From: Will Deacon <will.deacon@arm.com>
To: "G. Campana" <gcampana+kvm@quarkslab.com>
Cc: kvm@vger.kernel.org, andre.przywara@arm.com
Subject: Re: [PATCH 0/5] [PATCH v2] kvmtool: fix virtio 9p vulnerabilities
Date: Fri, 18 Nov 2016 17:55:49 +0000 [thread overview]
Message-ID: <20161118175549.GA13470@arm.com> (raw)
In-Reply-To: <1478791271-7558-1-git-send-email-gcampana+kvm@quarkslab.com>
On Thu, Nov 10, 2016 at 04:21:06PM +0100, G. Campana wrote:
> This patch series should fix different vulnerabilities found in virtio 9p
> (http://www.spinics.net/lists/kvm/msg130505.html), but it definitely needs some
> testing. By the way, the very same path traversal vulnerability was also found
> in Qemu in August: http://www.openwall.com/lists/oss-security/2016/08/30/1
> and the path traversal fix looks quite similar.
I applied patches 1-4, but patch 5 actually breaks things for me:
[ 0.659365] Freeing unused kernel memory: 1024K (ffff800000c50000 - ffff800000d50000)
[ 0.661269] Kernel panic - not syncing: Requested init /virt/init failed (error -36).
[ 0.662542] CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc4-00005-gf43365ee17f8 #1
[ 0.664009] Hardware name: linux,dummy-virt (DT)
[ 0.664868] Call trace:
[ 0.665332] [<ffff000008088428>] dump_backtrace+0x0/0x1a8
[ 0.666342] [<ffff0000080885e4>] show_stack+0x14/0x20
[ 0.667284] [<ffff000008376fac>] dump_stack+0x94/0xb8
[ 0.668236] [<ffff000008166d64>] panic+0x114/0x27c
[ 0.669131] [<ffff00000889bc30>] kernel_init+0xa0/0x100
[ 0.670112] [<ffff000008082e80>] ret_from_fork+0x10/0x50
[ 0.671118] SMP: stopping secondary CPUs
[ 0.682308] Kernel Offset: disabled
[ 0.682889] Memory Limit: none
[ 0.683390] ---[ end Kernel panic - not syncing: Requested init /virt/init failed (error -36).
I tried replacing the memset of -1 with code to skip to the next file,
but that didn't seem to help.
Will
next prev parent reply other threads:[~2016-11-18 17:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-10 15:21 [PATCH 0/5] [PATCH v2] kvmtool: fix virtio 9p vulnerabilities G. Campana
2016-11-10 15:21 ` [PATCH 1/5] kvmtool: 9p: fix path traversal vulnerabilities G. Campana
2016-11-10 15:21 ` [PATCH 2/5] kvmtool: 9p: fix sprintf vulnerabilities G. Campana
2016-11-10 15:21 ` [PATCH 3/5] kvmtool: 9p: fix strcpy vulnerabilities G. Campana
2016-11-10 15:21 ` [PATCH 4/5] kvmtool: 9p: refactor fixes with get_full_path() G. Campana
2016-11-10 15:21 ` [PATCH 5/5] kvmtool: 9p: fix a buffer overflow in rel_to_abs G. Campana
2016-11-18 17:55 ` Will Deacon [this message]
2016-11-21 10:25 ` [PATCH 0/5] [PATCH v2] kvmtool: fix virtio 9p vulnerabilities G. Campana
2016-11-21 10:33 ` Andre Przywara
2016-11-21 10:48 ` [PATCH 0/5] [PATCH v2] kvmtool: 9p: fix regression introduced by previous patch G. Campana
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161118175549.GA13470@arm.com \
--to=will.deacon@arm.com \
--cc=andre.przywara@arm.com \
--cc=gcampana+kvm@quarkslab.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).