From owner-freebsd-bugs Tue Nov 11 07:20:05 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA28718 for bugs-outgoing; Tue, 11 Nov 1997 07:20:05 -0800 (PST) (envelope-from owner-freebsd-bugs) Received: (from gnats@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA28705; Tue, 11 Nov 1997 07:20:01 -0800 (PST) (envelope-from gnats) Resent-Date: Tue, 11 Nov 1997 07:20:01 -0800 (PST) Resent-Message-Id: <199711111520.HAA28705@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, jt@nanoteq.com Received: (from nobody@localhost) by hub.freebsd.org (8.8.7/8.8.7) id HAA28208; Tue, 11 Nov 1997 07:13:54 -0800 (PST) (envelope-from nobody) Message-Id: <199711111513.HAA28208@hub.freebsd.org> Date: Tue, 11 Nov 1997 07:13:54 -0800 (PST) From: jt@nanoteq.com To: freebsd-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: www-1.0 Subject: kern/5011: rndcontrol -s 8 causes kernel panic Sender: owner-freebsd-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 5011 >Category: kern >Synopsis: rndcontrol -s 8 causes kernel panic >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Nov 11 07:20:00 PST 1997 >Last-Modified: >Originator: Johann Tonsing >Organization: Nanoteq >Release: 2.2.5-STABLE >Environment: FreeBSD Amnesiac.Domain 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Mon Nov 10 05:21:1 4 SAT 1997 root@zibbi.mikom.csir.co.za:/ns/dist/src/kernel/sys/compile/NSR i386 >Description: If interrupt 8 is enabled for random information collection, the kernel panics. Admittedly this is a silly thing to do (IRQ8=RTC, which is supposed to NOT be very random ;-)) but rndcontrol and/or the kernel /dev/random code should disallow this - kernel panic is too drastic a punishment. >How-To-Repeat: Add interrupt 8 to the random bit collection interrupts. Example: # rndcontrol -s 8 rndcontrol: setting irq 8 rndcontrol: Interrupts in use: 8 # Fatal trap 12: page fault while in kernel mode fault virtual address = 0x28 fault code = supervisor read, page not present instruction pointer = 0x8:0xf0105ec5 stack pointer = 0x10:0xf01b9f6c frame pointer = 0x10:0xf01b9f74 code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = interrupt enabled, resume, IOPL = 0 current process = Idle interrupt mask = panic: page fault >Fix: Add (more) validation code to rndcontrol and/or /dev/random to disallow IRQ 8 -or- allow addition but fix whatever causes panic. >Audit-Trail: >Unformatted: