Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Jun 1995 12:20:02 -0700
From:      nnd@gw.itfs.nsk.su
To:        freebsd-bugs
Subject:   kern/566: System locks after pty pair "broke"
Message-ID:  <199506261920.MAA29414@freefall.cdrom.com>
In-Reply-To: Your message of Tue, 27 Jun 1995 02:11:03 %2B0700 <199506261911.CAA24032@gw.itfs.nsk.su>

next in thread | previous in thread | raw e-mail | index | archive | help

>Number:         566
>Category:       kern
>Synopsis:       System locks after pty pair "broke"
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jun 26 12:20:01 1995
>Originator:     Nickolay N. Dudorov
>Organization:
Infoteka Ltd.
>Release:        FreeBSD 2.1.0-Development i386
>Environment:

	2.0.5-RELEASE or 2.0.5-950622-SNAP system

>Description:

	I discover that sometimes when I interrupt 'rlogin' to
my 2.0.5 system (before I receive 'Password:' prompt - some times
ther is very long pause between (say) 'rlogin localhost' and this prompt)
and after that ask 'ps tp0' the system 'locks' -
i.e. I can 'ping' the system, switch vt's and even cleanly
reboot it by CTRL+ALT+DEL, but can not start any new process.

	Included is a program (modelled after 'rlogind') which
can reproduce such a state (with 'ps tp0' or 'ls -l /dev/ttyp0')
on 2.0.5-RELEASE and 2.0.5-950622-SNAP system.

	I'm not so shure about 'severity' and 'priority' of
that problem, but it can be evaluated after someone fix
the source for such 'locks' :-(

>How-To-Repeat:

USE CARE - SYSTEM 'LOCKS' AND YOU MUST REBOOT IT !!!

	1) compile and load the next program with '-lutil';
	2) start it (as root) and wait until ps shows "fsonf" state for
	   one of its childs;
	3) now say - 'ps tpN', where N is a number of pty obtained by
	   program (from ps of step 2) -
	   AND you have a locked system !!
(DON'T try to INTERRUPT any of processes at this stage  AND
 you can reboot the system with CTRL+ALT+DEL ).

=========================================================================
/* All includes was taken from 'rlogind' sources - not all are used */

#include <sys/param.h>
#include <sys/stat.h>
#include <sys/ioctl.h>
#include <signal.h>
#include <termios.h>

#include <sys/socket.h>
#include <netinet/in.h>
#include <netinet/in_systm.h>
#include <netinet/ip.h>
#include <arpa/inet.h>
#include <netdb.h>

#include <pwd.h>
#include <syslog.h>
#include <errno.h>
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#define _PATH_DEV "/dev/ttypXX"
#define _PATH_TTY "/dev/tty"
char	line1[MAXPATHLEN];
char	line2[MAXPATHLEN];
struct winsize win = { 0, 0, 0, 0 };
main(ac,av)
int ac;
char *av[];
{
	int master1,master2,pid1,pid2,c,i;
	FILE *fp;

	if((pid1 = fork()) == 0 ) {
		strcpy(av[0],"fsons");
		sleep(10);
		strcpy(av[0],"fsonf");
		pid2 = forkpty(&master2, line2, NULL, &win);
		strcpy(av[0],"fsonn");
		sleep(10);
	} else {
		pid2 = forkpty(&master1, line1, NULL, &win);
		if(pid2 == 0) {

/* The next line is necessary - without it you can't lock the system */
/* (and it is used in real life in 'getpass' function) */

			if((fp = fopen(_PATH_TTY,"w+"))==NULL) {
				exit(4);
			}
			for(;;) {
			strcpy(av[0],"ssbw");
			i=write(1,&c,1);
			if (i < 0) {
				strcpy(av[0],"sswe");
				sleep(3);
			} else if(i==0) {
				strcpy(av[0],"ssw0");
				sleep(3);
			} else {
				strcpy(av[0],"ssaw");
				sleep(3);
			}
			}
		} else {
			exit(1);
		}
	}
}
=========================================================================
>Fix:
	
	If I only know ;-(
>Audit-Trail:
>Unformatted:





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199506261920.MAA29414>