From owner-freebsd-hackers  Thu Dec 27 13:10:48 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from scanner.secnap.net (scanner.secnap.net [216.241.67.74])
	by hub.freebsd.org (Postfix) with ESMTP id A5E8937B417
	for <freebsd-hackers@FreeBSD.ORG>; Thu, 27 Dec 2001 13:10:42 -0800 (PST)
Received: from MIKELT ([10.1.1.40])
	by scanner.secnap.net (8.11.6/8.11.5) with SMTP id fBRLAe329330;
	Thu, 27 Dec 2001 16:10:40 -0500 (EST)
	(envelope-from scheidell@secnap.net)
Message-ID: <019201c18f1a$e3ca9270$05032240@MIKELT>
From: "Michael Scheidell" <scheidell@secnap.net>
To: "Alfred Perlstein" <bright@mu.org>
Cc: <freebsd-hackers@FreeBSD.ORG>
References: <20011221174007.D551C38CC@overcee.netplex.com.au> <200112211751.fBLHpcr02576@scanner.secnap.net> <20011221181804.A40540@walton.maths.tcd.ie> <015701c18f14$a1b90660$05032240@MIKELT> <20011227143138.I55891@elvis.mu.org> <017601c18f17$a9ce64a0$05032240@MIKELT> <20011227150006.L55891@elvis.mu.org>
Subject: Re: userland program panics freebsd 4.3
Date: Thu, 27 Dec 2001 16:10:18 -0500
Organization: Secnap Network Security, LLC.
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG


----- Original Message -----
From: "Alfred Perlstein" <bright@mu.org>
To: "Michael Scheidell" <scheidell@secnap.net>
Cc: <freebsd-hackers@FreeBSD.ORG>
Sent: Thursday, December 27, 2001 4:00 PM
Subject: Re: userland program panics freebsd 4.3


> *mp, *sp, *p, *((struct vnode *)fp->f_data)
print *mp:
$1 = {mnt_list = {tqe_next = 0x8624c, tqe_prev = 0x28076200},
  mnt_op = 0x280623bc, mnt_vfc = 0x280ac75e, mnt_vnodecovered = 0x280ac76e,
  mnt_syncer = 0x280ac77e, mnt_nvnodelist = {tqh_first = 0x280ac78e,
    tqh_last = 0x280ac79e}, mnt_lock = {lk_interlock = {
      lock_data = 672135372}, lk_flags = 672118400, lk_sharecount =
671795150,
    lk_waitcount = 671971764, lk_exclusivecount = 31188, lk_prio = 10253,
    lk_wmesg = 0x280ac7fe "hP", lk_timo = 671795214,
    lk_lockholder = 671795230}, mnt_flag = 671795246,
  mnt_kern_flag = 672127820, mnt_maxsymlinklen = 671795278, mnt_stat = {
    f_spare2 = 671795294, f_bsize = 671795310, f_iosize = 672152136,
    f_blocks = 671795342, f_bfree = 671795358, f_bavail = 671795374,
    f_files = 671795390, f_ffree = 671795406, f_fsid = {val = {671795422,
        671973044}}, f_owner = 671795454, f_type = 671795470,
    f_flags = 671795486, f_syncwrites = 671795502, f_asyncwrites =
672121400,
    f_fstypename = "NÉ\n(^É\n(nÉ\n(~É\n(",
    f_mntonname =
"\216É\n(\236É\n(\0006\017(¬\\\021(ð<\021(ÞÉ\n(îÉ\n(þÉ\n(pÁ\017(Ô\177\r(.Ê\n
(>Ê\n(NÊ\n(^Ê\n(nÊ\n(~Ê\n(\216Ê\n(\204d\021(®Ê\n(¾Ê\n(",
    f_syncreads = 672126696, f_asyncreads = 671795934, f_spares1 = -13586,
    f_mntfromname =
"\n(\230É\017(\016Ë\n(\036Ë\n(.Ë\n(>Ë\n(NË\n(^Ë\n(nË\n(~Ë\n(ô\215\020(\236Ë\
n(®Ë\n(Ô\201\r(ÎË\n(ÞË\n(îË\n(þË\n(°>\021(\036Ì\n(.Ì",
    f_spares2 = 10250, f_spare = {671796286, 671796302}},
  mnt_data = 0x280acc5e, mnt_time = 671796334, mnt_iosize_max = 671796350,
  mnt_reservedvnlist = {tqh_first = 0x280acc8e, tqh_last = 0x280acc9e}}

print *sp:
Cannot access memory at address 0x7.

print *p
Cannot access memory at address 0x8000.

 print *((struct vnode *)fp->f_data)
$2 = {v_flag = 0, v_usecount = 1, v_writecount = 0, v_holdcnt = 0,
  v_id = 3291, v_mount = 0x0, v_op = 0xc11bc300, v_freelist = {tqe_next =
0x0,
    tqe_prev = 0xce195cdc}, v_nmntvnodes = {tqe_next = 0xce381500,
    tqe_prev = 0xce3816a4}, v_cleanblkhd = {tqh_first = 0x0,
    tqh_last = 0xce3815ec}, v_dirtyblkhd = {tqh_first = 0x0,
    tqh_last = 0xce3815f4}, v_synclist = {le_next = 0x0, le_prev = 0x0},
  v_numoutput = 0, v_type = VBAD, v_un = {vu_mountedhere = 0x0,
    vu_socket = 0x0, vu_spec = {vu_specinfo = 0x0, vu_specnext = {
        sle_next = 0x0}}, vu_fifoinfo = 0x0}, v_lease = 0x0, v_lastw = 0,
  v_cstart = 0, v_lasta = 0, v_clen = 0, v_object = 0x0, v_interlock = {
    lock_data = 0}, v_vnlock = 0x0, v_tag = VT_NON, v_data = 0x0,
  v_cache_src = {lh_first = 0x0}, v_cache_dst = {tqh_first = 0x0,
    tqh_last = 0xce381640}, v_dd = 0xce3815c0, v_ddid = 0, v_pollinfo = {
    vpi_lock = {lock_data = 0}, vpi_selinfo = {si_pid = 0, si_note = {
        slh_first = 0x0}, si_flags = 0}, vpi_events = 0, vpi_revents = 0},
  v_vxproc = 0x0}

kernel config: (needed the PMAP_SHGRPROC to allow apache to run, maxusers
128 mostly for processes and fd's
only one user, program is nessusd, a security scanner that wacks the crap
out of the network drivers and /dev/bpf's

machine         i386
cpu             I686_CPU
ident           HACKERTRAP
maxusers        128
makeoptions     DEBUG=-g                #Build kernel with gdb(1) debug
symbols
makeoptions     CONF_CFLAGS=-fno-builtin  #Don't allow use of memcmp, etc.
options         PMAP_SHPGPERPROC=300
options         PANIC_REBOOT_WAIT_TIME=32
options         INET                    #InterNETworking
options         FFS                     #Berkeley Fast Filesystem
options         FFS_ROOT                #FFS usable as root device [keep
this!]
options         SOFTUPDATES             #Enable FFS soft updates support
options         CD9660                  #ISO 9660 Filesystem
options         PROCFS                  #Process filesystem
options         COMPAT_43               #Compatible with BSD 4.3 [KEEP
THIS!]
options         SCSI_DELAY=15000        #Delay (in ms) before probing SCSI
options         UCONSOLE                #Allow users to grab the console
options         USERCONFIG              #boot -c editor
options         VISUAL_USERCONFIG       #visual boot -c editor
options         KTRACE                  #ktrace(1) support
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
device          isa
options         AUTO_EOI_1
device          pci
device          fdc0    at isa? port IO_FD1 irq 6 drq 2
device          fd0     at fdc0 drive 0
device          fd1     at fdc0 drive 1
device          ata
device          atadisk                 # ATA disk drives
device          atapicd                 # ATAPI CDROM drives
options         ATA_STATIC_ID           #Static device numbering
device          atkbdc0 at isa? port IO_KBD
device          atkbd0  at atkbdc? irq 1 flags 0x1
device          psm0    at atkbdc? irq 12
device          npx0    at nexus? port IO_NPX irq 13
device          sio0    at isa? port IO_COM1 flags 0x10 irq 4
device          sio1    at isa? port IO_COM2 irq 3
device          miibus          # needed on 4.4 for fxp
device          fxp             # Intel EtherExpress PRO/100B (82557, 82558)
device          apm
pseudo-device   loop            # Network loopback
pseudo-device   ether           # Ethernet support
pseudo-device   ppp     1       # Kernel PPP
pseudo-device   tun             # Packet tunnel.
pseudo-device   pty             # Pseudo-ttys (telnet etc)
pseudo-device   bpf     64      #Berkeley packet filter




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message