Date: Tue, 11 Nov 1997 07:13:54 -0800 (PST) From: jt@nanoteq.com To: freebsd-gnats-submit@FreeBSD.ORG Subject: kern/5011: rndcontrol -s 8 causes kernel panic Message-ID: <199711111513.HAA28208@hub.freebsd.org> Resent-Message-ID: <199711111520.HAA28705@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 5011
>Category: kern
>Synopsis: rndcontrol -s 8 causes kernel panic
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 11 07:20:00 PST 1997
>Last-Modified:
>Originator: Johann Tonsing
>Organization:
Nanoteq
>Release: 2.2.5-STABLE
>Environment:
FreeBSD Amnesiac.Domain 2.2.5-STABLE FreeBSD 2.2.5-STABLE #0: Mon Nov 10 05:21:1
4 SAT 1997 root@zibbi.mikom.csir.co.za:/ns/dist/src/kernel/sys/compile/NSR
i386
>Description:
If interrupt 8 is enabled for random information collection,
the kernel panics.
Admittedly this is a silly thing to do (IRQ8=RTC, which
is supposed to NOT be very random ;-)) but rndcontrol
and/or the kernel /dev/random code should disallow this -
kernel panic is too drastic a punishment.
>How-To-Repeat:
Add interrupt 8 to the random bit collection interrupts.
Example:
# rndcontrol -s 8
rndcontrol: setting irq 8
rndcontrol: Interrupts in use: 8
#
Fatal trap 12: page fault while in kernel mode
fault virtual address = 0x28
fault code = supervisor read, page not present
instruction pointer = 0x8:0xf0105ec5
stack pointer = 0x10:0xf01b9f6c
frame pointer = 0x10:0xf01b9f74
code segment = base 0x0, limit 0xfffff, type 0x1b
= DPL 0, pres 1, def32 1, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = Idle
interrupt mask =
panic: page fault
>Fix:
Add (more) validation code to rndcontrol and/or /dev/random
to disallow IRQ 8 -or- allow addition but fix whatever causes
panic.
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711111513.HAA28208>