* new kernel bug
@ 2004-06-12 9:59 Manuel Arostegui Ramirez
2004-06-12 12:33 ` Kalin KOZHUHAROV
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
0 siblings, 2 replies; 12+ messages in thread
From: Manuel Arostegui Ramirez @ 2004-06-12 9:59 UTC (permalink / raw)
To: linux-kernel
Somebody know a patch to solved this new bug?
http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
Affected versions:
* Linux 2.6.x
o Linux 2.6.7-rc2
o Linux 2.6.6 (all versions)
o Linux 2.6.6 SMP (verified by riven)
o Linux 2.6.5-gentoo (verified by RatiX)
o Linux 2.6.5-mm6 - (verified by Mariux)
* Linux 2.4.2x
o Linux 2.4.26 vanilla
o Linux 2.4.26-rc1 vanilla
o Linux 2.4.26-gentoo-r1
o Linux 2.4.22
Cheers
--
Manuel Arostegui Ramirez #Linux Registered User 200896
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: new kernel bug
2004-06-12 9:59 new kernel bug Manuel Arostegui Ramirez
@ 2004-06-12 12:33 ` Kalin KOZHUHAROV
2004-06-12 12:42 ` Manuel Arostegui Ramirez
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
1 sibling, 1 reply; 12+ messages in thread
From: Kalin KOZHUHAROV @ 2004-06-12 12:33 UTC (permalink / raw)
To: Manuel Arostegui Ramirez; +Cc: LKML
Manuel Arostegui Ramirez wrote:
> Somebody know a patch to solved this new bug?
> http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
> Affected versions:
> * Linux 2.6.x
> o Linux 2.6.7-rc2
> o Linux 2.6.6 (all versions)
> o Linux 2.6.6 SMP (verified by riven)
> o Linux 2.6.5-gentoo (verified by RatiX)
> o Linux 2.6.5-mm6 - (verified by Mariux)
> * Linux 2.4.2x
> o Linux 2.4.26 vanilla
> o Linux 2.4.26-rc1 vanilla
> o Linux 2.4.26-gentoo-r1
> o Linux 2.4.22
>
> Cheers
>
Hey, I just crashed my system (2.6.6) as well :-(
Any more light on this?
Anybody, patches?
Kalin.
--
||///_ o *****************************
||//'_/> WWW: http://ThinRope.net/
|||\/<"
|||\\ '
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: new kernel bug
2004-06-12 12:33 ` Kalin KOZHUHAROV
@ 2004-06-12 12:42 ` Manuel Arostegui Ramirez
2004-06-12 13:37 ` David Connolly
2004-06-12 15:08 ` Han Boetes
0 siblings, 2 replies; 12+ messages in thread
From: Manuel Arostegui Ramirez @ 2004-06-12 12:42 UTC (permalink / raw)
To: Kalin KOZHUHAROV; +Cc: LKML
El Sábado 12 Junio 2004 14:33, Kalin KOZHUHAROV escribió:
> Manuel Arostegui Ramirez wrote:
> > Somebody know a patch to solved this new bug?
> > http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
> > Affected versions:
> > * Linux 2.6.x
> > o Linux 2.6.7-rc2
> > o Linux 2.6.6 (all versions)
> > o Linux 2.6.6 SMP (verified by riven)
> > o Linux 2.6.5-gentoo (verified by RatiX)
> > o Linux 2.6.5-mm6 - (verified by Mariux)
> > * Linux 2.4.2x
> > o Linux 2.4.26 vanilla
> > o Linux 2.4.26-rc1 vanilla
> > o Linux 2.4.26-gentoo-r1
> > o Linux 2.4.22
> >
> > Cheers
>
> Hey, I just crashed my system (2.6.6) as well :-(
>
> Any more light on this?
> Anybody, patches?
>
> Kalin.
I'm thinking about download patch-2.6.7-rc3, maybe it will fixed that bug.
Any ideas?
Manuel
--
Manuel Arostegui Ramirez #Linux Registered User 200896
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: new kernel bug
2004-06-12 12:42 ` Manuel Arostegui Ramirez
@ 2004-06-12 13:37 ` David Connolly
2004-06-12 15:08 ` Han Boetes
1 sibling, 0 replies; 12+ messages in thread
From: David Connolly @ 2004-06-12 13:37 UTC (permalink / raw)
To: Manuel Arostegui Ramirez; +Cc: LKML
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 12 June 2004 13:42, Manuel wrote:
> I'm thinking about download patch-2.6.7-rc3, maybe it will fixed that bug.
> Any ideas?
I use 2.6.7-rc2-mm2, and the crash.c program produces the console race,
2.6.7-rc3 maybe not worth the effort mate.
How would I go about trapping SIGFPE to prevent end users of login server
crashing the box, can anyone point me in the direction of advice? We really
don't want to have to disable user logins!
Thanks,
- -David Connolly
admin2 on netsoc-dkit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAywcjHyDWKYgIFNcRAkcKAJ9rrp7s2h5HZhVP9/7OpMtGzljgAACfaEIx
Ph+ubI+G3sJPC80AYhDqVnw=
=0EFM
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: new kernel bug
2004-06-12 15:08 ` Han Boetes
@ 2004-06-12 15:08 ` Manuel Arostegui Ramirez
0 siblings, 0 replies; 12+ messages in thread
From: Manuel Arostegui Ramirez @ 2004-06-12 15:08 UTC (permalink / raw)
To: Han Boetes, LKML
El Sábado 12 Junio 2004 17:08, Han Boetes escribió:
> Manuel Arostegui Ramirez wrote:
> > I'm thinking about download patch-2.6.7-rc3, maybe it will fixed that
> > bug.
>
> I just tried and 2.6.7-rc3 doesn't fix this bug. Ow well it's `just' a
> local crash. Annoying but not something big.
>
>
Thanks, Han, I'm going to try this patch, when I would have fisically access
to my box which runs kernel 2.4.20-8.
This is the orignaly thread for this discussion.
http://marc.theaimsgroup.com/?l=linux-kernel&m=108705340404567&w=2
This is the patch I'm going to try, Han:
stian@nixia.no wrote:
diff -ur linux-2.4.26/kernel/signal.c linux-2.4.26-fpuhotfix/kernel/signal.c
--- linux-2.4.26/kernel/signal.c 2004-02-18 14:36:32.000000000 +0100
+++ linux-2.4.26-fpuhotfix/kernel/signal.c 2004-06-12
15:26:10.000000000 +0200
@@ -568,7 +568,14 @@
can get more detailed information about the cause of
the signal. */
if (sig < SIGRTMIN && sigismember(&t->pending.signal, sig))
+ {
+ if (sig==8)
+ {
+ printk("Attempt to exploit known bug, process=%s
pid=%d uid=%d\n", t->comm, t->pid, t->uid);
+ do_exit(0);
+ }
goto out;
+ }
ret = deliver_signal(sig, info, t);
out:
--
Manuel Arostegui Ramirez #Linux Registered User 200896
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: new kernel bug
2004-06-12 12:42 ` Manuel Arostegui Ramirez
2004-06-12 13:37 ` David Connolly
@ 2004-06-12 15:08 ` Han Boetes
2004-06-12 15:08 ` Manuel Arostegui Ramirez
1 sibling, 1 reply; 12+ messages in thread
From: Han Boetes @ 2004-06-12 15:08 UTC (permalink / raw)
To: LKML
Manuel Arostegui Ramirez wrote:
> I'm thinking about download patch-2.6.7-rc3, maybe it will fixed that
> bug.
I just tried and 2.6.7-rc3 doesn't fix this bug. Ow well it's `just' a
local crash. Annoying but not something big.
# Han
^ permalink raw reply [flat|nested] 12+ messages in thread
* Local DoS attack on i386 (was: new kernel bug)
2004-06-12 9:59 new kernel bug Manuel Arostegui Ramirez
2004-06-12 12:33 ` Kalin KOZHUHAROV
@ 2004-06-14 13:58 ` Gianni Tedesco
2004-06-14 14:05 ` Gianni Tedesco
` (2 more replies)
1 sibling, 3 replies; 12+ messages in thread
From: Gianni Tedesco @ 2004-06-14 13:58 UTC (permalink / raw)
To: Manuel Arostegui Ramirez; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 870 bytes --]
On Sat, 2004-06-12 at 11:59 +0200, Manuel Arostegui Ramirez wrote:
> Somebody know a patch to solved this new bug?
> http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
> Affected versions:
> * Linux 2.6.x
> o Linux 2.6.7-rc2
> o Linux 2.6.6 (all versions)
> o Linux 2.6.6 SMP (verified by riven)
> o Linux 2.6.5-gentoo (verified by RatiX)
> o Linux 2.6.5-mm6 - (verified by Mariux)
> * Linux 2.4.2x
> o Linux 2.4.26 vanilla
> o Linux 2.4.26-rc1 vanilla
> o Linux 2.4.26-gentoo-r1
> o Linux 2.4.22
Seems to be a scheduler race or something?
--
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Local DoS attack on i386 (was: new kernel bug)
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
@ 2004-06-14 14:05 ` Gianni Tedesco
2004-06-14 14:08 ` Manuel Arostegui Ramirez
2004-06-14 14:20 ` Nuno Monteiro
2 siblings, 0 replies; 12+ messages in thread
From: Gianni Tedesco @ 2004-06-14 14:05 UTC (permalink / raw)
To: Manuel Arostegui Ramirez; +Cc: linux-kernel
[-- Attachment #1: Type: text/plain, Size: 432 bytes --]
On Mon, 2004-06-14 at 14:58 +0100, Gianni Tedesco wrote:
> Seems to be a scheduler race or something?
sysrq+t shows the offending task (freezes here, doesnt even print "Call
Trace:\n"):
evil R running 0 1964 1861 (NOTLB)
--
// Gianni Tedesco (gianni at scaramanga dot co dot uk)
lynx --source www.scaramanga.co.uk/scaramanga.asc | gpg --import
8646BE7D: 6D9F 2287 870E A2C9 8F60 3A3C 91B5 7669 8646 BE7D
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Local DoS attack on i386 (was: new kernel bug)
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
2004-06-14 14:05 ` Gianni Tedesco
@ 2004-06-14 14:08 ` Manuel Arostegui Ramirez
2004-06-14 14:20 ` Nuno Monteiro
2 siblings, 0 replies; 12+ messages in thread
From: Manuel Arostegui Ramirez @ 2004-06-14 14:08 UTC (permalink / raw)
To: Gianni Tedesco; +Cc: linux-kernel
El Lunes 14 Junio 2004 15:58, Gianni Tedesco escribió:
> On Sat, 2004-06-12 at 11:59 +0200, Manuel Arostegui Ramirez wrote:
> > Somebody know a patch to solved this new bug?
> > http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
> > Affected versions:
> > * Linux 2.6.x
> > o Linux 2.6.7-rc2
> > o Linux 2.6.6 (all versions)
> > o Linux 2.6.6 SMP (verified by riven)
> > o Linux 2.6.5-gentoo (verified by RatiX)
> > o Linux 2.6.5-mm6 - (verified by Mariux)
> > * Linux 2.4.2x
> > o Linux 2.4.26 vanilla
> > o Linux 2.4.26-rc1 vanilla
> > o Linux 2.4.26-gentoo-r1
> > o Linux 2.4.22
>
> Seems to be a scheduler race or something?
The timer and fpu stuff locks the console race, io-schedules also stops.
This seems serious.
Look at the original thread, it's called:
"timer + fpu stuff locks my console race"
Here you are:
http://marc.theaimsgroup.com/?l=linux-kernel&m=108704334308688&w=2
Cheers
--
Manuel Arostegui Ramirez #Linux Registered User 200896
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Local DoS attack on i386 (was: new kernel bug)
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
2004-06-14 14:05 ` Gianni Tedesco
2004-06-14 14:08 ` Manuel Arostegui Ramirez
@ 2004-06-14 14:20 ` Nuno Monteiro
2004-06-14 14:59 ` Manuel Arostegui Ramirez
2004-06-15 4:34 ` Local DoS attack on i386 Andre Tomt
2 siblings, 2 replies; 12+ messages in thread
From: Nuno Monteiro @ 2004-06-14 14:20 UTC (permalink / raw)
To: Gianni Tedesco; +Cc: marcelo.tosatti, linux-kernel
On 2004.06.14 14:58, Gianni Tedesco wrote:
> On Sat, 2004-06-12 at 11:59 +0200, Manuel Arostegui Ramirez wrote:
> > Somebody know a patch to solved this new bug?
> > http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.en
> > Affected versions:
> > * Linux 2.6.x
> > o Linux 2.6.7-rc2
> > o Linux 2.6.6 (all versions)
> > o Linux 2.6.6 SMP (verified by riven)
> > o Linux 2.6.5-gentoo (verified by RatiX)
> > o Linux 2.6.5-mm6 - (verified by Mariux)
> > * Linux 2.4.2x
> > o Linux 2.4.26 vanilla
> > o Linux 2.4.26-rc1 vanilla
> > o Linux 2.4.26-gentoo-r1
> > o Linux 2.4.22
>
> Seems to be a scheduler race or something?
>
This was already fixed in 2.6, see http://linux.bkbits.net:8080/linux-2.5/diffs/include/asm-i386/i387.h@1.16?nav=index.html|src/.|src/include|src/include/asm-i386|hist/include/asm-i386/i387.h
The same fix should be applied to 2.4. I'm running locally a very
hacked version of 2.4.22 with it and it survives that crash.c program.
Here's the diff. Marcelo, please merge.
--- linux-2.4.27-pre5/include/asm-i386/i387.h~fix-x86-clear_fpu-macro 2004-06-14 15:12:13.909059344 +0100
+++ linux-2.4.27-pre5/include/asm-i386/i387.h 2004-06-14 15:12:45.970185312 +0100
@@ -34,7 +34,7 @@ extern void kernel_fpu_begin(void);
#define clear_fpu( tsk ) do { \
if ( tsk->flags & PF_USEDFPU ) { \
- asm volatile("fwait"); \
+ asm volatile("fnclex ; fwait"); \
tsk->flags &= ~PF_USEDFPU; \
stts(); \
} \
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Local DoS attack on i386 (was: new kernel bug)
2004-06-14 14:20 ` Nuno Monteiro
@ 2004-06-14 14:59 ` Manuel Arostegui Ramirez
2004-06-15 4:34 ` Local DoS attack on i386 Andre Tomt
1 sibling, 0 replies; 12+ messages in thread
From: Manuel Arostegui Ramirez @ 2004-06-14 14:59 UTC (permalink / raw)
To: Nuno Monteiro, Gianni Tedesco; +Cc: marcelo.tosatti, linux-kernel
El Lunes 14 Junio 2004 16:20, Nuno Monteiro escribió:
> On 2004.06.14 14:58, Gianni Tedesco wrote:
> > On Sat, 2004-06-12 at 11:59 +0200, Manuel Arostegui Ramirez wrote:
> > > Somebody know a patch to solved this new bug?
> > > http://reviewed.homelinux.org/news/2004-06-11_kernel_crash/index.html.e
> > >n Affected versions:
> > > * Linux 2.6.x
> > > o Linux 2.6.7-rc2
> > > o Linux 2.6.6 (all versions)
> > > o Linux 2.6.6 SMP (verified by riven)
> > > o Linux 2.6.5-gentoo (verified by RatiX)
> > > o Linux 2.6.5-mm6 - (verified by Mariux)
> > > * Linux 2.4.2x
> > > o Linux 2.4.26 vanilla
> > > o Linux 2.4.26-rc1 vanilla
> > > o Linux 2.4.26-gentoo-r1
> > > o Linux 2.4.22
> >
> > Seems to be a scheduler race or something?
>
> This was already fixed in 2.6, see
> http://linux.bkbits.net:8080/linux-2.5/diffs/include/asm-i386/i387.h@1.16?n
>av=index.html|src/.|src/include|src/include/asm-i386|hist/include/asm-i386/i
>387.h
>
>
> The same fix should be applied to 2.4. I'm running locally a very
> hacked version of 2.4.22 with it and it survives that crash.c program.
>
> Here's the diff. Marcelo, please merge.
>
>
> ---
> linux-2.4.27-pre5/include/asm-i386/i387.h~fix-x86-clear_fpu-macro 2004-06-1
>4 15:12:13.909059344 +0100 +++
> linux-2.4.27-pre5/include/asm-i386/i387.h 2004-06-14 15:12:45.970185312
> +0100 @@ -34,7 +34,7 @@ extern void kernel_fpu_begin(void);
>
> #define clear_fpu( tsk ) do { \
> if ( tsk->flags & PF_USEDFPU ) { \
> - asm volatile("fwait"); \
> + asm volatile("fnclex ; fwait"); \
> tsk->flags &= ~PF_USEDFPU; \
> stts(); \
> } \
> -
This diff fixed the bug in 2.4.X?
Thanks, Nuno, I'm going to apply it.
Best Regards
--
Manuel Arostegui Ramirez #Linux Registered User 200896
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: Local DoS attack on i386
2004-06-14 14:20 ` Nuno Monteiro
2004-06-14 14:59 ` Manuel Arostegui Ramirez
@ 2004-06-15 4:34 ` Andre Tomt
1 sibling, 0 replies; 12+ messages in thread
From: Andre Tomt @ 2004-06-15 4:34 UTC (permalink / raw)
To: linux-kernel; +Cc: Nuno Monteiro, Gianni Tedesco, marcelo.tosatti
Nuno Monteiro wrote:
> The same fix should be applied to 2.4. I'm running locally a very
> hacked version of 2.4.22 with it and it survives that crash.c program.
>
> Here's the diff. Marcelo, please merge.
>
>
> --- linux-2.4.27-pre5/include/asm-i386/i387.h~fix-x86-clear_fpu-macro 2004-06-14 15:12:13.909059344 +0100
> +++ linux-2.4.27-pre5/include/asm-i386/i387.h 2004-06-14 15:12:45.970185312 +0100
> @@ -34,7 +34,7 @@ extern void kernel_fpu_begin(void);
>
> #define clear_fpu( tsk ) do { \
> if ( tsk->flags & PF_USEDFPU ) { \
> - asm volatile("fwait"); \
> + asm volatile("fnclex ; fwait"); \
> tsk->flags &= ~PF_USEDFPU; \
> stts(); \
> } \
You're missing x86-64.
Complete patches are up at <http://tomt.net/kernel/clear_fpu/> - these
covers 2.4 and 2.6, plus i386 and x86-64.
But I guess Marcelo would want the x86-64 part to come through ak.
--
Cheers,
André Tomt
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2004-06-15 4:34 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-06-12 9:59 new kernel bug Manuel Arostegui Ramirez
2004-06-12 12:33 ` Kalin KOZHUHAROV
2004-06-12 12:42 ` Manuel Arostegui Ramirez
2004-06-12 13:37 ` David Connolly
2004-06-12 15:08 ` Han Boetes
2004-06-12 15:08 ` Manuel Arostegui Ramirez
2004-06-14 13:58 ` Local DoS attack on i386 (was: new kernel bug) Gianni Tedesco
2004-06-14 14:05 ` Gianni Tedesco
2004-06-14 14:08 ` Manuel Arostegui Ramirez
2004-06-14 14:20 ` Nuno Monteiro
2004-06-14 14:59 ` Manuel Arostegui Ramirez
2004-06-15 4:34 ` Local DoS attack on i386 Andre Tomt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox