Subject: kern/28612: [scheduler activation] any local user can lock the system
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <itohy@netbsd.org>
List: netbsd-bugs
Date: 12/11/2004 23:18:00
>Number: 28612
>Category: kern
>Synopsis: [scheduler activation] any local user can lock the system
>Confidential: yes
>Severity: critical
>Priority: high
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sat Dec 11 23:18:00 +0000 2004
>Originator: ITOH Yasufumi
>Release: NetBSD 2.0
>Organization:
>Environment:
System: NetBSD babylon5.netbsd.org 2.0 NetBSD 2.0 (NBFTP.PROF) #0: Sun Dec 5 05:25:44 UTC 2004 root@ADMIN:/usr/src/sys/arch/i386/compile/NBFTP.PROF i386
Architecture: i386
Machine: i386
>Description:
Scheduler activation may cause the system to hang.
Any local user can hang the system.
All processes stop, but some parts of kernel are alive
(it responds to ping).
>How-To-Repeat:
Run this program.
(This is not supposed to be a correct SA usage --- I was
playing with SA.)
#include <sa.h>
#include <ucontext.h>
#include <stdio.h>
#include <err.h>
#include <unistd.h>
/* ARGSUSED */
void
upcall_handler(type, sas, ev, intr, arg)
int type, ev, intr;
struct sa_t *sas[];
void *arg;
{
printf("type %d\n", type);
switch (type) {
case SA_UPCALL_NEWPROC:
break;
case SA_UPCALL_BLOCKED:
sa_yield();
break;
default:
break;
}
setcontext(sas[1]->sa_context);
}
int
main()
{
long stack1[16384], stack2[16384];
stack_t stackinfo[2] = {
stack1, sizeof stack1, 0,
stack2, sizeof stack2, 0
};
if (sa_register(upcall_handler, (sa_upcall_t *)0, 0, 0))
err(1, "sa_register");
printf("sa_stacks returns %d\n",
sa_stacks(sizeof stackinfo / sizeof(stack_t), stackinfo));
(void) sa_enable();
printf("sa enabled\n");
sleep(1);
printf("sleep return\n");
return 0;
}
>Fix:
unknown
Need some sanity check in kern_sa.c?