Bugtraq mailing list archives
Re: 2.2.0 SECURITY (fwd)
From: alan () LXORGUK UKUU ORG UK (Alan Cox)
Date: Wed, 27 Jan 1999 19:19:01 +0000
Later on down the thread there are other people then Dan Burcaw who say that the bug crashes their boxes too. I suggest reading the thread on Linux Kernel archives for more information. See information at the bottof of forwarded message for information.
Yep its real bug. The relevant info for early adopters is: From: MOLNAR Ingo <mingo () chiara csoma elte hu> To: linux-kernel () vger rutgers edu, linux-smp () vger rutgers edu cc: Linus Torvalds <torvalds () transmeta com>, Alan Cox <alan () lxorguk ukuu org uk>, "David S. Miller" <davem () dm cobaltmicro com> Subject: [patch] 'coredump crash' fixed it was a very subtle bug and has nothing to do with coredumps at all, but it's very rare and the invalid coredump ELF layout accidentally triggered the bug. with the attached patch applied i get: [root@moon /root]# ldd core not a dynamic executable [root@moon /root]# just as expected. The reason why we crash and why it made the kernel reboot in such a nasty way was that munmap() did just a tad more work than necessary and we zapped 0xc0000000's page table entry ... that is a pretty vital piece of 4M virtual space on Linux ;) (erm, just dont ask me how i managed to debug this ;) -- mingo, running a hopefully much safer kernel now ;) --- linux/mm/mmap.c.orig Wed Jan 27 14:09:31 1999 +++ linux/mm/mmap.c Wed Jan 27 14:06:09 1999 @@ -558,7 +558,7 @@ unsigned long start, unsigned long end) { unsigned long first = start & PGDIR_MASK; - unsigned long last = (end & PGDIR_MASK) + PGDIR_SIZE; + unsigned long last = ((end-1) & PGDIR_MASK) + PGDIR_SIZE; if (!prev) { prev = mm->mmap; - Linux SMP list: FIRST see FAQ at http://www.irisa.fr/prive/mentre/smp-faq/ To Unsubscribe: send "unsubscribe linux-smp" to majordomo () vger rutgers edu
Current thread:
- Re: 2.2.0 SECURITY (fwd) //Stany (Jan 27)
- Windows CE 2.1 security problem Bart (Jan 27)
- Re: 2.2.0 SECURITY (fwd) Alan Cox (Jan 27)
- Re: 2.2.0 SECURITY (fwd) Andrea Arcangeli (Jan 27)
- Re: 2.2.0 SECURITY (fwd) Andrea Arcangeli (Jan 27)