Re: System crash with perf_fuzzer (kernel: 5.0.0-rc3)

From: Vince Weaver
Date: Sat Feb 02 2019 - 12:58:20 EST

Next message: kbuild test robot: "Re: [PATCH] swiotlb: Return error from swiotlb_init_with_tbl()"
Previous message: Geoff Levand: "Re: [PATCH] Move static keyword at beginning of declaration"
In reply to: Jiri Olsa: "Re: System crash with perf_fuzzer (kernel: 5.0.0-rc3)"
Next in thread: Jiri Olsa: "[PATCH] perf: Add check_period pmu callback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 1 Feb 2019, Jiri Olsa wrote:

> >
> > I've just started fuzzing with the patch applied. Often it takes a few
> > hours to trigger the bug.
>
> cool, thanks

I let it run overnight and no crash.

> > Added question about this bug. It appeared that the crash was triggered
> > by the BTS driver over-writing kernel memory. The data being written, was
> > this user controllable? Meaning, is this a security issue being fixed, or
> > just a crashing issue?
>
> yea, I have an example that can trigger it immediately

I mean: the crash is happening because data structures are getting
over-written by the BTS driver. Depending who and what is doing this,
this could be a security issue (i.e. if it was raw BTS data that was
partially userspace controlled values). Though even if this were the case
it would probably be hard to exploit.

Vince

Next message: kbuild test robot: "Re: [PATCH] swiotlb: Return error from swiotlb_init_with_tbl()"
Previous message: Geoff Levand: "Re: [PATCH] Move static keyword at beginning of declaration"
In reply to: Jiri Olsa: "Re: System crash with perf_fuzzer (kernel: 5.0.0-rc3)"
Next in thread: Jiri Olsa: "[PATCH] perf: Add check_period pmu callback"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]