Re: [patch, 2.6.10-rc3] safe_hlt() & NMIs

From: Linus Torvalds
Date: Tue Dec 14 2004 - 18:17:23 EST

On Tue, 14 Dec 2004, Ingo Molnar wrote:
> indeed, there could be a connection, and it's certainly a fun race. The
> proper fix is Manfred's suggestion: check whether the EIP is a kernel
> text address, and if yes, whether it's a HLT instruction - and if yes
> then increase EIP by 1.

You do it the wrong way, though. This is not safe:

if (__kernel_text_address(regs->eip) && *(char *)regs->eip == 0xf4)

does _entirely_ the wrong thing if CS is not the kernel CS.

It can trigger with a regular use CS if you were to run the 4G:4G patches,
but more realistically, I think you can make ii trigger even with a
standard kernel by creating a local code segment in your LDT, and then
trying to confuse the kernel that way.

Now, as long as the _only_ thing it does is increment the eip, the worst
that can happen is that it screws over the user program that must have
worked at this a bit, but the basic point is that you shouldn't do this.
In _theory_ you could confuse a real program that wasn't doing anything

Checking for kernel CS also requires checking that it's not vm86 mode,
btw. So that's not just a "regs->xcs & 0xffff == __KERNEL_CS" either.

But something like

static inline int kernel_mode(struct pt_regs *regs)
return !((regs->eflags & VM_MASK) | (regs->xcs & 3));

should DTRT.

Can you pls double-check my thinking, and test?

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at