Re: [Fwd: [lemote] Re: Are -mfix-loongson2f-nop and -mfix-loongson2f-jump needed for userland programs?]

[Ivan Jager <aij+nospam@andrew.cmu.edu>]

On Thu, 4 Feb 2010, fxzhang wrote:
> On Sat, 2010-01-23 at 13:39 -0500, Daniel Clark wrote:
> > Does anyone know canonically if the system can have instability
> > because *any* executable program is compiled without the loongson2f
> > as/binutils fixes?
> >
> > The site http://dev.lemote.com/code/firefox-3.7-loongson-jit says:
> >
> > "Recommend building with Lemote's tool-chain
> > http://dev.lemote.com/files/binary/toolchain/gcc4ls2f.tar to avoid a
> > potential bug http://sourceware.org/ml/binutils/2009-11/msg00387.html.";
> >
> > I was under the impression that only the kernel, linux had to be
> > compiled with the loongson2f as/binutils fixes to avoid system lockups
> > due to silicon-level loongson2f bugs.
>
> As I have said in
> http://sourceware.org/ml/binutils/2009-11/msg00387.html, only
> -mfix-loongson2f-nop is needed for user-space applications.

> From reading that message, it seems very wrong to me. It sounds like a 
regular user could cause the machine to crash by omitting the 
-mfix-loongson2f-nop when compiling his programs. This solution seems akin 
to "fixing" a buffer overflow in a server by modifying the client to never 
send strings that are too long.

Am I missing something, or was the solution to this DoS vulnerability 
something along the lines of "let's create a way so that we can avoid 
exploiting it accidentally"?

Just a long-time debian user,
Ivan