Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263024AbUFNOX1 (ORCPT ); Mon, 14 Jun 2004 10:23:27 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263162AbUFNOWv (ORCPT ); Mon, 14 Jun 2004 10:22:51 -0400 Received: from adslemp-b3-117-218.telepac.pt ([213.13.117.218]:6293 "EHLO mail.paradigma.co.pt") by vger.kernel.org with ESMTP id S263024AbUFNOUJ (ORCPT ); Mon, 14 Jun 2004 10:20:09 -0400 Date: Mon, 14 Jun 2004 15:20:01 +0100 From: Nuno Monteiro To: Gianni Tedesco Cc: marcelo.tosatti@cyclades.com, linux-kernel@vger.kernel.org Subject: Re: Local DoS attack on i386 (was: new kernel bug) Message-ID: <20040614142001.GA3032@hobbes.itsari.int> References: <200406121159.28406.manuel@todo-linux.com> <1087221517.3375.3.camel@sherbert> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Disposition: inline Content-Transfer-Encoding: 7BIT In-Reply-To: <1087221517.3375.3.camel@sherbert> (from gianni@scaramanga.co.uk on Mon, Jun 14, 2004 at 14:58:37 +0100) X-Mailer: Balsa 2.0.15 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1793 Lines: 46 On 2004.06.14 14:58, Gianni Tedesco wrote: > On Sat, 2004-06-12 at 11:59 +0200, Manuel Arostegui Ramirez wrote: > > Somebody know a patch to solved this new bug? > > http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en > > Affected versions: > > * Linux 2.6.x > > o Linux 2.6.7-rc2 > > o Linux 2.6.6 (all versions) > > o Linux 2.6.6 SMP (verified by riven) > > o Linux 2.6.5-gentoo (verified by RatiX) > > o Linux 2.6.5-mm6 - (verified by Mariux) > > * Linux 2.4.2x > > o Linux 2.4.26 vanilla > > o Linux 2.4.26-rc1 vanilla > > o Linux 2.4.26-gentoo-r1 > > o Linux 2.4.22 > > Seems to be a scheduler race or something? > This was already fixed in 2.6, see http://linux.bkbits.net:8080/linux-2.5/diffs/include/asm-i386/i387.h@1.16?nav=index.html|src/.|src/include|src/include/asm-i386|hist/include/asm-i386/i387.h The same fix should be applied to 2.4. I'm running locally a very hacked version of 2.4.22 with it and it survives that crash.c program. Here's the diff. Marcelo, please merge. --- linux-2.4.27-pre5/include/asm-i386/i387.h~fix-x86-clear_fpu-macro 2004-06-14 15:12:13.909059344 +0100 +++ linux-2.4.27-pre5/include/asm-i386/i387.h 2004-06-14 15:12:45.970185312 +0100 @@ -34,7 +34,7 @@ extern void kernel_fpu_begin(void); #define clear_fpu( tsk ) do { \ if ( tsk->flags & PF_USEDFPU ) { \ - asm volatile("fwait"); \ + asm volatile("fnclex ; fwait"); \ tsk->flags &= ~PF_USEDFPU; \ stts(); \ } \ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/