From owner-svn-src-head@freebsd.org Mon Aug 15 15:34:54 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8D8EBBA29F; Mon, 15 Aug 2016 15:34:54 +0000 (UTC) (envelope-from bde@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 810CD17B1; Mon, 15 Aug 2016 15:34:54 +0000 (UTC) (envelope-from bde@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u7FFYrvK011506; Mon, 15 Aug 2016 15:34:53 GMT (envelope-from bde@FreeBSD.org) Received: (from bde@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u7FFYrwj011505; Mon, 15 Aug 2016 15:34:53 GMT (envelope-from bde@FreeBSD.org) Message-Id: <201608151534.u7FFYrwj011505@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bde set sender to bde@FreeBSD.org using -f From: Bruce Evans Date: Mon, 15 Aug 2016 15:34:53 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r304164 - head/sys/dev/syscons X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Aug 2016 15:34:54 -0000 Author: bde Date: Mon Aug 15 15:34:53 2016 New Revision: 304164 URL: https://svnweb.freebsd.org/changeset/base/304164 Log: Disable some more unsafe things in (low level) console mode: - never call up to the tty layer to restart output for keyboard input in console mode. This was already disallowed in kdb mode. Other cases are rarely reached. - disable the reboot, halt and powerdown keys in console mode. The suspend, standby and panic keys are still allowed, and aren't even conditonal on excessive configuration options. Some of these actions are still available in ddb mode as ddb commands which are equally unsafe. Some are useful at input prompts and should be restored when the locking is fixed. - disallow bells in kdb mode (should be in console mode, but the flag for that is not available). Visual bell gives very alarming behaviour by trying to use callouts which don't work in kdb mode. Audio bell uses timeouts and hardware resources with mutexes that can deadlock in reasonable use of ddb. Screen switches in kdb mode are not very safe, but they are important functionality and there is a lot of code to make them sort of work. Modified: head/sys/dev/syscons/syscons.c Modified: head/sys/dev/syscons/syscons.c ============================================================================== --- head/sys/dev/syscons/syscons.c Mon Aug 15 15:23:45 2016 (r304163) +++ head/sys/dev/syscons/syscons.c Mon Aug 15 15:34:53 2016 (r304164) @@ -3505,8 +3505,9 @@ next_code: scp->status |= CURSOR_ENABLED; sc_draw_cursor_image(scp); } + /* Only safe in Giant-locked context. */ tp = SC_DEV(sc, scp->index); - if (!kdb_active && tty_opened_ns(tp)) + if (!(flags & SCGETC_CN) && tty_opened_ns(tp)) sctty_outwakeup(tp); #endif } @@ -3557,21 +3558,21 @@ next_code: case RBT: #ifndef SC_DISABLE_REBOOT - if (enable_reboot) + if (enable_reboot && !(flags & SCGETC_CN)) shutdown_nice(0); #endif break; case HALT: #ifndef SC_DISABLE_REBOOT - if (enable_reboot) + if (enable_reboot && !(flags & SCGETC_CN)) shutdown_nice(RB_HALT); #endif break; case PDWN: #ifndef SC_DISABLE_REBOOT - if (enable_reboot) + if (enable_reboot && !(flags & SCGETC_CN)) shutdown_nice(RB_HALT|RB_POWEROFF); #endif break; @@ -3842,7 +3843,7 @@ sc_respond(scr_stat *scp, const u_char * void sc_bell(scr_stat *scp, int pitch, int duration) { - if (cold || shutdown_in_progress || !enable_bell) + if (cold || kdb_active || shutdown_in_progress || !enable_bell) return; if (scp != scp->sc->cur_scp && (scp->sc->flags & SC_QUIET_BELL))