diff options
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/2274.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/2274.toml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/2274.toml b/gitlab/issues/target_missing/host_missing/accel_missing/2274.toml new file mode 100644 index 00000000..99a056dd --- /dev/null +++ b/gitlab/issues/target_missing/host_missing/accel_missing/2274.toml @@ -0,0 +1,53 @@ +id = 2274 +title = "Assertion failuer in cryptodev_builtin_close_session()" +state = "closed" +created_at = "2024-04-08T12:29:53.139Z" +closed_at = "2024-04-10T15:08:32.000Z" +labels = ["Fuzzer", "device:virtio", "workflow::Patch available"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/2274" +host-os = "Ubuntu 22.04.4 LTS" +host-arch = "x86_64" +qemu-version = "commit ce64e6224a" +guest-os = "Debian GNU/Linux 10 (buster)" +guest-arch = "x86_64" +description = """In the function _cryptodev_builtin_close_session(),_ an assertation happened: + +``` +qemu-fuzz-x86_64: qemu/backends/cryptodev-builtin.c:430: int cryptodev_builtin_close_session(CryptoDevBackend *, uint64_t, uint32_t, CryptoDevCompletionFunc, void *): Assertion `session_id < MAX_NUM_SESSIONS && builtin->sessions[session_id]' failed. +==1256139== ERROR: libFuzzer: deadly signal + #9 0x71acb8c2871a in __assert_fail_base assert/./assert/assert.c:92:3 + #10 0x71acb8c39e95 in __assert_fail assert/./assert/assert.c:101:3 + #11 0x5af7f624b12b in cryptodev_builtin_close_session qemu/backends/cryptodev-builtin.c:430:5 + #12 0x5af7f60b2860 in virtio_crypto_handle_close_session qemu/hw/virtio/virtio-crypto.c:262:12 + #13 0x5af7f60b2860 in virtio_crypto_handle_ctrl qemu/hw/virtio/virtio-crypto.c:423:19 +``` + +The user could send an invalid session_id to trigger this assertion.""" +reproduce = """Here's a simple PoC: + +``` +cat << EOF | qemu-system-x86_64 -display none\\ + -machine accel=qtest -m 512M -machine q35 -nodefaults -object \\ +cryptodev-backend-builtin,id=cryptodev0 -device \\ +virtio-crypto-pci,id=crypto0,cryptodev=cryptodev0 -qtest stdio +outl 0xcf8 0x80000804 +outw 0xcfc 0x06 +outl 0xcf8 0x80000820 +outl 0xcfc 0xe0008000 +write 0x10800e 0x1 0x01 +write 0xe0008016 0x1 0x01 +write 0xe0008020 0x4 0x00801000 +write 0xe0008028 0x4 0x00c01000 +write 0xe000801c 0x1 0x01 +write 0x110000 0x1 0x05 +write 0x110001 0x1 0x04 +write 0x108002 0x1 0x11 +write 0x108008 0x1 0x48 +write 0x10800c 0x1 0x01 +write 0x108018 0x1 0x10 +write 0x10801c 0x1 0x02 +write 0x10c002 0x1 0x01 +write 0xe000b005 0x1 0x00 +EOF +```""" +additional = "n/a" |