Kevent Kernel Panic by Unprivileged User
Kevent Kernel Panic by Unprivileged User
- Subject: Kevent Kernel Panic by Unprivileged User
- From: "Curtis Jones" <email@hidden>
- Date: Fri, 5 Jan 2007 19:04:49 -0500
While it definitely wasn't my goal to find a way to panic my machine,
I've done so anyway. I'm wanting to use kqueue/kevent to track fork()
activity. I've taken my code and stripped it down to the minimum
necessary to cause a panic.
If I replace NOTE_TRACK with any other set of NOTE_* values, the
program will work fine. Using NOTE_TRACK by itself or with any other
NOTE_* values causes the panic. I've been crashing a Mac mini core
duo, fyi.
I've been running the program like this:
# ./kevent &
# ls
which causes bash to fork, which ultimately causes the panic. gdb
shows the following stacktrace:
#0 Debugger (message=0x3c9540 "panic") at
/SourceCache/xnu/xnu-792.13.8/osfmk/i386/AT386/model_dep.c:770
#1 0x00128d1f in panic (str=0x3cf1f4 "Unresolved kernel trap (CPU %d,
Type %d=%s), registers:\nCR0: 0x�x, CR2: 0x�x, CR3: 0x�x, CR4:
0x�x\nEAX: 0x�x, EBX: 0x�x, ECX: 0x�x, EDX: 0x�x\nCR2:
0x�x, EBP: 0x�x, ESI: 0x�x, EDI"...) at
/SourceCache/xnu/xnu-792.13.8/osfmk/kern/debug.c:202
#2 0x001a3135 in kernel_trap (state=0xb733e30) at
/SourceCache/xnu/xnu-792.13.8/osfmk/i386/trap.c:630
#3 0x0019a8d4 in trap_from_kernel ()
#4 0x003334f0 in kevent_register (kq=0x20c8c64, kev=0xb733ee8, p=0x0)
at /SourceCache/xnu/xnu-792.13.8/bsd/kern/kern_event.c:1187
#5 0x00333a76 in filt_proc (kn=0x20c9dc8, hint=1073742038) at
/SourceCache/xnu/xnu-792.13.8/bsd/kern/kern_event.c:520
#6 0x00332bd7 in knote (list=0x25ddb6c, hint=1073742038) at
/SourceCache/xnu/xnu-792.13.8/bsd/kern/kern_event.c:1762
#7 0x0033a652 in fork (p=0x25dd9c4, uap=0x2634158, retval=0x263419c)
at /SourceCache/xnu/xnu-792.13.8/bsd/kern/kern_fork.c:364
#8 0x00378337 in unix_syscall (state=0x26654cc) at
/SourceCache/xnu/xnu-792.13.8/bsd/dev/i386/systemcalls.c:196
#9 0x0019acae in lo_unix_scall ()
I just wanted to run this by anyone who might have helpful input
before I post a bug report.
--
Curtis Jones
email@hidden
#import <stdio.h>
#import <stdlib.h>
#import <sys/fcntl.h>
#import <sys/event.h>
#import <sys/types.h>
#import <sys/time.h>
#import <unistd.h>
int
main (int argc, char *argv[])
{
int kqfd = 0;
if (0 > (kqfd = kqueue())) {
printf("%s().. failed to kqueue\n", __PRETTY_FUNCTION__);
return EXIT_FAILURE;
}
printf("%s().. kqueue success, kqfd = %d\n", __PRETTY_FUNCTION__, kqfd);
{
int pid = getppid();
struct kevent kev;
EV_SET(&kev, pid, EVFILT_PROC, EV_ADD, NOTE_TRACK, 0, NULL);
if (0 != kevent(kqfd, &kev, 1, NULL, 0, NULL)) {
printf("%s().. failed to kevent for pid = %d\n", __PRETTY_FUNCTION__, pid);
return EXIT_FAILURE;
}
printf("%s().. kevent success for pid = %d\n", __PRETTY_FUNCTION__, pid);
}
while (1)
sleep(1);
close(kqfd);
return EXIT_SUCCESS;
}
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden