QEMU

  1. Bug #1918917
  2. Comment #5

Comment 5 for bug 1918917

Revision history for this message
Dmitry Vyukov (dvyukov) wrote : Re: synchronous about on accessing unused I/O ports on aarch64

The image is (gunzip it after download):
https://storage.googleapis.com/syzkaller/images/buildroot-arm64-2020.11.gz

Kernel:
https://storage.googleapis.com/syzkaller/temp/arm64-Image

qemu command line:

qemu-system-aarch64 \
 -machine virt,virtualization=on,graphics=on,usb=on -cpu cortex-a57 -smp 2 -m 2G \
 -device virtio-blk-device,drive=hd0 \
 -drive if=none,format=raw,id=hd0,file=buildroot-arm64-2020.11 \
 -kernel arm64-Image \
 -nographic \
 -device virtio-rng-pci \
 -net user,host=10.0.2.10,hostfwd=tcp::10022-:22 -net nic,model=virtio-net-pci \
 -append "root=/dev/vda earlyprintk=serial console=ttyAMA0 earlycon"

Reproducer:

#include <stdlib.h>
#include <string.h>
#include <sys/syscall.h>
#include <sys/types.h>
#include <unistd.h>

int main(void)
{
  int fd = syscall(__NR_openat, 0xffffffffffffff9cul, "/dev/ttyS3", 0ul, 0ul);
  char ch = 0;
  syscall(__NR_ioctl, fd, 0x5412, &ch); // TIOCSTI
  return 0;
}

Build with:
arch64-linux-gnu-gcc prog.c -static

scp to the VM and run. The image has password-less root ssh.