Date: Fri, 12 Dec 1997 07:21:58 -0500 (EST) From: "David E. Cross" <dec@phoenix.its.rpi.edu> To: John Kelly <jak@cetlink.net> Cc: hackers@FreeBSD.ORG Subject: Re: (fwd) Re: F00F bug *fixed* in 2.0.x kernels Message-ID: <Pine.BSF.3.96.971212071820.332A-100000@phoenix.its.rpi.edu> In-Reply-To: <3491cfe3.6774010@mail.cetlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 12 Dec 1997, John Kelly wrote: > On 8 Dec 1997 23:11:24 GMT, in comp.os.linux.development.system > torvalds@transmeta.com (Linus Torvalds) wrote: > > In article <vc7u3cjttap.fsf@saturn.cs.uml.edu>, > Albert D. Cahalan <acahalan@saturn.cs.uml.edu> wrote: > >Jerry Hicks <wghhicks@ix.netcom.com> writes: > > > >> Wrong again Albert... > > > >Nope, you are wrong. This method is a _third_ solution. > > > >>>> My ``fix'' is to have the IDT descriptor reference a segemnt > >>>> which has a length of 0. This has the effect of mapping SIGILL > >>>> into SIGBUS, so that the `cmpxchg8' crash now generates a Bus > >>>> error. (I didn't bother returning the correct signal; it can > >>>> probably be added if it is important) > > This is indeed the "FreeBSD fix". > > The so-called "fix" doesn't work (it appears to, for simple exploits, > but it doesn't), and I _told_ some FreeBSD people so: I even sent > people a test-program that will still lock up a FreeBSD system with > the "fix". > > If they are indeed still using that fix, they are a sorry lot of > incompetent idiots. > > Linus Hmm, by my reading of /usr/src/sys/i386/i386/trap.c, we are trapping a page-fault, for the F00F workarround (Line 608, Version 1.83.2.2). I think Linus should a: Check his facts. b: not be so high and mighty all the time, it really turns people off. -- David Cross ACS Consultant
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971212071820.332A-100000>