summary refs log tree commit diff stats
path: root/results/classifier/118/all/1813201
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/all/1813201')
-rw-r--r--results/classifier/118/all/1813201125
1 files changed, 125 insertions, 0 deletions
diff --git a/results/classifier/118/all/1813201 b/results/classifier/118/all/1813201
new file mode 100644
index 00000000..6c8012fd
--- /dev/null
+++ b/results/classifier/118/all/1813201
@@ -0,0 +1,125 @@
+TCG: 0.980
+debug: 0.977
+mistranslation: 0.976
+performance: 0.975
+peripherals: 0.970
+user-level: 0.969
+semantic: 0.968
+graphic: 0.968
+i386: 0.966
+ppc: 0.962
+risc-v: 0.962
+device: 0.961
+register: 0.958
+arm: 0.956
+architecture: 0.955
+permissions: 0.953
+VMM: 0.953
+kernel: 0.952
+x86: 0.950
+PID: 0.950
+vnc: 0.949
+virtual: 0.947
+assembly: 0.945
+boot: 0.942
+files: 0.934
+network: 0.933
+hypervisor: 0.930
+KVM: 0.909
+socket: 0.879
+
+QEMU TCG i386 / x86_64 system emulation crash when executing int instruction
+
+QEMU version:
+-------------
+
+qemu from git, master branch commit d058a37a6e8daa8d71a6f2b613eb415b69363755
+
+Release versions are also affected.
+
+Summary:
+--------
+
+QEMU i386 and x86_64 system emulation crash when executing the following "int" instruction:
+
+cd08  int 8
+
+This generates a kernel NULL pointer dereference error in Linux, and a BSOD error in Windows.
+
+No special permissions are required to execute the instruction, any unprivileged user can execute it.
+
+This issue has been reproduced in QEMU running in TCG mode. KVM is not affected.
+
+Kernel panic log:
+
+[  111.091138] BUG: unable to handle kernel NULL pointer dereference at 00000014
+[  111.092145] IP: [<ce0513ad>] doublefault_fn+0xd/0x130
+[  111.092145] *pdpt = 0000000000000000 *pde = f000ff53f000ff53 [  111.092145] 
+[  111.092145] Oops: 0000 [#1] SMP
+[  111.092145] Modules linked in: kvm_amd bochs_drm ppdev ttm drm_kms_helper drm kvm irqbypass evdev pcspkr serio_raw sg parport_pc parport button ip_tables x_tables autofs4 ext4 crc16 jbd2 crc32c_generic fscrypto ecb xts lrw gf128mul ablk_helper cryptd aes_i586 mbcache sr_mod sd_mod cdrom ata_generic ata_piix libata psmouse e1000 scsi_mod i2c_piix4 floppy
+[  111.092145] CPU: 0 PID: 409 Comm: int8.elf Not tainted 4.9.0-8-686-pae #1 Debian 4.9.130-2
+[  111.092145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014
+[  111.092145] task: f6c88a80 task.stack: f6e52000
+[  111.092145] EIP: 0060:[<ce0513ad>] EFLAGS: 00004086 CPU: 0
+[  111.092145] EIP is at doublefault_fn+0xd/0x130
+[  111.092145] EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000
+[  111.092145] ESI: 00000000 EDI: 00000000 EBP: ce8f13fc ESP: ce8f13d4
+[  111.092145]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
+[  111.092145] CR0: 8005003b CR2: 00000014 CR3: 0e8e1000 CR4: 000006f0
+[  111.092145] Stack:
+[  111.092145]  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[  111.092145]  00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
+[  111.092145]  00000000 00000000 00000000 00000000 fed00000 ce474ad0 00000000 00017d78
+[  111.092145] Call Trace:
+[  111.092145] Code: 86 fd ff eb a3 89 f6 8d bc 27 00 00 00 00 55 89 e5 3e 8d 74 26 00 5d e9 e2 79 fd ff 66 90 55 89 e5 56 53 83 ec 20 3e 8d 74 26 00 <65> a1 14 00 00 00 89 45 f4 31 c0 31 c0 c7 45 f0 00 00 00 00 66
+[  111.092145] EIP: [<ce0513ad>] [  111.092145] doublefault_fn+0xd/0x130
+[  111.092145]  SS:ESP 0068:ce8f13d4
+[  111.092145] CR2: 0000000000000014
+[  111.092145] ---[ end trace 8afa7884b76cafc1 ]---
+
+Testcase:
+---------
+
+void main() {
+        asm("int $0x8");
+}
+
+Alberto Ortega writes:
+> Public bug reported:
+>
+> QEMU version:
+> -------------
+>
+> qemu from git, master branch commit
+> d058a37a6e8daa8d71a6f2b613eb415b69363755
+>
+> Release versions are also affected.
+>
+> Summary:
+> --------
+>
+> QEMU i386 and x86_64 system emulation crash when executing the following
+> "int" instruction:
+>
+> cd08  int 8
+>
+> This generates a kernel NULL pointer dereference error in Linux, and a
+> BSOD error in Windows.
+>
+> No special permissions are required to execute the instruction, any
+> unprivileged user can execute it.
+> ...
+
+Funny. Does Qemu share code with VirtualBox? If so, a similar
+missing CPL==0 check was fixed in Virtualbox 7 years ago.
+
+https://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
+
+
+
+This should be fixed by this patch:
+https://<email address hidden>/
+
+
+https://git.qemu.org/?p=qemu.git;a=commitdiff;h=3df1a3d070575419859
+