Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hypervisor crash when run syz_ic_set_callback_vector.(1.0 Stable) #4092

Closed
Mingyuan18 opened this issue Nov 12, 2019 · 2 comments
Closed

Hypervisor crash when run syz_ic_set_callback_vector.(1.0 Stable) #4092

Mingyuan18 opened this issue Nov 12, 2019 · 2 comments
Assignees
@yonghuah
Labels
priority: P2-High type: bug Something isn't working

Comments

@Mingyuan18
Copy link

1.Environment
[Board]: APL UP2
root@clr-b1b5101306fd4a3a803cf1050b4893f0~ # swupd info
Installed version: 30440
root@clr-19296a3ecf5b4723adce369a5c1807d2~ # uname -a
Linux clr-19296a3ecf5b4723adce369a5c1807d2 4.19.40-quilt-2e5dc0ac-dirty #1 SMP PREEMPT Mon Jul 22 03:38:56 UTC 2019 x86_64 GNU/Linux
root@clr-19296a3ecf5b4723adce369a5c1807d2~ # acrn-dm -v
DM version is: 1.2-unstable-c1b4121e-dirty (daily tag:acrn-2019w29.4-140000p), build by root@2019-07-22 03:45:04
Tools setup wiki: https://wiki.ith.intel.com/display/OTCCWPQA/syzkaller+enabling+on+ACRN
We used Syzkaller ran with hypercall unit tests to do Fuzzing test for ACRN, which ran on SOS and communicate with DM process by socket.
"enable_syscalls":[ "syz_ic_inject_msi", "syz_ic_vm_intr_monitor", "syz_ic_set_irqline","syz_ic_sos_offline_cpu","syz_ic_set_callback_vector","syz_ic_clear_vm_ioreq" ],
2. Reproduce Steps
setup env with wiki: And sync latest ACRN code and fuzzing tool code to your host
apply patch_for_fuzzing_on_dm.txt to devicemodel, and build images
modify acrn_build.sh based your own environment, and run it to rebuild syzkaller tool
flash images, and then make uos autoboot, remove sos password, crashlogctl enable
use acrn.cfg (modify the ip to your own ip) to run syzkaller cases: ./bin/syz-manager -config=acrn.cfg --debug

  1. Expected result:
    Hypervisor not crashed not hang, and SUT works well

  2. Current result:
    After run: ./bin/syz-manager -config=acrn.cfg --debug
    Hypervisor hang.
@Mingyuan18
Copy link
Author

[External_System_ID] ACRN-5660

@Mingyuan18 Mingyuan18 added priority: P2-High type: bug Something isn't working labels Nov 12, 2019
yonghuah added a commit to yonghuah/acrn-hypervisor that referenced this issue Nov 13, 2019
@yonghuah
hv: fix error debug message in hcall_set_callback_vector
3461132 
 this patch is to fix error debug message
 for invalid 'param' case, there is no string
 variable for '%s' output, which will potenially
 trigger hypervisor crash as it may access random
 memroy address and trigger SMAP violation.

Tracked-On: projectacrn#4092
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
wenlingz pushed a commit that referenced this issue Nov 18, 2019
@yonghuah @wenlingz
hv: fix error debug message in hcall_set_callback_vector
2e054f6 
 this patch is to fix error debug message
 for invalid 'param' case, there is no string
 variable for '%s' output, which will potenially
 trigger hypervisor crash as it may access random
 memroy address and trigger SMAP violation.

Tracked-On: #4092
Signed-off-by: Yonghua Huang <yonghua.huang@intel.com>
@Mingyuan18
Copy link
Author

Integration test Passed , so close this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yonghuah yonghuah

Labels
priority: P2-High type: bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yonghuah @Mingyuan18