On Wed, Aug 22, 2001 at 07:57:59AM -0400, Brian Gerst wrote:
> Yes. What happened here is that %ds and %es were not being updated
> atomically. Under normal operation, this would just leave %es with
> USER_DS, which is sufficiently equivalent to KERNEL_DS to not cause a
> fault. Coming out of vm86 mode however forces the data segment
> registers to null after saving the real mode values on the stack. If an
> interrupt happened between setting %ds and %es (what are the odds?) then
> that assumption would fail and leave %es null, causing the next string
> instruction to go boom. The same fix should be applied to entry.S as
> well.
No that's not the problem. interrupt gates come in with interrupts off,
so there are no other interrupts that could race here. The syscall entry
always updates %ds/%es unconditionally and %ds first, so there is no
race.
It was much simpler. It assumed that __KERNEL_DS could not be loaded
from user space because of the segment register priviledge checking; and
that was obviously not true from vm86 mode.
-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:48 EST