idts-0.00 - per-process IDT

Petr Vandrovec Ing. VTEI (VANDROVE@vc.cvut.cz)
Tue, 13 Jul 1999 20:38:54 MET-1

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Kai Henningsen: "Re: AMIGA will use Linux, but Linux has several "multimedia-deficienc"
Previous message: Jamie Lokier: "Re: [RFC] - Some notions that I would like comments on"

Hi,
last week there was discussion about not-supporting hooks in libc. And
one of ideas was to build IDT pointing to userspace... So I did that.
You can find patch + example program at
ftp://platan.vc.cvut.cz/pib/linux/idt/idts-0.00.tar.gz.
Patch is very beta, but because of I'm not interested in `hooking',
if somebody wants to continue, feel free to download it and do anything
you want with that. Maybe that I'll find some time to move it to production
state, maybe not...
There are known bugs, so beware!
(1) When I did fork() in my test program (while I straced it), task stopped
and then machine rebooted. But it took about 20 secs to reboot and
other tasks run in that period, so probably there is bug in demoprogram
and something missed in signal delivery (probably, it generates some
int 0x80 code on stack...) It can be surprised from what happens in
response...
(2) It is hard to emulate clone/vfork correctly... Ideas?
(3) On SMP, there is race in modify_idt: descriptor is 8 bytes long, so it
must be set with two writes. And IDT can be shared between cloned threads
(share_mm == share_idt). And any thread can invoke an INT while other
CPU modifies thread's IDT. Boom. It is possible to modify code so that
other thread receives SIGSEGV in this case...
(4) If you first clone() and then hook INT, change takes effect in other
threads at next reschedule (same now applies for LDT changes) (again
SMP only problem)
(5) By default, whole IDT is filled with pointers to irq procedures,
except reserved region 0x12-0x1F... You have to decrease NR_IRQS if you
want another region (<0x20 is reserved by Intel). On my APIC system,
external ints starts at 200 (or at least, if I had bug in IDT limit,
kernel gets killed by SIGSEGV at 0x064B (external, IDT, 200))
(6) demoprogram setidt.c copies INT 0x80 -> 0x1F, hooks 0x80 with wrapper
returning -EPERM on "asd" open and tries to open asd... And prints
couple of messages, which are passed through hook procedure.
(7) Is there anybody who knows, how to disable motherboard functionality,
which converts triple fault into reset? (I want to get CPU to halt state,
so that I can read screen, and, eventually, to get memory dump by second
CPU)
That's all for now... And, I forgot to notice, you must have kernel
2.3.11-pre3 or newer, which has per CPU and not per task TSS... You can
probably tweak patch to get it to run on older kernels, but...
Yes, and one other note... This patch adds only one read, one compare
and one jump into task switch path and nothing to syscall entry for
unaffected processes... Maybe that you'll find it useful.
Best regards,
Petr Vandrovec
vandrove@vc.cvut.cz

P.S.: Patch is i386 only, of course. And adds `syscalls' structure into
mm info - it is only modification outside i386 files.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kai Henningsen: "Re: AMIGA will use Linux, but Linux has several "multimedia-deficienc"
Previous message: Jamie Lokier: "Re: [RFC] - Some notions that I would like comments on"