As I was reading Linux source code, and more specifically the system calls code, I came across sys_reboot implementation: http://lxr.free-electrons.com/source/kernel/reboot.c#L199.
199 SYSCALL_DEFINE4(reboot, int, magic1, int, magic2, unsigned int, cmd,
200 void __user *, arg)
201 {
202 ...
...
286 }
In the middle, there is this specific piece of code:
209
210 /* For safety, we require "magic" arguments. */
211 if (magic1 != LINUX_REBOOT_MAGIC1 ||
212 (magic2 != LINUX_REBOOT_MAGIC2 &&
213 magic2 != LINUX_REBOOT_MAGIC2A &&
214 magic2 != LINUX_REBOOT_MAGIC2B &&
215 magic2 != LINUX_REBOOT_MAGIC2C))
216 return -EINVAL;
I wonder what kind of "safety" it actually provides. I mean, is it to prevent misuse? In this case, as the parameters are public, any library or application could misuse the system call even though they are required to pass the parameters. What did I miss?
Best Answer
This question has been answered in this Super User question:
Basically, a bit flip in an address can cause a program to think it is calling one system call when, in fact, it's calling the
reboot()system call. Becausereboot()is a very destructive, non-syncing operation that erases the state of the system -- thus erasing the evidence of the bit-flip problem that would otherwise be exposed as a program error or panic -- Linux includes extra protections around its successful use.Interestingly enough, the second set of magic numbers correspond to the birthdays of Linus and his three daughters: