Re: PROBLEM: task->tty->driver problem/oops in proc_pid_sta

[Petr Vandrovec]

On 10 Mar 04 at 11:54, Brice Figureau wrote:

> I've digged a little deeper into the following oops that occurs every
> night on my servers (see my previous mail):

Or you could dig LKML archives - I reported it in jan & feb three times.

> Something interesting: the oops occurs always in a thread (either mysql
> or java), not in a principal process (verified by finding the only task
> that is locked by doing some cat in /proc/<pid>/task/).

wli has a patch, unfortunately for some reason it did not hit
main kernel yet. I've put it (without Wli's permission) at 
http://platan.vc.cvut.cz/ftp/pub/linux/pidstat.patch.
For unknown reason patch did not find its way to Linus's kernel yet,
although it renders 2.6.x unusable in any multiuser environment.

> Then I tried to reproduce it exactly and found the following:
> 1) log in with ssh on the server (this allocates a tty: /dev/pts/0)
> 2) launch a java application using some threads, the application in
> question uses /dev/pts/0 as tty
> 3) log-out, this releases /dev/pts/0
> 4) log in again (this session uses /dev/pts/1)
> 5) run chkrootkit or a 'ps mauxgww' -> the previous oops is reported.

I have simple C program which you run under normal account on any
2.6.x kernel and it will turn box into dead piece of metal if SMP
kernel is used, or at least all 'ps' services stop (on UP kernel).
Not useful as exploit, but quite sufficient as a DoS.
                                                            Petr Vandrovec
                                                            

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/