-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I reported this bug a while ago but no-one picked up on it. Just launch any UML 32-bit kernel on a 64-bit KVM guest: test $ ./kernel32-2.6.16.62 Checking that ptrace can change system call numbers...OK Checking syscall emulation patch for ptrace...OK Trace/breakpoint trap test@localhost ~ $ Kernel panic - not syncing: Attempted to kill init! Kernel panic - not syncing: Attempted to kill init! You can find some pre-built binaries here: http://uml.devloop.org.uk/kernels.html Since then, I've bisected it down to: d4d67150165df8bf1cc05e532f6efca96f907cab is first bad commit Author: Roland McGrath <roland@xxxxxxxxxx> Date: Wed Jul 9 02:38:07 2008 -0700 Subject: x86 ptrace: unify syscall tracing It looks exploitable at first sight (ptrace generally is), but this is beyond me (I am not a kernel hacker) QEMU without KVM is not affected. I've added some printf in a test UML kernel to see more precisely where it dies in arch/um/os-Linux/startup.c: in check_sysemu(): non_fatal("Before singlestep\n"); if (ptrace(PTRACE_SYSEMU_SINGLESTEP, pid, 0, 0) < 0) goto fail; non_fatal("Before waitpid\n"); (also added a non_fatal() in fail) It prints these two statements 30 times from the while(1) loop and stops on: Before singlestep Whatever the fix is, this should be queued for stable too. Antoine -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREKAAYFAkqiaoUACgkQGK2zHPGK1rt1cwCfWgGeuTrD+rpfa9SsUc7/h3eL +DEAn1LgzrhOjbyEss2zRez+0dk0smZv =MUXh -----END PGP SIGNATURE----- -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
