'[oss-security] BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive)
From:       Georgi Guninski <guninski () guninski ! com>
Date:       2018-06-30 6:25:08
Message-ID: 20180630062508.oynnfspfl3ak35b7 () sivokote ! iziade ! m$
[Download RAW message or body]

 From
https://j.ludost.net/blog/archives/2018/06/30/bug_on_on_mips_kernels_4_17_2_and_earlier_old_but_alive/index.html

This is old but alive.

On mips linux kernel 4.17.2 and earlier unprivileged user can trigger
BUG_ON() possibly causing denial of service on the whole machine.

Suggested patches from 2013 are in the thread at:
https://www.spinics.net/lists/mips/msg73398.html

in 4.17.2 ./kernel/exit.c

do_group_exit(int exit_code)
{
	struct signal_struct *sig = current->signal;

	BUG_ON(exit_code & 0x80);

|do_group_exit| is called from

./kernel/signal.c:2482:		do_group_exit(ksig->info.si_signo);

Appears to me si_signo can be 0x80 (in decimal 128) because of:

arch/mips/include/uapi/asm/signal.h:15:#define _NSIG		128

Probably testcase will be:
$kill -128 `pidof program`

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic