|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] A possible pointer_overflow in xen-4.13
Hi, I compile Xen-4.13 with CONFIG_UBSAN, and try test it. However, during testing, xl dmesg got the output as shown below. It seems that there is a potential pointer overflow within arch/x86/pv/emul-priv-op.c:131 where xen try to execute instruction ''' APPEND_CALL(save_guest_gprs) '''£¬where APPEND_CALL try to add an offset on *p without proper checking. I compiled xen-4.13 by clang-9, with following instructions: ''' export CONFIG_UBSAN=y ''' && ''' make clang=y debug=y ''' . Do you have any idea what going on here? (XEN) pointer operation underflowed ffff8200400170d3 to ffff04d0c0014193 (XEN) ----[ Xen-4.15-unstable x86_64 debug=y Not tainted ]---- (XEN) CPU: 1 (XEN) RIP: e008:[<ffff82d0402d694a>] common/ubsan/ubsan.c#ubsan_epilogue+0xa/0x90 (XEN) RFLAGS: 0000000000010082 CONTEXT: hypervisor (d0v0) (XEN) rax: 0000000000000000 rbx: ffff83007c36f870 rcx: 0000000000000010 (XEN) rdx: 0000000000010000 rsi: ffff83007c370000 rdi: ffff83007c36f870 (XEN) rbp: ffff83007c36f858 rsp: ffff83007c36f848 r8: ffff82d040853f70 (XEN) r9: 0000000000000001 r10: ffff82d040854400 r11: ffff82d0408543d0 (XEN) r12: ffff83007c36f870 r13: ffff8200400170d0 r14: ffff04d0c0014193 (XEN) r15: ffff8200400170d3 cr0: 0000000080050033 cr4: 0000000000000660 (XEN) cr3: 000000007640c000 cr2: ffffc900003ff000 (XEN) fsb: 0000000000000000 gsb: ffff888073600000 gss: 0000000000000000 (XEN) ds: 0000 es: 0000 fs: 0000 gs: 0000 ss: 0000 cs: e008 (XEN) Xen code around <ffff82d0402d694a> (common/ubsan/ubsan.c#ubsan_epilogue+0xa/0x90): (XEN) 89 e5 41 56 53 48 89 fb <0f> 0b 48 8d 3d 17 83 3c 00 31 c0 e8 76 29 00 00 (XEN) Xen stack trace from rsp=ffff83007c36f848: (XEN) ffff82d040a5b9b0 ffff04d0c0014193 ffff83007c36f898 ffff82d0402d7bde (XEN) 0000000000003000 0000000000000286 ffff04d0c0014193 ffff83007c36fe58 (XEN) ffff82d07fffd0c0 ffff8200400170d3 ffff83007c36f8f8 ffff82d040493d7b (XEN) ffff83007c36f8c8 00000001000003da ffff83007f85aa50 000000ec7f85ce01 (XEN) ffff83007c36fe00 ffff83007c36fe18 00000000000003da ffff83007c36fe00 (XEN) 0000000000000000 0000000000000001 ffff83007c36f938 ffff82d040490eb5 (XEN) ffff83007c36fce8 00000000000003da 0000000000000000 ffff82d0406c0358 (XEN) ffff82d0406c03c0 0000000000000000 ffff83007c36fda8 ffff82d040531a73 (XEN) ffff82d04058d851 0000000000000046 0000000000000046 ffff82d04027061d (XEN) 0000000000077f07 ffff83007f85f2b8 0000000000000000 aaaaaaaaaaaaaaaa (XEN) aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa (XEN) aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa ffff82d040270980 (XEN) 0000000000000017 ffff82d0402364f4 0000000000000246 ffff82d04028f4e9 (XEN) 0000000100000220 ffff83007c378004 000000000000022f 000000000000000f (XEN) 0000000000000001 0000000000000246 0000000000000246 ffff82d04028f4e9 (XEN) 00000001000000a0 ffff83007c378004 00000000000000a3 0000000000000003 (XEN) ffff83007c36fe2c 0000000000000001 ffff83007c36fa78 ffff82d040270a07 (XEN) ffff83007c36fef8 ffff82d040c68058 ffff83007c36fa98 ffff82d040270980 (XEN) ffff83007ff48ea8 00000000000000b0 ffff83007c36faf8 ffff82d04028ded1 (XEN) ffff83007ff48ea8 ffff83007ff48eb0 ffff83007c379868 00000000000000a0 (XEN) Xen call trace: (XEN) [<ffff82d0402d694a>] R common/ubsan/ubsan.c#ubsan_epilogue+0xa/0x90 (XEN) [<ffff82d0402d7bde>] F __ubsan_handle_pointer_overflow+0x6e/0xa0 (XEN) [<ffff82d040493d7b>] F arch/x86/pv/emul-priv-op.c#io_emul_stub_setup+0x44b/0x6a0 (XEN) [<ffff82d040490eb5>] F arch/x86/pv/emul-priv-op.c#read_io+0xd5/0x1c0 (XEN) [<ffff82d040531a73>] F x86_emulate+0x94f3/0x2e170 (XEN) [<ffff82d040565eb1>] F x86_emulate_wrapper+0x71/0x210 (XEN) [<ffff82d04048f5f2>] F pv_emulate_privileged_op+0x392/0x6a0 (XEN) [<ffff82d040522d3a>] F do_general_protection+0x41a/0x520 (XEN) [<ffff82d04058da3a>] F x86_64/entry.S#handle_exception_saved+0x65/0x91 (XEN) (XEN) ================================================================================ (XEN) d0: Forcing read-only access to MFN fed00
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |