* Re: [BUG]: bad usercopy in kvm_stats_read in mm/usercopy.c [not found] <CAC_GQSr3xzZaeZt85k_RCBd5kfiOve8qXo7a81Cq53LuVQ5r=Q@mail.gmail.com> @ 2023-07-10 20:34 ` Andrew Morton 2023-07-11 16:15 ` Sean Christopherson 0 siblings, 1 reply; 3+ messages in thread From: Andrew Morton @ 2023-07-10 20:34 UTC (permalink / raw) To: Zheng Zhang; +Cc: keescook, linux-hardening, linux-mm, linux-kernel, kvm On Sun, 9 Jul 2023 14:32:09 -0700 Zheng Zhang <zheng.zhang@email.ucr.edu> wrote: > Kees, Andrew, and to whom it may concern: > > Hello! We have found a bug in the Linux kernel version 6.2.0 by syzkaller > with our own templates. It also produces a POC. > Attached is the report, log, and reproducers generated by syzkaller > Please let me know if there is any additional information that I can > provide to help debug this issue. > Thanks! Let's cc the kvm mailing list. Original email is at https://lkml.kernel.org/r/CAC_GQSr3xzZaeZt85k_RCBd5kfiOve8qXo7a81Cq53LuVQ5r=Q@mail.gmail.com ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG]: bad usercopy in kvm_stats_read in mm/usercopy.c 2023-07-10 20:34 ` [BUG]: bad usercopy in kvm_stats_read in mm/usercopy.c Andrew Morton @ 2023-07-11 16:15 ` Sean Christopherson 2023-07-11 16:26 ` Kees Cook 0 siblings, 1 reply; 3+ messages in thread From: Sean Christopherson @ 2023-07-11 16:15 UTC (permalink / raw) To: Andrew Morton Cc: Zheng Zhang, keescook, linux-hardening, linux-mm, linux-kernel, kvm On Mon, Jul 10, 2023, Andrew Morton wrote: > On Sun, 9 Jul 2023 14:32:09 -0700 Zheng Zhang <zheng.zhang@email.ucr.edu> wrote: > > > Kees, Andrew, and to whom it may concern: > > > > Hello! We have found a bug in the Linux kernel version 6.2.0 by syzkaller > > with our own templates. It also produces a POC. > > Attached is the report, log, and reproducers generated by syzkaller > > Please let me know if there is any additional information that I can > > provide to help debug this issue. > > Thanks! > > Let's cc the kvm mailing list. > > Original email is at > https://lkml.kernel.org/r/CAC_GQSr3xzZaeZt85k_RCBd5kfiOve8qXo7a81Cq53LuVQ5r=Q@mail.gmail.com Yeaaaah. We failed kernel programming 101. KVM installs file descriptors to let userspace read VM and vCPU stats, but doesn't grab a reference to the VM to ensure the VM and its vCPUs are kept alive until the stats fds are closed. I'll send a patch. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [BUG]: bad usercopy in kvm_stats_read in mm/usercopy.c 2023-07-11 16:15 ` Sean Christopherson @ 2023-07-11 16:26 ` Kees Cook 0 siblings, 0 replies; 3+ messages in thread From: Kees Cook @ 2023-07-11 16:26 UTC (permalink / raw) To: Sean Christopherson Cc: Andrew Morton, Zheng Zhang, linux-hardening, linux-mm, linux-kernel, kvm, Matthew Wilcox On Tue, Jul 11, 2023 at 09:15:00AM -0700, Sean Christopherson wrote: > On Mon, Jul 10, 2023, Andrew Morton wrote: > > On Sun, 9 Jul 2023 14:32:09 -0700 Zheng Zhang <zheng.zhang@email.ucr.edu> wrote: > > > > > Kees, Andrew, and to whom it may concern: > > > > > > Hello! We have found a bug in the Linux kernel version 6.2.0 by syzkaller > > > with our own templates. It also produces a POC. > > > Attached is the report, log, and reproducers generated by syzkaller > > > Please let me know if there is any additional information that I can > > > provide to help debug this issue. > > > Thanks! > > > > Let's cc the kvm mailing list. > > > > Original email is at > > https://lkml.kernel.org/r/CAC_GQSr3xzZaeZt85k_RCBd5kfiOve8qXo7a81Cq53LuVQ5r=Q@mail.gmail.com > > Yeaaaah. We failed kernel programming 101. KVM installs file descriptors to > let userspace read VM and vCPU stats, but doesn't grab a reference to the VM to > ensure the VM and its vCPUs are kept alive until the stats fds are closed. I'll > send a patch. Thanks! Another victory for hardened usercopy. :) -- Kees Cook ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-07-11 16:26 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <CAC_GQSr3xzZaeZt85k_RCBd5kfiOve8qXo7a81Cq53LuVQ5r=Q@mail.gmail.com>
2023-07-10 20:34 ` [BUG]: bad usercopy in kvm_stats_read in mm/usercopy.c Andrew Morton
2023-07-11 16:15 ` Sean Christopherson
2023-07-11 16:26 ` Kees Cook
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox