New Kernel Crash-Exploit discovered
Brian Hirt
bhirt at mobygames.com
Tue Jun 15 15:25:24 UTC 2004
On Jun 15, 2004, at 8:36 AM, Simon Weller wrote:
>> Signed-Off-By: Sergey Vlasov <vsu altlinux ru>
>>
>> --- linux-2.6.6/include/asm-i386/i387.h.fp-lockup 2004-05-10
>> 06:33:06
>> +0400
>> +++ linux-2.6.6/include/asm-i386/i387.h 2004-06-12 22:02:58 +0400
>> @@ -48,10 +48,17 @@
>> save_init_fpu( tsk ); \
>> } while (0)
>>
>> +/*
>> + * There might be some pending exceptions in the FP state at this
>> point.
>> + * However, it is too late to report them: this code is called
>> during .execve()
>> + * (when the original executable is already gone) and during
>> sigreturn()
>> (when
>> + * the signal handler context is already lost). So just clear them
>> to
>> prevent
>> + * problems later.
>> + */
>> #define __clear_fpu( tsk ) \
>> do { \
>> if ((tsk)->thread_info->status & TS_USEDFPU) { \
>> - asm volatile("fwait"); \
>> + asm volatile("fnclex"); \
>>
the patch quoted in this message is different than the one linus
approved:
http://linux.bkbits.net:8080/linux-2.4/
gnupatch%4040cdf6f8V7sOe5n96HA5Q7r9uDRvJQ
#define clear_fpu( tsk ) do { \
if ( tsk->flags & PF_USEDFPU ) { \
- asm volatile("fwait"); \
+ asm volatile("fnclex ; fwait"); \
tsk->flags &= ~PF_USEDFPU; \
stts(); \
} \
More information about the fedora-legacy-list
mailing list