Ralf Baechle wrote:
Notice the branch at the end of the fixup code, it goes back to the SC instruction. The SC instruction took an exception so it will not have changed $1 so the loop will continue endless unless by coincidence the value to be stored from $1 happened to be zero. Obviously this one was MIPS specific and may hit all supported ABIs. So my initial suspicion this might be the issue David Miller recently discovered in the binary compat code isn't true. And it's a local DoS probably for all of 2.6.16 and up.
I mostly similar code is in 2.6.15, so I think it is effected as well. 2.6.12 on the other hand doesn't seem to have futex.h
David Daney
