Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266008AbTFWMoe (ORCPT ); Mon, 23 Jun 2003 08:44:34 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266011AbTFWMoe (ORCPT ); Mon, 23 Jun 2003 08:44:34 -0400 Received: from artax.karlin.mff.cuni.cz ([195.113.31.125]:44244 "EHLO artax.karlin.mff.cuni.cz") by vger.kernel.org with ESMTP id S266008AbTFWMoc (ORCPT ); Mon, 23 Jun 2003 08:44:32 -0400 Date: Mon, 23 Jun 2003 14:58:35 +0200 (CEST) From: Mikulas Patocka To: Julien Oster Cc: linux-kernel@vger.kernel.org Subject: Re: no crash after setting ESP to 0 in module In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1194 Lines: 34 > Hello, > > I already asked this once, but since I got no answer I figured I'll > try it again, maybe this time someone has the time to quickly explain > me that thing. > > If I build a kernel module which does something like, say: > > MOV ESP, 0 > > in init_module() then I get an oops, insmod (or whatever process tried > to insert the module) gets killed by the kernel and everything goes on > like that never happened. > > My question is now: why? How? I really expect the processor to fail > into a triple fault when doing such a nasty thing, since I am in Ring > 0 and there isn't any stack to handle the stack fault exception. > > Where's the magic? Processor will do double fault prior to triple fault. Double fault exception 8 points to a task switch gate --- and task switch doesn't require correct ESP. So it loads new ESP from task state segment of that gate and calls doublefault_fn. See file arch/i386/kernel/doublefault.c Mikulas - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/