DragonFly kernel List (threaded) for 2008-01
DragonFly BSD
DragonFly kernel List (threaded) for 2008-01
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Interrupt recursion smashes kernel memory


From: "Simon 'corecode' Schubert" <corecode@xxxxxxxxxxxx>
Date: Mon, 14 Jan 2008 00:49:46 +0100

Matthew Dillon wrote:
    They seem to indicate an interrupt recursion occuring near the
    beginning of doreti.  It looks like the actual doreti code
    is being interrupted rather then manually calling the delayed
    interrupt procedure.

The earliest (call-graph-wise) eip I could find is:


0xc028fe40 <splz>:      pushf
and
0xc028fe8b <splz_next+57>:      ret

However the first occurence doesn't seem like a real interrupt frame because %cs is 0xff800000:

00011e0  0x00000008 0x00203286 0x00000000 0x00000010
00011f0  0x00000018 0x00000010 0x00000010 0x0000001c
0001200  0xd6814d00 0xd6e26244 0xd6e2621c 0xff800000
0001210  0xd6814d00 0x00000003 0xff800000 0x00000000
                                   ^^^ %ebx

0001220  0x00000000 0x00000000 0xc028fe40 0xff800000
                              splz ^^^       ^^^ %cs?

0001230  0x00203246 0xc018b7cf 0x00000018 0xc0314fc0
     eflags ^^^        ^^^ lwkt_yield_quick+42

0001240  0xff800000 0xd6e26260 0xc018bc5a 0xc0314fc0
0001250  0x00000020 0xd6814d00 0xd6814d00 0xff800000
0001260  0xd6e2626c 0xc01656cd 0xc0314fc0 0xd6e26d88
0001270  0xc029774c 0x0000000b 0x00000000 0x00000010
0001280  0x00000018 0x00000010 0x00000010 0x0000001c
0001290  0xff800000 0xd6e26d88 0xd6e262ac 0xd6814d00
00012a0  0xd6814d00 0x00000000 0x00000000 0x00000000
00012b0  0x00000000 0x00000000 0xc029774f 0x00000008
00012c0  0x00203282 0x00000000 0x00000010 0x00000018

This is quite inexplicable to me. It looks like the stack setup by splz itself (ret to pushf, push %ebx [which is curthread]), but then continues like a regular interrupt stack frame.

Still, I wonder how the system can wind up in this state. It's a UP system, btw.

cheers
  simon

--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \




[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]