SystemV tty.c kernel bug???
Bob Esposito
espo at bpa.UUCP
Sat Feb 1 06:37:01 AEST 1986
If you're running SysV on a VAX with the sxt code, BEWARE!!!
In linesw.c, the linecnt variable:
int linecnt = sizeof(linecnt) / sizeof(struct linesw)
will be equal to 2. To verify this try (as root):
crash <CR>
> od linecnt <CR>
If the above returns 2, then don't set c_line in the termio
structure to a 1 and ioctl it. I will cause the system to
panic trap with a protection fault (trap type 9).
The code in tty.c looks to see if t_line is not equal to
the new line displine (cb.c_line), and if the new line displine
is not >= linecnt, then it tries to go to the ioctl function
for that line displine.
In linesw.c, the linesw structure for sxt's ioctl is nulldev, which
causes the panic trap.
I'll continue to find a fix for this problem, but I thought everyone
would like to know. If there's a fix around, please let me know
via mail, if possible.
Included is the code indicating the problem.
Bob Esposito ... bpa!espo
*************************************************************************
tty.c:
case TCSETA:
if (copyin(arg, &cb, sizeof cb)) {
u.u_error = EFAULT;
break;
}
if (tp->t_line != cb.c_line) {
if (cb.c_line < 0 || cb.c_line >= linecnt) {
u.u_error = EINVAL;
break;
}
(*linesw[tp->t_line].l_ioctl)(tp, LDCLOSE, 0, mode);
}
linesw.c:
/* order: open close read write ioctl rxint txint modemint */
struct linesw linesw[] = {
ttopen, ttclose, ttread, ttwrite,
ttioctl, ttin, ttout, nulldev
#ifdef SXT_0
,nulldev, nulldev, nulldev, sxtrwrite,
nulldev, sxtin, sxtout, nulldev
#endif
#ifdef XT_0
,nulldev, nulldev, nulldev, nulldev,
nulldev, xtin, xtout, nulldev
#endif
};
/* number on entries in linesw */
int linecnt = sizeof(linesw) / sizeof(struct linesw);
More information about the Comp.unix.wizards
mailing list