summary refs log tree commit diff stats
path: root/results/classifier/118/x86/1883739
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/x86/1883739')
-rw-r--r--results/classifier/118/x86/188373969
1 files changed, 69 insertions, 0 deletions
diff --git a/results/classifier/118/x86/1883739 b/results/classifier/118/x86/1883739
new file mode 100644
index 000000000..38522922c
--- /dev/null
+++ b/results/classifier/118/x86/1883739
@@ -0,0 +1,69 @@
+x86: 0.885
+graphic: 0.826
+files: 0.809
+performance: 0.804
+KVM: 0.786
+hypervisor: 0.770
+peripherals: 0.751
+device: 0.749
+permissions: 0.733
+ppc: 0.731
+kernel: 0.727
+network: 0.709
+assembly: 0.684
+architecture: 0.677
+mistranslation: 0.659
+PID: 0.659
+socket: 0.652
+boot: 0.626
+i386: 0.615
+register: 0.609
+debug: 0.609
+semantic: 0.601
+VMM: 0.600
+risc-v: 0.597
+TCG: 0.596
+arm: 0.593
+vnc: 0.586
+user-level: 0.517
+virtual: 0.267
+
+ide_dma_cb: Assertion `prep_size >= 0 && prep_size <= n * 512' failed.
+
+To reproduce run the QEMU with the following command line:
+```
+qemu-system-x86_64 -cdrom hypertrash.iso -nographic -m 100 -enable-kvm -net none -drive id=disk,file=hda.img,if=none -device ahci,id=ahci -device ide-hd,drive=disk,bus=ahci.0
+```
+
+QEMU Version:
+```
+# qemu-5.0.0
+$ ./configure --target-list=x86_64-softmmu --enable-sanitizers; make
+$ x86_64-softmmu/qemu-system-x86_64 --version
+QEMU emulator version 5.0.0
+Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
+```
+
+To create disk image run:
+```
+dd if=/dev/zero of=hda.img bs=1024 count=1024
+```
+
+
+
+ACK. I do not have time to fix this bug at the moment under the belief that it's likely low-priority and only "misbehaving guests" can trigger it. Some advice:
+
+1. Do not use IDE in production deployments after initial installation, if you can help it. Use a performant virtio solution.
+
+2. If anyone would like to fix this problem, I will be more than happy to point you to the exact lines of code that cause the problem. I think the fix will be easy, but testing will be time-consuming as it involves understanding error behavior of real hardware that I don't personally have the setup to quickly test or verify.
+
+From memory: the problem is that ide_dma_cb expects that it was able to prepare at least one sector's worth of scatter-gather list to begin DMA, but it's possible to give malformed SG lists where IDE is unable to process the remainder of a sector in a list.
+
+It was not clear to me at the time when I first investigated this what a real controller would do if it got an incomplete sector and how it should signal that.
+
+It was also not clear to me if the sg_prepare function for the pci bmdma controller would ever encounter a situation where further entries in the list might be received "later" and we should "wait" for them.
+
+If this bug is more dangerous than a self-inflicted DOS, please let me know and I'll re-prioritize. Patches, email and IRC chats welcome.
+
+--js
+