netbsd-bugs: kern/8690: console open may cause crash if kernel incorrectly configured

Subject: kern/8690: console open may cause crash if kernel incorrectly configured
To: None <gnats-bugs@gnats.netbsd.org>
From: Havard Eidnes <he@nordu.net>
List: netbsd-bugs
Date: 10/26/1999 12:57:42
>Number:         8690
>Category:       kern
>Synopsis:       console open may cause crash if kernel incorrectly configured
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people (Kernel Bug People)
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Oct 26 12:57:00 1999
>Last-Modified:
>Originator:     Havard Eidnes
>Organization:
	NORDUnet AS
>Release:        netbsd-1-4 release branch, 20 Oct 1999
>Environment:
NetBSD server.nordu.net 1.4.1 NetBSD 1.4.1 (SERVER) #6: Mon Oct 25 19:31:11 MEST 1999     he@vever.runit.sintef.no:/usr/src/sys/arch/i386/compile/SERVER i386

>Description:
	If you configure wscons to not have support for the display
hardware actually installed in the machine, the first attempt at
opening the console (typically done by init) will cause a kernel page
fault trap instead of producing a sensible error message.

The crash will happen due to a call into nowhere-land in cnopen(), as
shown in this DDB session:

[ netbsd ELF sumbol table not valid ]
[ preserving 1442216 bytes of netbsd a.out symbol table ]
Stopped in at _Debugger+0x4: leave
db>break 0xf01e0b65
db>continue
<NetBSD banner and device probing.>
...
...
de0: enabling BNC port.
Breakpoint in init at _cnopen+0x45:	movl	_cdevsw(,%eax,8),%eax
db>show reg
es		0x10
ds		0x10
edi		0xf4a2d3c0	_end+0x47c32b0
esi		0x1f
ebp		0xf4a3fdac	_end+0x47d5c9c
ebx		0xffffffff	_ATPD+0xfff
edx		0x1
ecx		0
eax		0x4ffb
eip		0xf01e0b65	_cnopen+0x45
cs		0x8
eflags		0x206
esp		0xf4a3fd98	_end+0x47d5c88
ss		0xf0260010	_tcp_debug+0x4df0
_cnopen+0x45:	movl	_cdevsw(,%eax,8),%eax
db>step
Breakpoint in init at 
db>show reg
es		0x10
ds		0x10
edi		0xf4a2d3c0	_end+0x47c32b0
esi		0x1f
ebp		0xf4a3fdac	_end+0x47d5c9c
ebx		0xffffffff	_ATPD+0xfff
edx		0x1
ecx		0
eax		0x9b009a
eip		0xf01e0b65	_cnopen+0x45
cs		0x8
eflags		0x206
esp		0xf4a3fd98	_end+0x47d5c88
ss		0xf0260010	_tcp_debug+0x4df0
_cnopen+0x4c:	call	*%eax
db>step
Stopped in init at 0x9b009a:uvm_fault(0xf4a330b0,0xefc02000, 0, 1) -> 1
	kernel: page fault trap, code=0
Stopped in init at _db_disasm+0x1b: movl _PTmap(%eax),%eax
db>

The eax=0x4ffb in the first "show reg" output is the computed major
device number, and "of course" calling through 0x9b009a doesn't work
particularly well.


>How-To-Repeat:
	Have machine with ISA vga card.

	Think that you have a PCI vga card, and as a result, be a
little too overzealous in removing device drivers you "don't need", in
particular remove or comment out these two

vga0            at isa?
wsdisplay*      at vga? console ?

Boot kernel.  Watch fireworks.  Scratch head (that's what I did,
anyway ;-)

>Fix:
	The obvious fix is "don't do that, then".

	However, I think the code could or should be improved to give
an easier-to-understand error message if no wsdisplay* device is
found and wsconsole is configured.
>Audit-Trail:
>Unformatted: