Date: Thu, 11 Dec 1997 22:08:42 -0800 From: David Greenman <dg@root.com> To: jak@cetlink.net (John Kelly) Cc: hackers@FreeBSD.ORG, torvalds@transmeta.com (Linus Torvalds) Subject: Re: (fwd) Re: F00F bug *fixed* in 2.0.x kernels Message-ID: <199712120608.WAA01136@implode.root.com> In-Reply-To: Your message of "Fri, 12 Dec 1997 05:48:30 GMT." <3491cfe3.6774010@mail.cetlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>On 8 Dec 1997 23:11:24 GMT, in comp.os.linux.development.system >torvalds@transmeta.com (Linus Torvalds) wrote: ... >>>>> My ``fix'' is to have the IDT descriptor reference a segemnt >>>>> which has a length of 0. This has the effect of mapping SIGILL >>>>> into SIGBUS, so that the `cmpxchg8' crash now generates a Bus >>>>> error. (I didn't bother returning the correct signal; it can >>>>> probably be added if it is important) > >This is indeed the "FreeBSD fix". > >The so-called "fix" doesn't work (it appears to, for simple exploits, >but it doesn't), and I _told_ some FreeBSD people so: I even sent >people a test-program that will still lock up a FreeBSD system with >the "fix". > >If they are indeed still using that fix, they are a sorry lot of >incompetent idiots. The fix that Linus is refering to is one of several that were evaluated and rejected. The fix that we finally adopted in FreeBSD is the one that involves making the IDT to read-only and catching the write fault that occurs. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712120608.WAA01136>