Interrupt recursion smashes kernel memory

Simon 'corecode' Schubert corecode at fs.ei.tum.de
Sun Jan 13 15:53:06 PST 2008


Matthew Dillon wrote:
    They seem to indicate an interrupt recursion occuring near the
    beginning of doreti.  It looks like the actual doreti code
    is being interrupted rather then manually calling the delayed
    interrupt procedure.
The earliest (call-graph-wise) eip I could find is:

0xc028fe40 <splz>:      pushf
and
0xc028fe8b <splz_next+57>:      ret
However the first occurence doesn't seem like a real interrupt frame 
because %cs is 0xff800000:

00011e0  0x00000008 0x00203286 0x00000000 0x00000010
00011f0  0x00000018 0x00000010 0x00000010 0x0000001c
0001200  0xd6814d00 0xd6e26244 0xd6e2621c 0xff800000
0001210  0xd6814d00 0x00000003 0xff800000 0x00000000
                                   ^^^ %ebx
0001220  0x00000000 0x00000000 0xc028fe40 0xff800000
                              splz ^^^       ^^^ %cs?
0001230  0x00203246 0xc018b7cf 0x00000018 0xc0314fc0
     eflags ^^^        ^^^ lwkt_yield_quick+42
0001240  0xff800000 0xd6e26260 0xc018bc5a 0xc0314fc0
0001250  0x00000020 0xd6814d00 0xd6814d00 0xff800000
0001260  0xd6e2626c 0xc01656cd 0xc0314fc0 0xd6e26d88
0001270  0xc029774c 0x0000000b 0x00000000 0x00000010
0001280  0x00000018 0x00000010 0x00000010 0x0000001c
0001290  0xff800000 0xd6e26d88 0xd6e262ac 0xd6814d00
00012a0  0xd6814d00 0x00000000 0x00000000 0x00000000
00012b0  0x00000000 0x00000000 0xc029774f 0x00000008
00012c0  0x00203282 0x00000000 0x00000010 0x00000018
This is quite inexplicable to me.  It looks like the stack setup by splz 
itself (ret to pushf, push %ebx [which is curthread]), but then continues 
like a regular interrupt stack frame.

Still, I wonder how the system can wind up in this state.  It's a UP 
system, btw.

cheers
  simon
--
Serve - BSD     +++  RENT this banner advert  +++    ASCII Ribbon   /"\
Work - Mac      +++  space for low €€€ NOW!1  +++      Campaign     \ /
Party Enjoy Relax   |   http://dragonflybsd.org      Against  HTML   \
Dude 2c 2 the max   !   http://golden-apple.biz       Mail + News   / \





More information about the Kernel mailing list