Re: timer + fpu stuff locks up computer

From: stian
Date: Sat Jun 12 2004 - 11:19:32 EST

Next message: Dave Clendenan: "error in linux kernel source file istallion.c"
Previous message: Tim Schmielau: "[patch] BSD accounting format rework (testers wanted!)"
In reply to: martin capitanio: "Re: timer + fpu stuff locks up computer"
Next in thread: Sergey Vlasov: "Re: timer + fpu stuff locks up computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> Does the other dirty nasty patch work for you?
> --- linux-2.6.6-rc3-mm1/kernel/signal.c 2004-06-09 18:36:12.000000000
> +0200
> +++ linux-2.6.6-rc3-mm1-fpuhotfix/kernel/signal.c 2004-06-12
> 18:10:31.573001808 +0200
> @@ -799,7 +799,15 @@
> can get more detailed information about the cause of
> the signal. */
> if (LEGACY_QUEUE(&t->pending, sig))
> + {
> + if (sig==8)
> + {
> + printk("Attempt to exploit known bug, process=%s pid=%p
> uid=%d\n",
> + t->comm, t->pid, t->uid);
> + do_exit(0);
> + }
> goto out;
> + }
>
> ret = send_signal(sig, info, t, &t->pending);
> if (!ret && !sigismember(&t->blocked, sig))
>
> 2.6.7-rc4-mm1-fpuhotfix:
> user$ ./evil
> ........................*...............................................
> ......................*
> Attempt to exploit known bug, process=evil pid=00000aa6 uid=1000
> note: evil[2726] exited with preempt_count 2
> bad: scheduling while atomic!
> [<c032a045>] schedule+0x4b5/0x4c0
> [<c01435cb>] zap_pmd_range+0x4b/0x70
> [<c014362d>] unmap_page_range+0x3d/0x70
> [<c014380b>] unmap_vmas+0x1ab/0x1c0
> [<c0147639>] exit_mmap+0x79/0x150
> [<c01184ee>] mmput+0x5e/0xa0
> [<c011c523>] do_exit+0x153/0x3e0
> [<c0122e6f>] specific_send_sig_info+0xff/0x100
> [<c0122eb2>] force_sig_info+0x42/0x90
> [<c0105be0>] do_coprocessor_error+0x0/0x20
> [<c0105b5e>] math_error+0xde/0x160
> [<c010b0f6>] restore_i387_fxsave+0x26/0xa0
> [<c0222c8c>] write_chan+0x18c/0x250
> [<c01170e0>] default_wake_function+0x0/0x10
> [<c01170e0>] default_wake_function+0x0/0x10
> [<c0104a05>] error_code+0x2d/0x38
> [<c010b0f6>] restore_i387_fxsave+0x26/0xa0
> [<c010b1fc>] restore_i387+0x8c/0x90
> [<c0103434>] restore_sigcontext+0x114/0x130
> [<c0103503>] sys_sigreturn+0xb3/0xd0
> [<c0103f6b>] syscall_call+0x7/0xb
>
> but it keeps the kernel alive :-)

The hotfix should probably me moved to arch/i386/traps.c before we start
to due atomic locks, sinse it is beond dirty to kill the process here when
we have locked down resources. But the best would be to fix the
problem-source, since this is just a workaround.

Stian Skjelstad
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Dave Clendenan: "error in linux kernel source file istallion.c"
Previous message: Tim Schmielau: "[patch] BSD accounting format rework (testers wanted!)"
In reply to: martin capitanio: "Re: timer + fpu stuff locks up computer"
Next in thread: Sergey Vlasov: "Re: timer + fpu stuff locks up computer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]