Fork us on GitHub Follow us on Google+ Follow us on Facebook Follow us on Twitter

Opened 4 years ago

Closed 4 years ago

#605 closed defect (fixed)

PREEMPTIBLE_HANDLER_KERNEL needs to spill uspace windows to uspace wbuf

Reported by: Jakub Jermář Owned by: Jakub Jermář
Priority: major Milestone: 0.7.0
Component: helenos/kernel/sparc64 Version: mainline
Keywords: sun4v Cc: rimskyp@…
Blocker for: Depends on:
See also:

Description

PREEMPTIBLE_HANDLER_KERNEL checks the value of the CANSAVE register to see whether the imminent SAVE instruction would generate a window spill trap or not. If CANSAVE is zero, it uses the INLINE_SPILL macro to spill a register window without generating the spill trap. INLINE_SPILL assumes a kernel window, but it is also possible to have a uspace window at this point. In this case, INLINE_SPILL will wrongly interpret the window's uspace stack address as a kernel stack address, leading to a random memory corruption.

It is therefore necessary to also check the value in the OTHERWIN register to see whether the spilled window would be a uspace window. In such case, INLINE_SPILL_TO_WBUF needs to be used instead of INLINE_SPILL to spill the uspace window to the uspace window buffer.

Change History (2)

comment:1 Changed 4 years ago by Jakub Jermář

Status: newaccepted

There is an unmerged fix for this in the CHT pre-integration branch:

http://bazaar.launchpad.net/~jakub/helenos/cht-preintegration/revision/2290

comment:2 Changed 4 years ago by Jakub Jermář

Resolution: fixed
Status: acceptedclosed

Fix merged in mainline,2297.

Note: See TracTickets for help on using tickets.