221594 – PT_TO_SCX kernel panic on arm64

Bug 221594 - PT_TO_SCX kernel panic on arm64

Summary: PT_TO_SCX kernel panic on arm64

Status:	Closed FIXED

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	arm64 Any

Importance:	--- Affects Only Me
Assignee:	Ed Maste

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-08-17 18:41 UTC by Shawn Webb
Modified:	2017-08-17 21:32 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Shawn Webb 2017-08-17 18:41:12 UTC

The below-linked code will cause a kernel panic on FreeBSD 12-CURRENT/arm64:

https://github.com/lattera/exploits/blob/master/FreeBSD/PTrace_arm64/001-scx.c

Comment 1 Shawn Webb 2017-08-17 18:44:06 UTC

Note that since security.bsd.unprivileged_proc_debug is enabled by default on FreeBSD, this panic can be triggered as an unprivileged user.

Comment 2 Conrad Meyer freebsd_committer

2017-08-17 21:01:26 UTC

Next time, please include the kernel panic text and backtrace when filing bug reports about panics.

This was resolved by r322627.

Comment 3 Shawn Webb 2017-08-17 21:10:40 UTC

(In reply to Conrad Meyer from comment #2)
I generally try to, but in this case, I didn't have access to such information.

Comment 4 Conrad Meyer freebsd_committer

2017-08-17 21:17:45 UTC

If you have space to dump cores (might not on arm64), that + the savecore rc.d service with the crashinfo option will write out a nice human readable panic message + backtrace to a file in /var/crash the next time the machine boots.  That might be an ok option.

Comment 5 Shawn Webb 2017-08-17 21:32:16 UTC

(In reply to Conrad Meyer from comment #4)
I'm very familiar with getting kernel crash dumps. I just didn't have access this particular time.