Date: Tue, 16 Mar 1999 07:36:45 +1100 From: Bruce Evans <bde@zeta.org.au> To: dillon@apollo.backplane.com, dima@tejblum.dnttm.rssi.ru Cc: current@FreeBSD.ORG Subject: Re: Simple DOS against 3.x locks box solid Message-ID: <199903152036.HAA08593@godzilla.zeta.org.au>
next in thread | raw e-mail | index | archive | help
>#14 0xc01ff64e in trap (frame={tf_es = 16, tf_ds = 16, tf_edi = 46137344,
> tf_esi = -1071149988, tf_ebp = -999002244, tf_isp = -999002304,
> tf_ebx = 18341888, tf_edx = -1000615936, tf_ecx = -1005747008,
> tf_eax = 0, tf_trapno = 12, tf_err = 0, tf_eip = -1071650796, tf_cs = 8,
> tf_eflags = 65606, tf_esp = -1072552121, tf_ss = -999654400})
> at ../../i386/i386/trap.c:438
>#15 0xc01fe814 in swtch_com ()
>#16 0xc01ff859 in trap (frame={tf_es = 47, tf_ds = 47, tf_edi = 20,
> tf_esi = 136019608, tf_ebp = -1077948228, tf_isp = -999002156,
> tf_ebx = 307, tf_edx = 136220264, tf_ecx = 136630944,
> tf_eax = 135716928, tf_trapno = 7, tf_err = 0, tf_eip = 134536416,
> tf_cs = 31, tf_eflags = 514, tf_esp = -1077948244, tf_ss = 47})
> at ../../i386/i386/trap.c:195
>#17 0xc01f5aa3 in swi_ast_user ()
>
>the trap in swtch_com() (frame #15) is here:
> /* switch address space */ <----- line 622
> movl %cr3,%ebx
> cmpl PCB_CR3(%edx),%ebx <----- trap
> je 4f
>
>I don't think this line is supposed to cause a trap...
I would expect a trap here if the pcb for the new process is swapped out.
The code obviously doesn't expect it:
1) curproc is still 0. This is correct, since the process is not fully
switched to. Apparently vm_fault isn't fully aware of this possibility.
2) CPU interrupts are disabled. Interrupts probably only need to be
disabled while the runqueues are being tested and set, and splhigh()
is sufficient.
Bruce
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903152036.HAA08593>