4 Oct
2006
4 Oct
'06
4:22 p.m.
On Wed, 4 Oct 2006, Johnny Billquist wrote:
Yes, that's it! Except it was SPL 0; not that it made any difference, but
it was just as devastating in user mode.
Damn; I'm still trying to visualise how it works... It took me ages, the
first time I saw it; I *think* it propagates the MOV throughout memory,
leaving a trail of SPLs behind it?
Cool :-)
It was two words: "YOU XXXX!" (an indelicate term for a part of the female
anatomy) followed by the phone being slammed down...
There was a
clever assembly program that did it; it relied upon the
instruction counter wrapping around (I can't remember in which
direction, or whether it first relocated itself). Anyone, it managed
to fill memory with SPLs, so the next instruction after overwriting
its last instruction was SPL, and for the foreseeable future after
that...
It would have to wrap forwards. Basically, if you just have a
MOV (PC)+,(R0)+
SPL #7 and make sure that the rest of the memory don't
do anything overly
foolish, [...]
Not a problem in user mode?
However, another way of achieving this, if you have
some kind of control
of the MMU is to just fill one page with SPLs, and then remap all of
your memory to be that page. The last page you remap is just the page
that holds all the code doing the setup.
But you'd need kernel mode for that; this is a DoS attack (one of the
first?) launched by a user.
If I find the
article I'll post it here; I don't think there are too
many 11/70s still in public operation.
Well, ours is occasionally. It's off at the moment, since we're not
allowed to consume that much money anymore, but Magica.Update.UU.SE is
just a key turn away from being online. I'll
remember that, should I ever see an emulator :-) I still
remember Ian Johnstone cursing me...
:-) Oh, that would be having the HALT switch down and
pressing the START
switch, by the way. That combination will trigger a Unibus reset, and
will bring the CPU out of almost all catatonic states that I've seen,
including serious bus problems.
Interesting. I knew the HALT switch didn't halt the box right away; bus
transfers still completed so we were taught to W/PROT the RK-05s *after*
hitting HALT, but I didn't know it worked in combination.
-- Dave