nexos wrote:
In theory, that is a big problem, but in practice, most modern OSes only use the kernel stack part of the TSS.
That's exactly my case. I do the context switch in software.
nexos wrote:
This means that we don't have to worry about privilege escalation
I'm not super worried about privilege escalation, but about a potential crash: the CPU doesn't know that we don't use hardware task switching, even if we have just one TSS. So, nothing will stop user apps to do a FAR jump or a FAR call using that TSS, if they want. And, if such call is performed, instead of getting immediately a #GPF the CPU might actually trying to switching to that TSS, using the (maybe) garbage data there. If the TSS is not properly zeroed and somehow TSS' EIP has an usable address (I admit, that's
extremely unlikely), weird things will happen
I've never even tried using i386 hardware switching, so I wanted to check with you guys if my theory makes sense.