2003-05-09 08:47:23

by Chuck Ebbert

[permalink] [raw]
Subject: Re: desc v0.61 found a 2.5 kernel bug

paubert wrote:

>> invalid FS,GS -> 0
>> " DS,ES -> __USER_DS
>> CS,SS -> panic?
>
> It's still racy on SMP if a thread with the same MM is modifying the LDT
> between the time you check whether the selectors are valid and the iret
> instruction restoring the previous stack.

Probably nothing can be done about that, either. Handling invalid segment
with another hardware task doesn't help since the trap occurs in the context
of the new task and there's no way to tell what happened by then.

>>
>> Bad things can happen if a debug fault happens in certain places... for now
>> the solution is to only support int3 breakpoints and avoid those places.
>
> Can you elaborate a bit, in which places?

I never even implemented the above checks; there is just a comment in the code
where they belong. It ran for five days that way, then generated a string
of segfaults while trying to shut down.

>>
>> Given the above, I hope to be able to put int3 instructions in either
>> kernel or user code and get snapshots of CPU state in the kernel TSS.
>
> And what about the little bit called TS in CR0 which is always set by
> a task switch.

Forgot all about that one. Maybe pushing cs:eip and flags onto the kernel's
stack and returning to an iret in the kernel task would work?