linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* kvm: using uninitialized var in tdp_page_fault
@ 2016-01-15 17:02 Sasha Levin
  2016-02-23 14:30 ` Paolo Bonzini
  0 siblings, 1 reply; 3+ messages in thread
From: Sasha Levin @ 2016-01-15 17:02 UTC (permalink / raw)
  To: Paolo Bonzini, Gleb Natapov; +Cc: LKML, LKML, Dmitry Vyukov, syzkaller

Hi all,

While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
guest, I've hit the following use of an uninitialized variable:

[  810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6

[  810.785650] load of value 179 is not a valid value for type '_Bool'

[  810.787554] CPU: 2 PID: 24676 Comm: syz-executor Tainted: G      D         4.4.0-next-20160114-sasha-00021-gf1273d1-dirty #2798

[  810.790792]  1ffff10018213e84 000000008c6fa2f9 ffff8800c109f4a0 ffffffff83433c4e

[  810.792954]  0000000041b58ab3 ffffffff8f960c38 ffffffff83433b86 ffff8800c109f468

[  810.794776]  0000188300000001 000000008c6fa2f9 ffffffff8feb7a20 ffff8800c109f530

[  810.796001] Call Trace:

[  810.796840] dump_stack (lib/dump_stack.c:52)
[  810.798243] ubsan_epilogue (lib/ubsan.c:165)
[  810.802976] __ubsan_handle_load_invalid_value (lib/ubsan.c:454)
[  810.806657] tdp_page_fault (arch/x86/kvm/mmu.c:3502)
[  810.809900] kvm_mmu_page_fault (arch/x86/kvm/mmu.c:4372)
[  810.810517] handle_ept_violation (arch/x86/kvm/vmx.c:5961)
[  810.812386] vmx_handle_exit (arch/x86/kvm/vmx.c:8183)
[  810.817389] vcpu_enter_guest (arch/x86/kvm/x86.c:6677)
[  810.831863] kvm_arch_vcpu_ioctl_run (arch/x86/kvm/x86.c:6741 arch/x86/kvm/x86.c:6894)
[  810.834138] kvm_vcpu_ioctl (arch/x86/kvm/../../../virt/kvm/kvm_main.c:2365)
[  810.840570] do_vfs_ioctl (fs/ioctl.c:44 fs/ioctl.c:674)
[  810.855017] SyS_ioctl (fs/ioctl.c:689 fs/ioctl.c:680)
[  810.856134] entry_SYSCALL_64_fastpath (arch/x86/entry/entry_64.S:186)

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: kvm: using uninitialized var in tdp_page_fault
  2016-01-15 17:02 kvm: using uninitialized var in tdp_page_fault Sasha Levin
@ 2016-02-23 14:30 ` Paolo Bonzini
  2016-02-28 13:08   ` Dmitry Vyukov
  0 siblings, 1 reply; 3+ messages in thread
From: Paolo Bonzini @ 2016-02-23 14:30 UTC (permalink / raw)
  To: Sasha Levin, Gleb Natapov; +Cc: LKML, Dmitry Vyukov, syzkaller



On 15/01/2016 18:02, Sasha Levin wrote:
> Hi all,
> 
> While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
> guest, I've hit the following use of an uninitialized variable:
> 
> [  810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6
> 
> [  810.785650] load of value 179 is not a valid value for type '_Bool'

Can you check this patch:

diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
index be3cef12706c..fd54613a1204 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct
 	if (addr == KVM_HVA_ERR_RO_BAD)
 		return KVM_PFN_ERR_RO_FAULT;
 
-	if (kvm_is_error_hva(addr))
+	if (kvm_is_error_hva(addr)) {
+		if (writable)
+			*writable = false;
 		return KVM_PFN_NOSLOT;
+	}
 
 	/* Do not map writable pfn in the readonly memslot. */
 	if (writable && memslot_is_readonly(slot)) {

Thanks,

Paolo

^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: kvm: using uninitialized var in tdp_page_fault
  2016-02-23 14:30 ` Paolo Bonzini
@ 2016-02-28 13:08   ` Dmitry Vyukov
  0 siblings, 0 replies; 3+ messages in thread
From: Dmitry Vyukov @ 2016-02-28 13:08 UTC (permalink / raw)
  To: Paolo Bonzini; +Cc: Sasha Levin, Gleb Natapov, LKML, syzkaller

On Tue, Feb 23, 2016 at 3:30 PM, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
>
> On 15/01/2016 18:02, Sasha Levin wrote:
>> Hi all,
>>
>> While fuzzing with syzkaller on the latest -next kernel running on a KVM tools
>> guest, I've hit the following use of an uninitialized variable:
>>
>> [  810.783676] UBSAN: Undefined behaviour in arch/x86/kvm/mmu.c:3502:6
>>
>> [  810.785650] load of value 179 is not a valid value for type '_Bool'
>
> Can you check this patch:
>
> diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
> index be3cef12706c..fd54613a1204 100644
> --- a/virt/kvm/kvm_main.c
> +++ b/virt/kvm/kvm_main.c
> @@ -1449,8 +1449,11 @@ pfn_t __gfn_to_pfn_memslot(struct
>         if (addr == KVM_HVA_ERR_RO_BAD)
>                 return KVM_PFN_ERR_RO_FAULT;
>
> -       if (kvm_is_error_hva(addr))
> +       if (kvm_is_error_hva(addr)) {
> +               if (writable)
> +                       *writable = false;
>                 return KVM_PFN_NOSLOT;
> +       }
>
>         /* Do not map writable pfn in the readonly memslot. */
>         if (writable && memslot_is_readonly(slot)) {



Sasha, does it fix the issue? This patch is still not merged.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-28 13:08 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-01-15 17:02 kvm: using uninitialized var in tdp_page_fault Sasha Levin
2016-02-23 14:30 ` Paolo Bonzini
2016-02-28 13:08   ` Dmitry Vyukov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).