OSDev.org

The Place to Start for Operating System Developers
It is currently Tue Sep 28, 2021 3:53 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 10:49 am 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
I am attempting to write a secure and robust general-purpose event system.

As of now, the keyboard driver makes use of the system.

This is the control flow from keypress to event handler:
Code:
IRQ1 handler
|
/
Keyboard handler
\
|
/
EVSYS event system
\
|
/
Ring-3 call wrapper
\
|
Ring-3 event handler


This ring-3 call wrapper took quite a bit of clever coding and debugging to achieve. However, when I attempt to return from the event handler, in reverse order, back to the position at which the IRQ1 handler interrupted at, I simply seem to jump back to the line after the ring-3 call wrapper returns.

This is frustrating.

Source: https://github.com/rizet/micron/tree/waspaloy-alpha

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 11:10 am 
Offline
Member
Member

Joined: Sat Nov 21, 2009 5:11 pm
Posts: 759
I don't see tss_rsp0 being updated anywhere, so you are overwriting the interrupt handler's stack.


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 11:34 am 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Gigasoft wrote:
I don't see tss_rsp0 being updated anywhere, so you are overwriting the interrupt handler's stack.

tss_rsp0 is updated in setup_syscalls:user/syscalls.asm.
Besides, I don't ever use the stack before I switch back to the same stack that was being used before the ring-3 switch. [source: ring0_return:drivers/evsys/callring3.asm]

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 1:32 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 3358
Your interrupt handlers clobber R8-R11 and R14.

Why do you have a variable named tss_rsp0 that isn't the RSP0 field in the TSS?

Where do you update the RSP0 field in the TSS?


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 2:35 pm 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Octocontrabass wrote:
Your interrupt handlers clobber R8-R11 and R14.

Why do you have a variable named tss_rsp0 that isn't the RSP0 field in the TSS?

Where do you update the RSP0 field in the TSS?

I made tss_rsp0 for quick/easy access to the TSS rsp0 field when I need to access it in assembly.

I update the RSP0 field in the TSS here: https://github.com/rizet/micron/blob/waspaloy-alpha/kernel/src/cpu/tss.cpp#L31.

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 3:17 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 3358
rizxt wrote:
I made tss_rsp0 for quick/easy access to the TSS rsp0 field when I need to access it in assembly.

So it's the address of RSP0. That means you're putting the stack inside your TSS.


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 3:23 pm 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Octocontrabass wrote:
rizxt wrote:
I made tss_rsp0 for quick/easy access to the TSS rsp0 field when I need to access it in assembly.

So it's the address of RSP0.[/url]

No, it's the value of RSP0.

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 3:24 pm 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Look, I'm pretty sure tss_rsp0 is accurate. My syscalls work perfectly fine.

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 4:08 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 3358
Let me just check if I'm understanding this correctly.

You set RSP0 in the TSS when you initialize your kernel.

Then you get an IRQ in ring 3, which pushes its return address onto the RSP0 stack.

Then you call your user mode function and use INT 0x80 to return, which pushes its return address onto the same RSP0 stack, overwriting the IRQ handler's return address.

Is that right?


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 5:58 pm 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Octocontrabass wrote:
Let me just check if I'm understanding this correctly.

You set RSP0 in the TSS when you initialize your kernel.

Then you get an IRQ in ring 3, which pushes its return address onto the RSP0 stack.

Then you call your user mode function and use INT 0x80 to return, which pushes its return address onto the same RSP0 stack, overwriting the IRQ handler's return address.

Is that right?


1) Yes. I do set RSP0 in the TSS.
2) I do get an IRQ in ring 3, but it pushes its return address onto the IST1 stack.
3) INT 0x80 uses the IST2 stack, not the IST1 stack.

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Tue May 11, 2021 9:12 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 3358
rizxt wrote:
2) I do get an IRQ in ring 3, but it pushes its return address onto the IST1 stack.

So what happens if you get another IRQ while your ring 3 call is running in response to the first IRQ?


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Wed May 12, 2021 6:33 am 
Offline
Member
Member
User avatar

Joined: Sun Oct 11, 2020 9:46 pm
Posts: 354
Location: North Florida, USA
Octocontrabass wrote:
rizxt wrote:
2) I do get an IRQ in ring 3, but it pushes its return address onto the IST1 stack.

So what happens if you get another IRQ while your ring 3 call is running in response to the first IRQ?

Pretty disastrous.

_________________
Skylight: https://github.com/rizet/skylight

I make stupid mistakes and my vision is terrible. Not a good combination.

NOTE: Never respond to my posts with "it's too hard".


Top
 Profile  
 
 Post subject: Re: Infinite IRQ handler loop [possible stack issue]
PostPosted: Wed May 12, 2021 2:27 pm 
Offline
Member
Member

Joined: Mon Mar 25, 2013 7:01 pm
Posts: 3358
So, maybe you shouldn't allow IRQs in your ring 3 call.

But if you don't allow IRQs, the ring 3 call could deadlock the kernel.

Other OSes don't directly call ring 3 code. Instead, they have threads that sleep until a specific event occurs, and one possible event is an IRQ. Since they're ordinary threads, they can be interrupted like normal.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: 8infy, Google [Bot] and 9 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group