From mboxrd@z Thu Jan 1 00:00:00 1970 From: dave@horsfall.org (Dave Horsfall) Date: Wed, 4 Oct 2006 20:22:24 +1000 (EST) Subject: [pups] Issues of AUUGN In-Reply-To: <45236F2B.2050208@softjar.se> References: <45236F2B.2050208@softjar.se> Message-ID: On Wed, 4 Oct 2006, Johnny Billquist wrote: > > There was a clever assembly program that did it; it relied upon the > > instruction counter wrapping around (I can't remember in which > > direction, or whether it first relocated itself). Anyone, it managed > > to fill memory with SPLs, so the next instruction after overwriting > > its last instruction was SPL, and for the foreseeable future after > > that... > > It would have to wrap forwards. Basically, if you just have a > > MOV (PC)+,(R0)+ > SPL #7 Yes, that's it! Except it was SPL 0; not that it made any difference, but it was just as devastating in user mode. Damn; I'm still trying to visualise how it works... It took me ages, the first time I saw it; I *think* it propagates the MOV throughout memory, leaving a trail of SPLs behind it? > and make sure that the rest of the memory don't do anything overly > foolish, [...] Not a problem in user mode? > However, another way of achieving this, if you have some kind of control > of the MMU is to just fill one page with SPLs, and then remap all of > your memory to be that page. The last page you remap is just the page > that holds all the code doing the setup. But you'd need kernel mode for that; this is a DoS attack (one of the first?) launched by a user. > > If I find the article I'll post it here; I don't think there are too > > many 11/70s still in public operation. > > Well, ours is occasionally. It's off at the moment, since we're not > allowed to consume that much money anymore, but Magica.Update.UU.SE is > just a key turn away from being online. Cool :-) > > I'll remember that, should I ever see an emulator :-) I still > > remember Ian Johnstone cursing me... > > :-) It was two words: "YOU XXXX!" (an indelicate term for a part of the female anatomy) followed by the phone being slammed down... > Oh, that would be having the HALT switch down and pressing the START > switch, by the way. That combination will trigger a Unibus reset, and > will bring the CPU out of almost all catatonic states that I've seen, > including serious bus problems. Interesting. I knew the HALT switch didn't halt the box right away; bus transfers still completed so we were taught to W/PROT the RK-05s *after* hitting HALT, but I didn't know it worked in combination. -- Dave