From owner-freebsd-hackers  Thu Dec 11 22:10:57 1997
Return-Path: <owner-freebsd-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id WAA22125
          for hackers-outgoing; Thu, 11 Dec 1997 22:10:57 -0800 (PST)
          (envelope-from owner-freebsd-hackers)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id WAA22114
          for <hackers@FreeBSD.ORG>; Thu, 11 Dec 1997 22:10:46 -0800 (PST)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id WAA01136;
	Thu, 11 Dec 1997 22:08:42 -0800 (PST)
Message-Id: <199712120608.WAA01136@implode.root.com>
To: jak@cetlink.net (John Kelly)
cc: hackers@FreeBSD.ORG, torvalds@transmeta.com (Linus Torvalds)
Subject: Re: (fwd) Re: F00F bug *fixed* in 2.0.x kernels 
In-reply-to: Your message of "Fri, 12 Dec 1997 05:48:30 GMT."
             <3491cfe3.6774010@mail.cetlink.net> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Thu, 11 Dec 1997 22:08:42 -0800
Sender: owner-freebsd-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

>On 8 Dec 1997 23:11:24 GMT, in comp.os.linux.development.system
>torvalds@transmeta.com (Linus Torvalds) wrote:
...
>>>>> My ``fix'' is to have the IDT descriptor reference a segemnt
>>>>> which has a length of 0.  This has the effect of mapping SIGILL
>>>>> into SIGBUS, so that the `cmpxchg8' crash now generates a Bus
>>>>> error.  (I didn't bother returning the correct signal; it can
>>>>> probably be added if it is important) 
>
>This is indeed the "FreeBSD fix".
>
>The so-called "fix" doesn't work (it appears to, for simple exploits,
>but it doesn't), and I _told_ some FreeBSD people so: I even sent
>people a test-program that will still lock up a FreeBSD system with
>the "fix". 
>
>If they are indeed still using that fix, they are a sorry lot of
>incompetent idiots. 

   The fix that Linus is refering to is one of several that were evaluated
and rejected. The fix that we finally adopted in FreeBSD is the one that
involves making the IDT to read-only and catching the write fault that
occurs.

-DG

David Greenman
Core-team/Principal Architect, The FreeBSD Project