Re: Why is double_fault serviced by a trap gate?

From: Mikulas Patocka (mikulas@artax.karlin.mff.cuni.cz)
Date: Fri Dec 08 2000 - 15:31:59 EST

Next message: Rasmus Andersen: "[PATCH] remove warnings from drivers/char/moxa.c"
Previous message: Norbert Breun: "kernel bug with 2.4.0-test12pre7 at startup"
In reply to: richardj_moore@uk.ibm.com: "Re: Why is double_fault serviced by a trap gate?"
Next in thread: richardj_moore@uk.ibm.com: "Re: Why is double_fault serviced by a trap gate?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> No no. That's that the whole point of a gate. You make a controlled
> transition to ring 0 including stack switching. There are complex
> protection checking rules, however as long as the DPL of the gate
> descriptor is 3 then ring 3 is allowed to make the transition to ring 0. A
> stack fault in user mode cannot kill the system. If it ever did it would be
> a blatant bug of the most crass kind.

Setting DPL == 3 of any interrupt/trap/fault gate is bad idea because it
allows the user to kill the machine with INT 8 or something like that. DPL
is checked only if interrupt is generated with INT, INT3 or INTO (IA
manual, vol 3, section 5.10.1.1).

Mikulas

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rasmus Andersen: "[PATCH] remove warnings from drivers/char/moxa.c"
Previous message: Norbert Breun: "kernel bug with 2.4.0-test12pre7 at startup"
In reply to: richardj_moore@uk.ibm.com: "Re: Why is double_fault serviced by a trap gate?"
Next in thread: richardj_moore@uk.ibm.com: "Re: Why is double_fault serviced by a trap gate?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Dec 15 2000 - 21:00:15 EST