expect this to work?

> 
> C reproducer: https://pastebin.com/raw/rHmMzvGt
> 
> Syzlang reproducer: https://pastebin.com/raw/dAt714WD
> 
> 
> If you fix this issue, please add the following tag to the commit:
> 
> Reported-by: Qiang Zhang <zzqq0103.hey@...il.com>
> 
> ----------------------------------------------------------
> 
> 2024/03/05 18:24:34 executed programs: 0
> 2024/03/05 18:26:41 executed programs: 8
> BUG: memory leak
> unreferenced object 0xffff023ad74b8100 (size 128):
>   comm "syz-executor.3", pid 3911, jiffies 4295149819 (age 22.132s)
>   hex dump (first 32 bytes):
>     28 00 00 00 01 00 00 00 00 40 4e d7 3a 02 ff ff  (........@N.:...
>     80 d9 5f a4 48 d3 ff ff c8 69 46 d7 3a 02 ff ff  .._.H....iF.:...
>   backtrace:
>     [<000000008d295845>] kmemleak_alloc_recursive
> data/embfuzz/emblinux/linux-4a61839152cc3e9e00ac059d73a28d148d622b30/./include/linux/kmemleak.h:42

[...]

I suspect this report suffers from the same problem as the other one,
where this is actually against 6.1.61 rather than 6.7 as advertised?

I ran the reproducer locally on 6.8, and didn't observe any failure. I
had to modify the it though, as I'm using a host with 16kB page size.

Please let me know if I'm missing something.

	M.

-- 
Without deviation from the norm, progress is not possible.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ