Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S264864AbUFLQPn (ORCPT ); Sat, 12 Jun 2004 12:15:43 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S264869AbUFLQPn (ORCPT ); Sat, 12 Jun 2004 12:15:43 -0400 Received: from nepa.nlc.no ([195.159.31.6]:55998 "HELO nepa.nlc.no") by vger.kernel.org with SMTP id S264864AbUFLQPk (ORCPT ); Sat, 12 Jun 2004 12:15:40 -0400 Message-ID: <1855.83.109.11.80.1087056930.squirrel@nepa.nlc.no> In-Reply-To: <200406121720.54123.spam@capitanio.org> References: <20040612134413.GA3396@sirius.home> <1087050351.707.5.camel@boxen> <1734.83.109.11.80.1087051353.squirrel@nepa.nlc.no> <200406121720.54123.spam@capitanio.org> Date: Sat, 12 Jun 2004 18:15:30 +0200 (CEST) Subject: Re: timer + fpu stuff locks up computer From: stian@nixia.no To: "martin capitanio" Cc: stian@nixia.no, linux-kernel@vger.kernel.org User-Agent: SquirrelMail/1.4.0-1 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 X-Priority: 3 Importance: Normal Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2489 Lines: 66 >> Does the other dirty nasty patch work for you? > --- linux-2.6.6-rc3-mm1/kernel/signal.c 2004-06-09 18:36:12.000000000 > +0200 > +++ linux-2.6.6-rc3-mm1-fpuhotfix/kernel/signal.c 2004-06-12 > 18:10:31.573001808 +0200 > @@ -799,7 +799,15 @@ > can get more detailed information about the cause of > the signal. */ > if (LEGACY_QUEUE(&t->pending, sig)) > + { > + if (sig==8) > + { > + printk("Attempt to exploit known bug, process=%s pid=%p > uid=%d\n", > + t->comm, t->pid, t->uid); > + do_exit(0); > + } > goto out; > + } > > ret = send_signal(sig, info, t, &t->pending); > if (!ret && !sigismember(&t->blocked, sig)) > > 2.6.7-rc4-mm1-fpuhotfix: > user$ ./evil > ........................*............................................... > ......................* > Attempt to exploit known bug, process=evil pid=00000aa6 uid=1000 > note: evil[2726] exited with preempt_count 2 > bad: scheduling while atomic! > [] schedule+0x4b5/0x4c0 > [] zap_pmd_range+0x4b/0x70 > [] unmap_page_range+0x3d/0x70 > [] unmap_vmas+0x1ab/0x1c0 > [] exit_mmap+0x79/0x150 > [] mmput+0x5e/0xa0 > [] do_exit+0x153/0x3e0 > [] specific_send_sig_info+0xff/0x100 > [] force_sig_info+0x42/0x90 > [] do_coprocessor_error+0x0/0x20 > [] math_error+0xde/0x160 > [] restore_i387_fxsave+0x26/0xa0 > [] write_chan+0x18c/0x250 > [] default_wake_function+0x0/0x10 > [] default_wake_function+0x0/0x10 > [] error_code+0x2d/0x38 > [] restore_i387_fxsave+0x26/0xa0 > [] restore_i387+0x8c/0x90 > [] restore_sigcontext+0x114/0x130 > [] sys_sigreturn+0xb3/0xd0 > [] syscall_call+0x7/0xb > > but it keeps the kernel alive :-) The hotfix should probably me moved to arch/i386/traps.c before we start to due atomic locks, sinse it is beond dirty to kill the process here when we have locked down resources. But the best would be to fix the problem-source, since this is just a workaround. Stian Skjelstad - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/