port-i386: Re: sigreturn()

Subject: Re: sigreturn()
To: None <mycroft@gnu.ai.mit.edu>
From: John Brezak <brezak@apollo.hp.com>
List: port-i386
Date: 01/11/1994 16:31:50
> Some things to consider:
> 
> * It's important to note that a null selector need only have an index of
> 0; the privilege level can be anything.  But also note that only the GDT
> has a null entry.  Since we only allow selectors in the LDT, it does not
> matter whether or not the index is 0.

I found that Wine was passing an ES=0 so the line to test 
       (((sel) == 0) ||

was added. Now this might well be a Wine bug or a bahavior of Windows - I'll
have to go back and check.

> 
> * I am truly baffled why if ISPL(sel) == SEL_UPL you decided not to check
> that the selector is within the bounds of the LDT.  It's also not clear
> to me whether or not we even need to check the RPL; I think we are not
> relying on it for protection.  But it's safest to leave that in.
> 
> I believe a more appropriate check would be:
> 
> #define max_ldt_sel(pcb) \
>         ((pcb)->pcb_ldt ? (pcb)->pcb_ldt_len : (sizeof(ldt) / sizeof(ldt[0])))
Better.
> 
> #define valid_ldt_sel(sel) \
I'd like to keep the sel== 0 check for now until I determine if this is a Wine
or Windows problem.

>         (ISLDT(sel) && ISPL(sel) == SEL_UPL && \
>          IDXSEL(sel) < max_ldt_sel(&p->p_addr->u_pcb))
> 
>         if ((scp->sc_cs&0xffff != _ucodesel && !valid_ldt_sel(scp->sc_cs)) ||
>             (scp->sc_ss&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ss)) ||
>             (scp->sc_ds&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ds)) ||
>             (scp->sc_ds&0xffff != _udatasel && !valid_ldt_sel(scp->sc_ds)))
>                 trapsignal(p, SIGBUS, T_PROTFLT);
>                 return(EINVAL);
>         }
> 
I've got to check my patch at home. I used a copy I ftp'ed to work. Sigh.

The intent was to check these things:
- User cannot use a selector in the GDT
- User cannot set a selector whose RPL is != SEL_UPL
- User cannot set a selector whose index is beyond the end of the LDT

> Shouldn't there also be a way for (e.g.) WINE to remove a selector?
> Currently there is not.
Good question. I'm not sure if Wine cares, but as an API it would probably
be good to have it. I didn't find this API function in Mach or Linux though.

> Hm.  This gets more interesting(?).  At least for the code selector, we
> also need to check that the selector is present.  Probably for the stack
> segment, too, though I'm not certain offhand whether an iret from a more
> privileged code segment will even touch the lower privilege stack.
You can't add a LDT entry unless it the present bit is checked.


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 John Brezak                    UUCP:     uunet!apollo.hp!brezak
 Hewlett Packard/Apollo         Internet: brezak@ch.hp.com
 300 Apollo Drive               Phone:    (508) 436-4915
 Chelmsford, Massachusetts      Fax:      (508) 436-5103


------------------------------------------------------------------------------