Re: no crash after setting ESP to 0 in module

Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Mon, 23 Jun 2003 14:58:35 +0200 (CEST)


> Hello,
>
> I already asked this once, but since I got no answer I figured I'll
> try it again, maybe this time someone has the time to quickly explain
> me that thing.
>
> If I build a kernel module which does something like, say:
>
> MOV ESP, 0
>
> in init_module() then I get an oops, insmod (or whatever process tried
> to insert the module) gets killed by the kernel and everything goes on
> like that never happened.
>
> My question is now: why? How? I really expect the processor to fail
> into a triple fault when doing such a nasty thing, since I am in Ring
> 0 and there isn't any stack to handle the stack fault exception.
>
> Where's the magic?

Processor will do double fault prior to triple fault. Double fault
exception 8 points to a task switch gate --- and task switch doesn't
require correct ESP. So it loads new ESP from task state segment of that
gate and calls doublefault_fn.

See file arch/i386/kernel/doublefault.c

Mikulas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/