Re: [OOPS] repeatable 2.4.8-ac7, 2.4.7-ac6 just run xdos
Brian Gerst (bgerst@didntduck.org)
Wed, 22 Aug 2001 08:11:40 -0400
Andi Kleen wrote:
>
> On Wed, Aug 22, 2001 at 07:57:59AM -0400, Brian Gerst wrote:
> > Yes. What happened here is that %ds and %es were not being updated
> > atomically. Under normal operation, this would just leave %es with
> > USER_DS, which is sufficiently equivalent to KERNEL_DS to not cause a
> > fault. Coming out of vm86 mode however forces the data segment
> > registers to null after saving the real mode values on the stack. If an
> > interrupt happened between setting %ds and %es (what are the odds?) then
> > that assumption would fail and leave %es null, causing the next string
> > instruction to go boom. The same fix should be applied to entry.S as
> > well.
>
> No that's not the problem. interrupt gates come in with interrupts off,
> so there are no other interrupts that could race here. The syscall entry
> always updates %ds/%es unconditionally and %ds first, so there is no
> race.
>
> It was much simpler. It assumed that __KERNEL_DS could not be loaded
> from user space because of the segment register priviledge checking; and
> that was obviously not true from vm86 mode.
>
> -Andi
The kernel was initially entered throught the general protection fault
trap gate, with interupts on. The syscall entry was left on the stack
because of the way sys_vm86 works.
--
Brian Gerst
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/