From owner-freebsd-current Fri Dec 20 2:44:47 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E387A37B401 for ; Fri, 20 Dec 2002 02:44:44 -0800 (PST) Received: from magic.adaptec.com (magic.adaptec.com [208.236.45.80]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68AB243EDE for ; Fri, 20 Dec 2002 02:44:43 -0800 (PST) (envelope-from scott_long@btc.adaptec.com) Received: from redfish.adaptec.com (redfish.adaptec.com [162.62.50.11]) by magic.adaptec.com (8.11.6+Sun/8.11.6) with ESMTP id gBKAiAj03536; Fri, 20 Dec 2002 02:44:10 -0800 (PST) Received: from btc.btc.adaptec.com (btc.btc.adaptec.com [10.100.0.52]) by redfish.adaptec.com (8.8.8+Sun/8.8.8) with ESMTP id CAA28095; Fri, 20 Dec 2002 02:44:04 -0800 (PST) Received: from btc.adaptec.com (hollin [10.100.253.56]) by btc.btc.adaptec.com (8.8.8+Sun/8.8.8) with ESMTP id DAA29451; Fri, 20 Dec 2002 03:43:59 -0700 (MST) Message-ID: <3E02F56C.7080002@btc.adaptec.com> Date: Fri, 20 Dec 2002 03:48:12 -0700 From: Scott Long User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2b) Gecko/20021125 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Sean Kelly Cc: Nate Lawson , current@freebsd.org Subject: Re: `cat /dev/io` leads to system lockup. References: <20021220081215.GA35355@edgemaster.zombie.org> In-Reply-To: <20021220081215.GA35355@edgemaster.zombie.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Sean Kelly wrote: > On Thu, Dec 19, 2002 at 11:35:01PM -0800, Nate Lawson wrote: > > >On Fri, 20 Dec 2002, Sean Kelly wrote: > > > >>On my 5.0-CURRENT kernel built 45 minutes ago, I can bring my system > > to its > > >>knees by doing > >> > >># cat /dev/io > >> > >>While I understand that this isn't exactly something one would > > normally be > > >>doing, is it really something that should bring the system down? > > > >You're running as root. So does "yes > /dev/da0" and "cat > > /dev/urandom > > > >/dev/mem" and ... (infinity) > > > While I don't really care to test it, I wager that `yes >/dev/da0` will > not > cause the system to lock hard. But you seem to be talking abot something > very different. You are talking about WRITING. I am talking about > READING. > > # cat /dev/da0 > # cat /dev/urandom > > None of these bring the system to its knees. So why does > > # cat /dev/io > > totally lock my system solid? > > According to the manpage: > The special file /dev/io is a controlled security hole that allows a > pro- > cess to gain I/O privileges (which are normally reserved for kernel- > internal code). Any process that holds a file descriptor on /dev/io > open > will get its IOPL bits in the flag register set, thus allowing it to > per- > form direct I/O operations. > > This says nothing about what happens if you attempt to read() from > /dev/io, > as `cat /dev/io` would be expected to do. At the least, there should be > a > big, fat, blinking WARNING on the manpage telling you that `cat /dev/io` > will > bring your system down. > Many peripheral hardware device do not like having their registers blindly read (it's quite common for a read operation on a register to signal an ASIC that it's ok to do a certain action) and will respond with nasty things like interrupt storms, endless PCI target aborts, etc. Whether this is silly or not is not the point; this is just one of the many places in Unix that have no seatbelts and assume that the superuser knows what he is doing. Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message