From owner-svn-src-all@freebsd.org  Tue Mar 13 10:00:15 2018
Return-Path: <owner-svn-src-all@freebsd.org>
Delivered-To: svn-src-all@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCE1EF34CA3;
 Tue, 13 Mar 2018 10:00:14 +0000 (UTC)
 (envelope-from eadler@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 901C3743C7;
 Tue, 13 Mar 2018 10:00:14 +0000 (UTC)
 (envelope-from eadler@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 70D70186A1;
 Tue, 13 Mar 2018 10:00:14 +0000 (UTC)
 (envelope-from eadler@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2DA0EQI009217;
 Tue, 13 Mar 2018 10:00:14 GMT (envelope-from eadler@FreeBSD.org)
Received: (from eadler@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2DA0Ebi009216;
 Tue, 13 Mar 2018 10:00:14 GMT (envelope-from eadler@FreeBSD.org)
Message-Id: <201803131000.w2DA0Ebi009216@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: eadler set sender to
 eadler@FreeBSD.org using -f
From: Eitan Adler <eadler@FreeBSD.org>
Date: Tue, 13 Mar 2018 10:00:14 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r330838 - stable/11/sys/dev/syscons
X-SVN-Group: stable-11
X-SVN-Commit-Author: eadler
X-SVN-Commit-Paths: stable/11/sys/dev/syscons
X-SVN-Commit-Revision: 330838
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-all@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "SVN commit messages for the entire src tree \(except for &quot;
 user&quot; and &quot; projects&quot; \)" <svn-src-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-all/>
List-Post: <mailto:svn-src-all@freebsd.org>
List-Help: <mailto:svn-src-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-all>,
 <mailto:svn-src-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2018 10:00:15 -0000

Author: eadler
Date: Tue Mar 13 10:00:14 2018
New Revision: 330838
URL: https://svnweb.freebsd.org/changeset/base/330838

Log:
  MFC r304164:
  
  Disable some more unsafe things in (low level) console mode:
  - never call up to the tty layer to restart output for keyboard input in
    console mode.  This was already disallowed in kdb mode.  Other cases
    are rarely reached.
  - disable the reboot, halt and powerdown keys in console mode.  The suspend,
    standby and panic keys are still allowed, and aren't even conditonal
    on excessive configuration options.  Some of these actions are still
    available in ddb mode as ddb commands which are equally unsafe.  Some
    are useful at input prompts and should be restored when the locking is
    fixed.
  - disallow bells in kdb mode (should be in console mode, but the flag for
    that is not available).  Visual bell gives very alarming behaviour by
    trying to use callouts which don't work in kdb mode.  Audio bell uses
    timeouts and hardware resources with mutexes that can deadlock in
    reasonable use of ddb.
  
  Screen switches in kdb mode are not very safe, but they are important
  functionality and there is a lot of code to make them sort of work.

Modified:
  stable/11/sys/dev/syscons/syscons.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/syscons/syscons.c
==============================================================================
--- stable/11/sys/dev/syscons/syscons.c	Tue Mar 13 09:58:29 2018	(r330837)
+++ stable/11/sys/dev/syscons/syscons.c	Tue Mar 13 10:00:14 2018	(r330838)
@@ -3505,8 +3505,9 @@ next_code:
 			    scp->status |= CURSOR_ENABLED;
 			    sc_draw_cursor_image(scp);
 			}
+			/* Only safe in Giant-locked context. */
 			tp = SC_DEV(sc, scp->index);
-			if (!kdb_active && tty_opened_ns(tp))
+			if (!(flags & SCGETC_CN) && tty_opened_ns(tp))
 			    sctty_outwakeup(tp);
 #endif
 		    }
@@ -3557,21 +3558,21 @@ next_code:
 
 	    case RBT:
 #ifndef SC_DISABLE_REBOOT
-		if (enable_reboot)
+		if (enable_reboot && !(flags & SCGETC_CN))
 			shutdown_nice(0);
 #endif
 		break;
 
 	    case HALT:
 #ifndef SC_DISABLE_REBOOT
-		if (enable_reboot)
+		if (enable_reboot && !(flags & SCGETC_CN))
 			shutdown_nice(RB_HALT);
 #endif
 		break;
 
 	    case PDWN:
 #ifndef SC_DISABLE_REBOOT
-		if (enable_reboot)
+		if (enable_reboot && !(flags & SCGETC_CN))
 			shutdown_nice(RB_HALT|RB_POWEROFF);
 #endif
 		break;
@@ -3842,7 +3843,7 @@ sc_respond(scr_stat *scp, const u_char *p, int count, 
 void
 sc_bell(scr_stat *scp, int pitch, int duration)
 {
-    if (cold || shutdown_in_progress || !enable_bell)
+    if (cold || kdb_active || shutdown_in_progress || !enable_bell)
 	return;
 
     if (scp != scp->sc->cur_scp && (scp->sc->flags & SC_QUIET_BELL))