Dispatching signal handlers on a process in kernel-mode

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
User avatar
JamesM
Member
Member
Posts: 2935
Joined: Tue Jul 10, 2007 5:27 am
Location: York, United Kingdom
Contact:
Contact JamesM

Dispatching signal handlers on a process in kernel-mode

Post by JamesM »

Sorry for the strange title, but it wouldn't let me write a bigger one and I couldn't condense my problem into 64 characters :(

I'm calling signal handlers (actually RPC calls, but that's by-the-by, they act in exactly the same way) as linux does - by waiting until the process is due to be scheduled, then doctoring the stack so that IRET returns to my code, my code is run then it returns to the user's code. It also doctors the user's stack, so my signal handler code can access parameters like the eflags state it should leave with and the eip to return to etc.

This works fine, except when the process which was interrupted was running in kernel-mode. In this case, the interrupt doesn't push a user ESP value, and my code gets confused and tries to doctor a stack at addess 0x0. Currently I just test if the CS is 0x08 and ignore in this case, but that is leading to serious starvation if one process is spinning in a kernel function, and another is waiting for it to respond to a signal.

What is the best way to handle this? I can't doctor the stack that IRET returns to, as it doesn't actually change stacks, just pops, and I can't overwrite any of IRET's parameters... The only thing I can think of is to have a temporary storage area and write there. But it seems awfully kludgy - has anyone got a solution?

Cheers,

JamesM
Top
User avatar
Combuster
Member
Member
Posts: 9301
Joined: Wed Oct 18, 2006 3:45 am
Libera.chat IRC: [com]buster
Location: On the balcony, where I can actually keep 1½m distance
Contact:
Contact Combuster

Post by Combuster »

Take a look from the other side - you know that the userland process must have entered kernel space somewhere. the return frame for that is at the bottom of the stack. If you don't use sysenter/syscall, there will always be a ESP3+SS3 pair there which you can tamper with.

To illustrate:
SB = Stack Base (= tss->esp0?)

Code: Select all

    stack 1 (scheduled from userland)
    
SB    -> 
ESP+? ->ESP3+SS3
SB-?  -/  
        CS+EIP+EFLAGS
        Registers
ESP   ->Scheduler temporaries

    stack 2 (scheduled from kernel)

SB    ->
SB-?  ->ESP+SS3
        CS+EIP(+EFLAGS?)
ESP+? ->kernel data
        CS+EIP+EFLAGS
        Registers
ESP   ->Scheduler temporaries
"Certainly avoid yourself. He is a newbie and might not realize it. You'll hate his code deeply a few years down the road." - Sortie
[ My OS ] [ VDisk/SFS ]
Top
User avatar
JamesM
Member
Member
Posts: 2935
Joined: Tue Jul 10, 2007 5:27 am
Location: York, United Kingdom
Contact:
Contact JamesM

Post by JamesM »

Combuster: I do use syscall/sysret. I think you're right though, I might have some fields down there somewhere I can tamper with...
Top
Post Reply

Return to “OS Development”