diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-07-03 19:39:53 +0200 |
| commit | dee4dcba78baf712cab403d47d9db319ab7f95d6 (patch) | |
| tree | 418478faf06786701a56268672f73d6b0b4eb239 /results/classifier/118/assembly-x86 | |
| parent | 4d9e26c0333abd39bdbd039dcdb30ed429c475ba (diff) | |
| download | qemu-analysis-dee4dcba78baf712cab403d47d9db319ab7f95d6.tar.gz qemu-analysis-dee4dcba78baf712cab403d47d9db319ab7f95d6.zip | |
restructure results
Diffstat (limited to 'results/classifier/118/assembly-x86')
| -rw-r--r-- | results/classifier/118/assembly-x86/1377 | 74 | ||||
| -rw-r--r-- | results/classifier/118/assembly-x86/1824344 | 118 |
2 files changed, 0 insertions, 192 deletions
diff --git a/results/classifier/118/assembly-x86/1377 b/results/classifier/118/assembly-x86/1377 deleted file mode 100644 index 5f1dd9fc0..000000000 --- a/results/classifier/118/assembly-x86/1377 +++ /dev/null @@ -1,74 +0,0 @@ -x86: 0.997 -i386: 0.900 -assembly: 0.847 -architecture: 0.838 -device: 0.773 -vnc: 0.768 -graphic: 0.742 -kernel: 0.698 -ppc: 0.615 -risc-v: 0.554 -debug: 0.506 -boot: 0.462 -socket: 0.412 -permissions: 0.405 -arm: 0.386 -TCG: 0.372 -PID: 0.328 -KVM: 0.326 -semantic: 0.321 -performance: 0.309 -network: 0.279 -VMM: 0.264 -hypervisor: 0.205 -virtual: 0.186 -peripherals: 0.177 -files: 0.113 -register: 0.113 -mistranslation: 0.073 -user-level: 0.021 --------------------- -x86: 1.000 -i386: 0.977 -assembly: 0.946 -debug: 0.242 -kernel: 0.071 -TCG: 0.049 -semantic: 0.042 -risc-v: 0.034 -virtual: 0.033 -user-level: 0.033 -register: 0.029 -hypervisor: 0.027 -files: 0.025 -performance: 0.024 -device: 0.012 -PID: 0.012 -network: 0.012 -architecture: 0.010 -peripherals: 0.009 -boot: 0.005 -permissions: 0.003 -socket: 0.002 -VMM: 0.001 -graphic: 0.001 -vnc: 0.001 -KVM: 0.001 -mistranslation: 0.001 -ppc: 0.000 -arm: 0.000 - -x86 CVT* series instructions fault -Description of problem: -For example, CVTSD2SS instruction converts SRC[63:0] double precision floating point to DEST[31:0] single precision floating point. Although the CVTSD2SS instruction uses only 8 bytes, if it overlaps page boundary, I think QEMU tries to access over the valid memory and crashes. -Steps to reproduce: -1. Compile this code -``` -void main() { - mmap(0x555555559000, 0x1000, flag, ~~, 0); - asm("cvtsd2ss xmm1, qword ptr [0x555555559ff8]"); -} -``` -2. Execute. QEMU crashes but CPU does not. -Additional information: -This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/118/assembly-x86/1824344 b/results/classifier/118/assembly-x86/1824344 deleted file mode 100644 index 0de0a16c4..000000000 --- a/results/classifier/118/assembly-x86/1824344 +++ /dev/null @@ -1,118 +0,0 @@ -x86: 0.950 -i386: 0.943 -kernel: 0.896 -assembly: 0.842 -architecture: 0.838 -ppc: 0.779 -register: 0.635 -device: 0.543 -semantic: 0.396 -PID: 0.373 -files: 0.369 -network: 0.367 -socket: 0.356 -risc-v: 0.322 -performance: 0.315 -boot: 0.303 -virtual: 0.252 -vnc: 0.251 -permissions: 0.246 -graphic: 0.236 -debug: 0.226 -arm: 0.215 -mistranslation: 0.196 -user-level: 0.196 -TCG: 0.164 -hypervisor: 0.151 -VMM: 0.151 -peripherals: 0.114 -KVM: 0.008 --------------------- -x86: 0.996 -debug: 0.929 -i386: 0.906 -virtual: 0.269 -assembly: 0.120 -files: 0.033 -kernel: 0.017 -hypervisor: 0.016 -semantic: 0.012 -PID: 0.010 -user-level: 0.007 -architecture: 0.007 -performance: 0.007 -network: 0.006 -graphic: 0.005 -TCG: 0.004 -register: 0.004 -socket: 0.002 -device: 0.002 -boot: 0.002 -VMM: 0.001 -ppc: 0.001 -permissions: 0.001 -KVM: 0.001 -peripherals: 0.001 -vnc: 0.000 -mistranslation: 0.000 -risc-v: 0.000 -arm: 0.000 - -x86: retf or iret pagefault sets wrong error code - -With a x86_64 or i386 guest, non-KVM, when trying to execute a -"iret/iretq/retf" instruction in userspace with invalid stack pointer -(under a protected mode OS, like Linux), wrong bits are set in the -pushed error code; bit 2 is not set, indicating the error comes from -kernel space. - -If the guest OS is using this flag to decide whether this was a kernel -or user page fault, it will mistakenly decide a kernel has irrecoverably -faulted, possibly causing guest OS panic. - - -How to reproduce the problem a guest (non-KVM) Linux: -Note, on recent Linux kernel version, this needs a CPU with SMAP support -(eg. -cpu max) - -$ cat tst.c -int main() -{ -__asm__ volatile ( -"mov $0,%esp\n" -"retf" -); -return 0; -} - -$ gcc tst.c -$ ./a.out -Killed - - -"dmesg" shows the kernel has in fact triggered a "BUG: unable to handle -kernel NULL pointer dereference...", but it has "recovered" by killing -the faulting process (see attached screenshot). - - -Using self-compiled qemu from git: -commit 532cc6da74ec25b5ba6893b5757c977d54582949 (HEAD -> master, tag: v4.0.0-rc3, origin/master, origin/HEAD) -Author: Peter Maydell <email address hidden> -Date: Wed Apr 10 15:38:59 2019 +0100 - - Update version for v4.0.0-rc3 release - - Signed-off-by: Peter Maydell <email address hidden> - - - -This appears to be similar to https://bugs.launchpad.net/qemu/+bug/1866892 (and much simpler) - - -This is an automated cleanup. This bug report has been moved to QEMU's -new bug tracker on gitlab.com and thus gets marked as 'expired' now. -Please continue with the discussion here: - - https://gitlab.com/qemu-project/qemu/-/issues/265 - - |