Re: desc v0.61 found a 2.5 kernel bug

paubert (paubert@mrt-lx16.iram.es)
Thu, 8 May 2003 22:54:57 +0000


On Wed, Apr 30, 2003 at 04:08:05PM -0400, Chuck Ebbert wrote:
[Sorry for the delay I've been extremely busy on other things]
>
> Looks like the only clean way is to follow the TSS back link and manually
> validate the segment registers before returning:
>
> invalid FS,GS -> 0
> " DS,ES -> __USER_DS
> CS,SS -> panic?

It's still racy on SMP if a thread with the same MM is modifying the LDT
between the time you check whether the selectors are valid and the iret
instruction restoring the previous stack.

>
> Bad things can happen if a debug fault happens in certain places... for now
> the solution is to only support int3 breakpoints and avoid those places.

Can you elaborate a bit, in which places?

>
> Given the above, I hope to be able to put int3 instructions in either
> kernel or user code and get snapshots of CPU state in the kernel TSS.

And what about the little bit called TS in CR0 which is always set by
a task switch. That's one bit of state which will be always set when
the debug interrupt returns, and the current code for FPU will be
confused by this AFAICT. Things become even more interesting if you
want to allow debug traps between in the kernel routines using the
FPU, between kernel_fpu_begin() and kernel_fpu_end().

Gabriel

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/