Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 09 Nov 1997 15:34:27 -0800
From:      Cy Schubert - ITSD Open Systems Group <cschuber@uumail.gov.bc.ca>
To:        freebsd-security@freebsd.org
Cc:        security-officer@freebsd.org
Subject:   [linux-security] Perl script to locate F0 0F C7 C8 bombs
Message-ID:  <199711092335.PAA18013@cwsys.cwsent.com>

next in thread | raw e-mail | index | archive | help
Here's a little Perl script that may make postmortums a little easier.  
There's one error in it.  The line containing

if($data =~ /\xf0\x0f\xc7\xc8/) {

should be replaced with

if($data =~ /\xf0\x0f\xc7[\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf]/) {

as any LOCK CMPXCHG8B opcode with a direct register reference (invalid as cou 
cannot compare and swap a 64 bit value with a 32 bit value) will cause the P5 
chip hangs, e.g. LOCK CMPXCHG8B %EAX or LOCK CMPXCHG8B %EDX.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
UNIX Support                   OV/VM:  BCSC02(CSCHUBER)
ITSD                          BITNET:  CSCHUBER@BCSC02.BITNET
Government of BC            Internet:  cschuber@uumail.gov.bc.ca
                                       Cy.Schubert@gems8.gov.bc.ca

		"Quit spooling around, JES do it."


------- Forwarded Message

Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id 
OAA22578 for <cy@passer.osg.gov.bc.ca>; Sun, 9 Nov 1997 14:59:21 -0800 (PST)
X-UIDL: 879117126.003
Resent-Message-Id: <199711092259.OAA22578@passer.osg.gov.bc.ca>
Received: from localhost(127.0.0.1), claiming to be "passer.osg.gov.bc.ca"
 via SMTP by localhost, id smtpdaawBqa; Sun Nov  9 14:59:11 1997
Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.8.8/8.6.10) id 
OAA23054 for <cschuber@passer.osg.gov.bc.ca>; Sun, 9 Nov 1997 14:58:51 -0800 
(PST)
Received: from orca.gov.bc.ca(142.32.102.25)
 via SMTP by passer.osg.gov.bc.ca, id smtpdaawBga; Sun Nov  9 14:58:32 1997
Received: from mail2.redhat.com by orca.gov.bc.ca (5.4R3.10/200.1.1.4)
	id AA16352; Sun, 9 Nov 1997 14:58:31 -0800
Received: (qmail 10538 invoked by uid 501); 9 Nov 1997 22:58:29 -0000
Prev-Resent-Date: 9 Nov 1997 22:58:29 -0000
Prev-Resent-Cc: recipient.list.not.shown.;@uumail.gov.bc.ca
Mbox-Line: From linux-security-request@redhat.com  Sun Nov  9 17:58:28 1997
X-Pop3-Rcpt: t757607@helium
Date: Fri, 7 Nov 1997 13:03:23 -0800 (PST)
From: Sam Trenholme <set@reality.samiam.org>
To: linux-security@redhat.com
Message-Id: <Pine.LNX.3.95.971107125739.4153A-100000@reality.samiam.org>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Prev-Resent-Message-Id: <"uM3Km3.0.Ka2.K0aPq"@mail2.redhat.com>
Prev-Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
X-Mailing-List: <linux-security@redhat.com> archive/latest/341
X-Loop: linux-security@redhat.com
Precedence: list
Prev-Resent-Sender: linux-security-request@redhat.com
Subject: [linux-security] Perl script to locate F0 0F C7 C8 bombs
Resent-To: cy@passer.osg.gov.bc.ca
Resent-Date: Sun, 09 Nov 1997 14:59:10 -0800
Resent-From: Cy Schubert - ITSD Open Systems Group 
<cschuber@passer.osg.gov.bc.ca>


There is no known fix to the F0 0F C7 C8 bug at this time.  What can be
done, however, is run a program, such as the script after my signature, to
locate any and all such programs.  This script can be used in single
user mode after a mysterious lockup on a multiuser Pentium system.

I hope it is possible to come up with a software fix for this problem.

- - Sam

"You can...turn sadness into laughter" -- Sunscreem, _Love_U_More_

#!/usr/bin/perl 

# There is no known software fix to the F0 0F C7 C8 bug at this time

# usage: finddeath dir

# where dir is the directory you recursively look at all programs in
# for instances of the F0 0F C7 C8 sequence

# This script will search for programs with this sequence, which will
# help sysadmins take appropriate action against those running such
# programs

# This script is written (but has not been tested) in Perl4, to
# insure maximum compatibility 

sub findit {

  local($dir,$file,@files,$data) = @_;

  undef $/;

  if(!opendir(DIR,$dir)) {
    print STDERR "Can not open $dir: $!\n";
    return 0;
    }

  @files=readdir(DIR);

  foreach $file (@files) {
    if($file ne '.' && $file ne '..') {
      if( -f "$dir/$file" && open(FILE,"< $dir/$file")) {
        $data=<FILE>;
        if($data =~ /\xf0\x0f\xc7\xc8/) {
          print "$dir/$file contains F0 0F C7 C8\n";
          }
        } elsif( -d "$dir/$file") {
          &findit("$dir/$file");
        }
      }
    }

  }

$dir = shift || '/home';

&findit($dir);
    

- -- 
- ----------------------------------------------------------------------
Please refere to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
- ----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null



------- End of Forwarded Message






Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711092335.PAA18013>