Date: Mon, 26 Jun 1995 12:20:02 -0700 From: nnd@gw.itfs.nsk.su To: freebsd-bugs Subject: kern/566: System locks after pty pair "broke" Message-ID: <199506261920.MAA29414@freefall.cdrom.com> In-Reply-To: Your message of Tue, 27 Jun 1995 02:11:03 %2B0700 <199506261911.CAA24032@gw.itfs.nsk.su>
next in thread | previous in thread | raw e-mail | index | archive | help
>Number: 566
>Category: kern
>Synopsis: System locks after pty pair "broke"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs (FreeBSD bugs mailing list)
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 26 12:20:01 1995
>Originator: Nickolay N. Dudorov
>Organization:
Infoteka Ltd.
>Release: FreeBSD 2.1.0-Development i386
>Environment:
2.0.5-RELEASE or 2.0.5-950622-SNAP system
>Description:
I discover that sometimes when I interrupt 'rlogin' to
my 2.0.5 system (before I receive 'Password:' prompt - some times
ther is very long pause between (say) 'rlogin localhost' and this prompt)
and after that ask 'ps tp0' the system 'locks' -
i.e. I can 'ping' the system, switch vt's and even cleanly
reboot it by CTRL+ALT+DEL, but can not start any new process.
Included is a program (modelled after 'rlogind') which
can reproduce such a state (with 'ps tp0' or 'ls -l /dev/ttyp0')
on 2.0.5-RELEASE and 2.0.5-950622-SNAP system.
I'm not so shure about 'severity' and 'priority' of
that problem, but it can be evaluated after someone fix
the source for such 'locks' :-(
>How-To-Repeat:
USE CARE - SYSTEM 'LOCKS' AND YOU MUST REBOOT IT !!!
1) compile and load the next program with '-lutil';
2) start it (as root) and wait until ps shows "fsonf" state for
one of its childs;
3) now say - 'ps tpN', where N is a number of pty obtained by
program (from ps of step 2) -
AND you have a locked system !!
(DON'T try to INTERRUPT any of processes at this stage AND
you can reboot the system with CTRL+ALT+DEL ).
=========================================================================
/* All includes was taken from 'rlogind' sources - not all are used */
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <signal.h>
#include <termios.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <netdb.h>
#include <pwd.h>
#include <syslog.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#define _PATH_DEV "/dev/ttypXX"
#define _PATH_TTY "/dev/tty"
char line1[MAXPATHLEN];
char line2[MAXPATHLEN];
struct winsize win = { 0, 0, 0, 0 };
main(ac,av)
int ac;
char *av[];
{
int master1,master2,pid1,pid2,c,i;
FILE *fp;
if((pid1 = fork()) == 0 ) {
strcpy(av[0],"fsons");
sleep(10);
strcpy(av[0],"fsonf");
pid2 = forkpty(&master2, line2, NULL, &win);
strcpy(av[0],"fsonn");
sleep(10);
} else {
pid2 = forkpty(&master1, line1, NULL, &win);
if(pid2 == 0) {
/* The next line is necessary - without it you can't lock the system */
/* (and it is used in real life in 'getpass' function) */
if((fp = fopen(_PATH_TTY,"w+"))==NULL) {
exit(4);
}
for(;;) {
strcpy(av[0],"ssbw");
i=write(1,&c,1);
if (i < 0) {
strcpy(av[0],"sswe");
sleep(3);
} else if(i==0) {
strcpy(av[0],"ssw0");
sleep(3);
} else {
strcpy(av[0],"ssaw");
sleep(3);
}
}
} else {
exit(1);
}
}
}
=========================================================================
>Fix:
If I only know ;-(
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506261920.MAA29414>