Date: Sat, 3 Feb 1996 12:36:00 +0100 From: Thomas Graichen <graichen@omega.physik.fu-berlin.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: kern/992: can crash the system using modload Message-ID: <199602031136.MAA01092@prospero> Resent-Message-ID: <199602031330.FAA29045@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 992
>Category: kern
>Synopsis: it is possible to crash the system using modload
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Feb 3 05:30:05 PST 1996
>Last-Modified:
>Originator: Thomas Graichen
>Organization:
thomas graichen graichen@mail.physik.fu-berlin.de graichen@FreeBSD.org
perfection is reached, not when there is no longer anything to add, but when
there is no longer anything to take away antoine de saint-exupery
>Release: FreeBSD 2.1-STABLE i386
>Environment:
FreeBSD 2.1.0-RELEASE #0: Fri Feb 2 13:20:53 MET 1996
root@prospero:/usr/src/sys/compile/KERNEL_CONFIG
CPU: i486DX (486-class CPU)
real memory = 20971520 (20480K bytes)
avail memory = 19296256 (18844K bytes)
Probing for devices on the ISA bus:
ed0 at 0x280-0x29f irq 5 on isa
ed0: address 00:40:95:20:0a:14, type NE2000 (16 bit)
vt0 at 0x60-0x6f irq 1 on motherboard
vt0: tvga 8900cl, 80/132 col, mono, 2 scr, mf2-kbd, [R3.20-b24]
sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16450
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16450wdc0 at 0x1f0-0x1f7 irq 14 on isa
sio3 at 0x2e8-0x2ef irq 9 on isa
sio3: type 16550A
lpt0 at 0x378-0x37f irq 7 on isa
lpt0: Interrupt-driven port
lp0: TCP/IP capable interface
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
fdc0: NEC 765
fd0: 1.44MB 3.5in
wdc0: unit 0 (wd0): <Conner Peripherals 540MB - CFS540A>, multi-block-8
wd0: 516MB (1058400 sectors), 1050 cyls, 16 heads, 63 S/T, 512 B/S
wdc0: unit 1 (atapi): <FX001DE/E02>, removable, intr, iordis
wcd0: 299Kb/sec, 128Kb cache, audio play, 255 volume levels, ejectable tray
wcd0: no disc inside, unlocked
wdc1 at 0x170-0x177 irq 15 on isa
wdc1: unit 0 (wd2): <Conner Peripherals 425MB - CFS425A>, multi-block-8
wd2: 406MB (832288 sectors), 839 cyls, 16 heads, 62 S/T, 512 B/S
npx0 on motherboard
npx0: INT 16 interface
>Description:
it is possible to crash a system by running:
modload -e kernfs_init -u -q -o /tmp/kernfs_mod /lkm/kernfs_mod.o
or
modload -e union_init -u -q -o /tmp/union_mod /lkm/union_mod.o
ok - the commandline is a bit bogus - but it should definitely not crash the
system (an error from modload or the kernel would be enough i think)
here's what gdb -k says:
root@prospero:/var/crash> gdb -k kernel.0 vmcore.0
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.13 (i386-unknown-freebsd),
Copyright 1994 Free Software Foundation, Inc...(no debugging symbols found)...
IdlePTD 192000
current pcb at 18a588
panic: loadable module initialization failed
#0 0xf0157985 in boot ()
(kgdb) where
#0 0xf0157985 in boot ()
#1 0xf010d413 in panic ()
#2 0xf0104b83 in lkmcioctl ()
#3 0xf01291d1 in spec_ioctl ()
#4 0xf01280c8 in vn_ioctl ()
#5 0xf010ec37 in ioctl ()
#6 0xf015c91f in syscall ()
#7 0xf01554db in Xsyscall ()
#8 0x10d3 in ?? ()
(kgdb)
>How-To-Repeat:
run one of the above commands
>Fix:
no idea
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199602031136.MAA01092>