Re: CVS commit: src/sys/arch

[Joerg Sonnenberger <joerg%bec.de@localhost>]

On Thu, Aug 03, 2017 at 02:01:04PM +0200, Maxime Villard wrote:
> Le 03/08/2017 à 13:06, Joerg Sonnenberger a écrit :
> > On Sat, Jul 01, 2017 at 10:44:43AM +0000, Maxime Villard wrote:
> > > Module Name:	src
> > > Committed By:	maxv
> > > Date:		Sat Jul  1 10:44:43 UTC 2017
> > > 
> > > Modified Files:
> > > 	src/sys/arch/amd64/amd64: locore.S
> > > 	src/sys/arch/i386/i386: locore.S machdep.c trap.c
> > > 
> > > Log Message:
> > > Remove the osyscall call gate on i386, and emulate it. There is a one-
> > > instruction race in it that could panic the kernel.
> > 
> > Looking back at this -- can't we provide a user-readable/executable page
> > and replace the call gate with a normal segment pointing to that page?
> 
> I thought about it, but I could see at least one issue: that page would be
> allocated dynamically in kern_exec, but the LDT entry is static. We would
> have to either put the page at a static location - which violates several
> principles, such as the fact that this area could contain a segment from the
> binary -, or create per-process LDTs and switch them each time we're doing a
> context switch - which has several performance drawbacks, along with creating
> new constraints in the LDT that may violate other ones -.
> 
> It didn't seem like a good idea, so I ended up simply removing the gate.
> Chuck came up with another solution, and I just copied it in i386.

I was more thinking in terms of a single page in kernel VA, not in user
VA. That would side step most of the issues with dynamic LDT or having
to patch up the default LDT on context switches. That said, the latter
wouldn't be that difficult either, given that we already do that for the
GDT.

Joerg