From: Vitaly Kuznetsov <vkuznets@redhat.com>
To: kvm@vger.kernel.org
Cc: syzbot <syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com>,
bp@alien8.de, dave.hansen@linux.intel.com, glider@google.com,
hpa@zytor.com, jmattson@google.com, joro@8bytes.org,
linux-kernel@vger.kernel.org, mingo@redhat.com,
pbonzini@redhat.com, seanjc@google.com,
syzkaller-bugs@googlegroups.com, tglx@linutronix.de,
wanpengli@tencent.com, x86@kernel.org
Subject: Re: [syzbot] KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast
Date: Tue, 28 Jun 2022 15:01:06 +0200 [thread overview]
Message-ID: <875ykluelp.fsf@redhat.com> (raw)
In-Reply-To: <000000000000d8420a05e28075ea@google.com>
syzbot <syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com> writes:
> Hello,
>
> syzbot found the following issue on:
>
> HEAD commit: 4b28366af7d9 x86: kmsan: enable KMSAN builds for x86
> git tree: https://github.com/google/kmsan.git master
> console+strace: https://syzkaller.appspot.com/x/log.txt?x=126a4b60080000
> kernel config: https://syzkaller.appspot.com/x/.config?x=d14e10a167d1c585
> dashboard link: https://syzkaller.appspot.com/bug?extid=d6caa905917d353f0d07
> compiler: clang version 15.0.0 (https://github.com/llvm/llvm-project.git 610139d2d9ce6746b3c617fb3e2f7886272d26ff), GNU ld (GNU Binutils for Debian) 2.35.2
> syz repro: https://syzkaller.appspot.com/x/repro.syz?x=14d596c4080000
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10bcf08ff00000
>
> IMPORTANT: if you fix the issue, please add the following tag to the commit:
> Reported-by: syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com
>
> L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
> =====================================================
> BUG: KMSAN: uninit-value in kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
> BUG: KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
> kvm_apic_set_irq arch/x86/kvm/lapic.c:634 [inline]
> kvm_irq_delivery_to_apic_fast+0x7a7/0x990 arch/x86/kvm/lapic.c:1044
> kvm_irq_delivery_to_apic+0xdb/0xe40 arch/x86/kvm/irq_comm.c:54
> kvm_pv_kick_cpu_op+0xd1/0x100 arch/x86/kvm/x86.c:9155
> kvm_emulate_hypercall+0xee7/0x1340 arch/x86/kvm/x86.c:9285
...
According to the syz repro (and AFAIU), kvm_pv_kick_cpu_op()
doesn't set 'irq->vector' which is not really needed for APIC_DM_REMRD
but we still reference it e.g. in trace_kvm_apic_accept_irq().
I'll can send a patch (if noone beats me to it).
Thanks for the report!
--
Vitaly
prev parent reply other threads:[~2022-06-28 13:01 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-28 11:37 [syzbot] KMSAN: uninit-value in kvm_irq_delivery_to_apic_fast syzbot
2022-06-28 13:01 ` Vitaly Kuznetsov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875ykluelp.fsf@redhat.com \
--to=vkuznets@redhat.com \
--cc=bp@alien8.de \
--cc=dave.hansen@linux.intel.com \
--cc=glider@google.com \
--cc=hpa@zytor.com \
--cc=jmattson@google.com \
--cc=joro@8bytes.org \
--cc=kvm@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=pbonzini@redhat.com \
--cc=seanjc@google.com \
--cc=syzbot+d6caa905917d353f0d07@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
--cc=tglx@linutronix.de \
--cc=wanpengli@tencent.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.