easy way to create random kernel mem corruption

David S. Miller (davem@jenolan.rutgers.edu)
Sat, 22 Mar 1997 22:27:54 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: J. Sean Connell: "Re: Two comments/fixes for pre-2.0.30"
Previous message: Gerry S Hayes: "Re: Two comments/fixes for pre-2.0.30"

Simple, under current 2.1.x write lots of stuff to /dev/random, writes
all over past the top of the kernel stack etc. ;-)
(NOTE: sun4c mmu page protected kernel stacks on Sparc are what caught
this one, there any writes over/under the kernel stack limits will
essentially reset the cpu...)

The following should be the fix.

--- drivers/char/random.c.~1~ Thu Mar 20 18:17:41 1997
+++ drivers/char/random.c Sat Mar 22 22:19:01 1997
@@ -1162,7 +1162,7 @@
p += bytes;
ret += bytes;

- i = (c+sizeof(__u32)-1) / sizeof(__u32);
+ i = (bytes+sizeof(__u32)-1) / sizeof(__u32);
while (i--)
add_entropy_word(&random_state, buf[i]);
}

Next message: J. Sean Connell: "Re: Two comments/fixes for pre-2.0.30"
Previous message: Gerry S Hayes: "Re: Two comments/fixes for pre-2.0.30"