Easiest (and safest) way to generate tripple-fault

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
rdos
Member
Member
Posts: 3307
Joined: Wed Oct 01, 2008 1:55 pm

Easiest (and safest) way to generate tripple-fault

Post by rdos »

Previously, I used this code which always seems to generate a tripple-fault:

Code: Select all

xor eax,eax
mov cr3,eax
With PAE-paging enabled, this no longer works (mov cr3,eax generates a protection fault).

This code should work even with PAE-enabled: (some pseudo-code)

Code: Select all

    SetupInvalidProtectionFaultHandler
    SetupInvalidDoubleFaultHandler
    mov ax,-1
    mov ds,ax
But maybe there is an easier way to do it?
User avatar
NickJohnson
Member
Member
Posts: 1249
Joined: Tue Mar 24, 2009 8:11 pm
Location: Sunnyvale, California

Re: Easiest (and safest) way to generate tripple-fault

Post by NickJohnson »

Why would you want to generate a triple fault? There are better ways to reset the computer.
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: Easiest (and safest) way to generate tripple-fault

Post by bluemoon »

Yes, it's like asking any safest way to detonate explosive, so that I can clean my house.

Triple fault is meant for unsolvable issue.
Think about someone run your OS within an VM and want to reboot the machine, then the VM tell the user the computer has some serious problem that cannot be resolved.

I think you know the proper way to reboot/shutdown, and you just want to seek for quick & dirty ways.
rdos
Member
Member
Posts: 3307
Joined: Wed Oct 01, 2008 1:55 pm

Re: Easiest (and safest) way to generate tripple-fault

Post by rdos »

There are just too many ways to do a reset. On old computers, it was done with keyboard port, but that is no longer safe as some PCs don't even have the keyboard controller. On newer PCs, ACPI can give you a clue, but I don't want to be dependent on a working ACPI. The main reason I want no dependency on ACPI is that the crash debugger (which tries to create a stable environment after a fatal error) also need to do a reboot, and cannot count on ACPI working, and thus need a simple way that always works.

About the only effective way that seems to work on both very old and brand new PCs is to generate a tripple fault. I've actually not seen any PC that lack the RESET logic for tripple fault.

Besides, I first try the keyboard-way, and then resort to tripple fault if the former is not effective.

And VMs should know that a tripple fault means you should reset me, since that logic exist on every PC.


Updated logic for tripple fault:

Code: Select all

    mov eax,idt_sel
    mov ds,eax
    mov ebx,13 * 8
    xor eax,eax
    mov [ebx],eax
    mov [ebx+4],eax
    mov ebx,8 * 8
    mov [ebx],eax
    mov [ebx+4],eax
    mov eax,-1
    mov ds,eax
This logic zeros IDT descriptors for protection fault and double fault, and then generates a protection fault.
User avatar
bluemoon
Member
Member
Posts: 1761
Joined: Wed Dec 01, 2010 3:41 am
Location: Hong Kong

Re: Easiest (and safest) way to generate tripple-fault

Post by bluemoon »

rdos wrote:This logic zeros IDT descriptors for protection fault and double fault, and then generates a protection fault.
I think a simpler way is to mess up the kernel stack, so that #SS > #DF (if you use gate, mess up that stack too) > #TF, and don't need to alter the IDT.
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:

Re: Easiest (and safest) way to generate tripple-fault

Post by Brendan »

Hi,

Set the IDT limit to zero, and then trigger any interrupt. This guarantees that the interrupt will generate a GPF (fetching an IDT entry beyond the IDT limit), which will guarantee a double fault then triple fault for the same reason.

Note that this will work even if you use a "task gate" for the double fault handler, or have exception handlers that attempt to recover from severely borked situations.


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
rdos
Member
Member
Posts: 3307
Joined: Wed Oct 01, 2008 1:55 pm

Re: Easiest (and safest) way to generate tripple-fault

Post by rdos »

I like the set IDT limit to 0 method, but some future processor might think this is invalid and might instead of doing the instruction generate a protection fault, much like when loading an invalid CR3 in PAE-mode. After all, Intel manuals states that certain exception handlers should be present.
User avatar
NickJohnson
Member
Member
Posts: 1249
Joined: Tue Mar 24, 2009 8:11 pm
Location: Sunnyvale, California

Re: Easiest (and safest) way to generate tripple-fault

Post by NickJohnson »

It seems like clearing the contents of the IDT would have a similar effect, and couldn't cause an accidental GPF/double fault as long as interrupts are disabled while you're doing it.
linguofreak
Member
Member
Posts: 510
Joined: Wed Mar 09, 2011 3:55 am

Re: Easiest (and safest) way to generate tripple-fault

Post by linguofreak »

What about returning to real mode and jumping to FFFF:0?
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:

Re: Easiest (and safest) way to generate tripple-fault

Post by Brendan »

Hi,
linguofreak wrote:What about returning to real mode and jumping to FFFF:0?
That resets almost nothing; which means that you can expect problems afterwards caused by the firmware making assumptions about the contents/state of various things (including the contents of MSRs, MTRRs, IOMMUs, ACPI's controller, PCI configuration space, PICs/APICs, timers, and more or less everything else you could think of).


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Post Reply