Date: Thu, 1 Jun 2000 21:05:18 +0200 (CEST) From: Christian Weisgerber <naddy@mips.inka.de> To: FreeBSD-gnats-submit@freebsd.org Subject: kern/18952: fdesc-related panic Message-ID: <200006011905.VAA01256@bigeye.mips.inka.de>
next in thread | raw e-mail | index | archive | help
>Number: 18952
>Category: kern
>Synopsis: fdesc-related panic
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Jun 01 12:10:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Christian Weisgerber
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
UUGRN
>Environment:
fdesc mounted on /dev/fd. fdesc was loaded as a module.
Tested for 5.0-CURRENT i386 from May 18 and May 30.
>Description:
An unpriviledged user can accidentally panic the system with a
completely innocuous command.
----------------
#0 boot (howto=256) at ../../kern/kern_shutdown.c:303
#1 0xc0164599 in panic (fmt=0xc0267e4f "page fault")
at ../../kern/kern_shutdown.c:553
#2 0xc023333e in trap_fatal (frame=0xc6155d74, eva=52)
at ../../i386/i386/trap.c:927
#3 0xc0232ff1 in trap_pfault (frame=0xc6155d74, usermode=0, eva=52)
at ../../i386/i386/trap.c:820
#4 0xc0232b7f in trap (frame={tf_fs = 16, tf_es = 16, tf_ds = 16,
tf_edi = -976731072, tf_esi = -971678188, tf_ebp = -971678248,
tf_isp = -971678304, tf_ebx = -971678208, tf_edx = 0, tf_ecx = 13,
tf_eax = -971678268, tf_trapno = 12, tf_err = 0, tf_eip = -1063880518,
tf_cs = 8, tf_eflags = 66195, tf_esp = -971678268, tf_ss = -971678208})
at ../../i386/i386/trap.c:426
#5 0xc09678ba in ?? ()
#6 0xc01995ea in vn_open (ndp=0xc6155ecc, fmode=1026, cmode=420)
at vnode_if.h:305
#7 0xc019561d in open (p=0xc5c84440, uap=0xc6155f80)
at ../../kern/vfs_syscalls.c:995
#8 0xc02335f1 in syscall2 (frame={tf_fs = 47, tf_es = 47, tf_ds = 47,
tf_edi = 8, tf_esi = 672161560, tf_ebp = -1077937912,
tf_isp = -971677740, tf_ebx = 672096100, tf_edx = 672161560,
tf_ecx = 15, tf_eax = 5, tf_trapno = 12, tf_err = 2, tf_eip = 672013048,
tf_cs = 31, tf_eflags = 643, tf_esp = -1077937956, tf_ss = 47})
at ../../i386/i386/trap.c:1126
#9 0xc02278a8 in Xint0x80_syscall ()
----------------
#
# BIGEYE -- bigeye.rhein-neckar.de (5.0-CURRENT)
#
# $FreeBSD: src/sys/i386/conf/GENERIC,v 1.246 2000/03/09 16:32:55 jlemon Exp $
#
# 2000-03-25 naddy
machine i386
cpu I586_CPU
ident BIGEYE
maxusers 32
makeoptions DEBUG=-g #Build kernel with gdb(1) debug symbols
options INCLUDE_CONFIG_FILE # Include this file in kernel
options AUTO_EOI_1
options AUTO_EOI_2
options INET #InterNETworking
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep this!]
options SOFTUPDATES
options MFS #Memory Filesystem
options NFS #Network Filesystem
options CD9660 #ISO 9660 Filesystem
options PROCFS #Process filesystem
options KERNFS #Kernel filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!]
options SCSI_DELAY=10000 #Delay (in ms) before probing SCSI
options UCONSOLE #Allow users to grab the console
options KTRACE #ktrace(1) support
options DDB #Enable the kernel debugger
options DDB_UNATTENDED #Don't drop into DDB for a panic
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extentions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
device isa
device pci
# Floppy drives
device fdc0 at isa? port IO_FD1 irq 6 drq 2
device fd0 at fdc0 drive 0
# SCSI Controllers
device sym # NCR/Symbios Logic (newer chipsets)
# SCSI peripherals
device scbus # SCSI bus (required)
device da # Direct Access (disks)
device sa # Sequential Access (tape etc)
device cd # CD
device pass # Passthrough device (direct SCSI access)
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1
device psm0 at atkbdc? irq 12
device vga0 at isa?
# splash screen/screen saver
pseudo-device splash
# syscons is the default console driver, resembling an SCO console
device sc0 at isa?
options SC_ALT_MOUSE_IMAGE # simplified mouse cursor in text mode
options SC_DISABLE_REBOOT # disable reboot key sequence
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
# Parallel port
device ppc0 at isa? irq 7
device ppbus # Parallel port bus (required)
device lpt # Printer
# PCI Ethernet NICs.
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
# Sound
device pcm # For PnP/PCI sound cards
# Pseudo devices - the number indicates how many units to allocated.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
pseudo-device vn #Vnode driver (turns a file into a device)
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
----------------
>How-To-Repeat:
$ fetch -o - http://sites.inka.de/mips/unix/freebsd/xterm.shar | sh
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006011905.VAA01256>