From: Borislav Petkov <bp@alien8.de>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: syzbot <syzbot+9cf5373b0e15476f39a2@syzkaller.appspotmail.com>,
"H. Peter Anvin" <hpa@zytor.com>,
LKML <linux-kernel@vger.kernel.org>,
Andy Lutomirski <luto@kernel.org>, Ingo Molnar <mingo@redhat.com>,
syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
Thomas Gleixner <tglx@linutronix.de>,
the arch/x86 maintainers <x86@kernel.org>,
clang-built-linux <clang-built-linux@googlegroups.com>
Subject: Re: invalid opcode in map_vdso
Date: Wed, 23 Sep 2020 12:30:08 +0200 [thread overview]
Message-ID: <20200923103008.GE28545@zn.tnic> (raw)
In-Reply-To: <CACT4Y+YGFtPCi3a-ByZGs1kCFfJOYv_AbkxOG=K_D4xh0r4okA@mail.gmail.com>
On Wed, Sep 23, 2020 at 11:19:40AM +0200, Dmitry Vyukov wrote:
> +clang-built-linux
> Looks like another one with kernel code overwrite in clang build.
Uuh, that's a nice and refreshing one - the pattern is not zeroes this
time
Code: 16 48 89 ef 48 8b 34 24 31 c9 e8 88 7c a7 00 eb 7a 4c 8b 74 24 28 43 80 3c 3e 00 48 8b 5c 24 08 74 08 4c 89 ef e8 4d 77 70 70 <07> 20 05 00 00 49 03 6d 00 48 89 e8 48 c1 e8 03 42 80 3c 38 00 74
All code
========
0: 16 (bad)
1: 48 89 ef mov %rbp,%rdi
4: 48 8b 34 24 mov (%rsp),%rsi
8: 31 c9 xor %ecx,%ecx
a: e8 88 7c a7 00 callq 0xa77c97
f: eb 7a jmp 0x8b
11: 4c 8b 74 24 28 mov 0x28(%rsp),%r14
16: 43 80 3c 3e 00 cmpb $0x0,(%r14,%r15,1)
1b: 48 8b 5c 24 08 mov 0x8(%rsp),%rbx
20: 74 08 je 0x2a
22: 4c 89 ef mov %r13,%rdi
25: e8 4d 77 70 70 callq 0x70707777
2a:* 07 (bad) <-- trapping instruction
2b: 20 05 00 00 49 03 and %al,0x3490000(%rip) # 0x3490031
31: 6d insl (%dx),%es:(%rdi)
32: 00 48 89 add %cl,-0x77(%rax)
35: e8 48 c1 e8 03 callq 0x3e8c182
3a: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1)
3f: 74 .byte 0x74
Code starting with the faulting instruction
===========================================
0: 07 (bad)
1: 20 05 00 00 49 03 and %al,0x3490000(%rip) # 0x3490007
7: 6d insl (%dx),%es:(%rdi)
8: 00 48 89 add %cl,-0x77(%rax)
b: e8 48 c1 e8 03 callq 0x3e8c158
10: 42 80 3c 38 00 cmpb $0x0,(%rax,%r15,1)
15: 74 .byte 0x74
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette
next prev parent reply other threads:[~2020-09-23 10:30 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-23 9:18 invalid opcode in map_vdso syzbot
2020-09-23 9:19 ` Dmitry Vyukov
2020-09-23 10:30 ` Borislav Petkov [this message]
2020-09-25 12:16 ` Dmitry Vyukov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200923103008.GE28545@zn.tnic \
--to=bp@alien8.de \
--cc=clang-built-linux@googlegroups.com \
--cc=dvyukov@google.com \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=mingo@redhat.com \
--cc=syzbot+9cf5373b0e15476f39a2@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.