summary refs log tree commit diff stats
path: root/results/classifier/semantic-bugs/instruction/1824344
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/semantic-bugs/instruction/1824344')
-rw-r--r--results/classifier/semantic-bugs/instruction/182434471
1 files changed, 0 insertions, 71 deletions
diff --git a/results/classifier/semantic-bugs/instruction/1824344 b/results/classifier/semantic-bugs/instruction/1824344
deleted file mode 100644
index 9886d36a..00000000
--- a/results/classifier/semantic-bugs/instruction/1824344
+++ /dev/null
@@ -1,71 +0,0 @@
-instruction: 0.928
-assembly: 0.842
-device: 0.543
-semantic: 0.396
-network: 0.367
-socket: 0.356
-other: 0.327
-boot: 0.303
-vnc: 0.251
-graphic: 0.236
-mistranslation: 0.196
-KVM: 0.008
-
-x86: retf or iret pagefault sets wrong error code
-
-With a x86_64 or i386 guest, non-KVM, when trying to execute a
-"iret/iretq/retf" instruction in userspace with invalid stack pointer
-(under a protected mode OS, like Linux), wrong bits are set in the
-pushed error code; bit 2 is not set, indicating the error comes from
-kernel space.
-
-If the guest OS is using this flag to decide whether this was a kernel
-or user page fault, it will mistakenly decide a kernel has irrecoverably
-faulted, possibly causing guest OS panic.
-
-
-How to reproduce the problem a guest (non-KVM) Linux:
-Note, on recent Linux kernel version, this needs a CPU with SMAP support
-(eg. -cpu max)
-
-$ cat tst.c
-int main()
-{
-__asm__ volatile (
-"mov $0,%esp\n"
-"retf"
-);
-return 0;
-}
-
-$ gcc tst.c
-$ ./a.out
-Killed
-
-
-"dmesg" shows the kernel has in fact triggered a "BUG: unable to handle
-kernel NULL pointer dereference...", but it has "recovered" by killing
-the faulting process (see attached screenshot).
-
-
-Using self-compiled qemu from git:
-commit 532cc6da74ec25b5ba6893b5757c977d54582949 (HEAD -> master, tag: v4.0.0-rc3, origin/master, origin/HEAD)
-Author: Peter Maydell <email address hidden>
-Date:   Wed Apr 10 15:38:59 2019 +0100
-
-    Update version for v4.0.0-rc3 release
-    
-    Signed-off-by: Peter Maydell <email address hidden>
-
-
-
-This appears to be similar to https://bugs.launchpad.net/qemu/+bug/1866892 (and much simpler)
-
-
-This is an automated cleanup. This bug report has been moved to QEMU's
-new bug tracker on gitlab.com and thus gets marked as 'expired' now.
-Please continue with the discussion here:
-
- https://gitlab.com/qemu-project/qemu/-/issues/265
-
-