Switching CR3 to new page directory triple faults

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
sed4906h
Posts: 17
Joined: Thu Nov 25, 2021 7:11 pm

Switching CR3 to new page directory triple faults

Post by sed4906h »

I've made a function to create a new page directory, but switching to it causes a triple fault. I copy entry 0 (and 1022) from the original, and set entry 1023 to recursive page at the copy. Somehow this doesn't work.

The code in question

Code: Select all

uint32_t mkpdir()
{
    uint32_t pd = phys_zalloc_start();
    if(!pd) return 0;
    ((uint32_t*)TEMP_ADDR)[0] = (*MAKE_PGD_ADDR(PGD_RECURSE,0) & 0xfffff000) | 3;
    ((uint32_t*)TEMP_ADDR)[PGD_TEMP] = (*MAKE_PGD_ADDR(PGD_RECURSE,PGD_TEMP) & 0xfffff000) | 3;
    ((uint32_t*)TEMP_ADDR)[PGD_RECURSE] = pd | 3;
    asm("" ::: "memory");
    phys_zalloc_end();
    return pd;
}
The other functions and macros

Code: Select all

#define PGD_TEMP 1022
#define PGD_RECURSE 1023
#define MAKE_PGD_ADDR(pgi, pti) ((uint32_t*)(PGD_RECURSE << 22 | pgi << 12 | pti << 2))
#define TEMP_ADDR ((void*)(PGD_TEMP << 22))
#define PAGE_SIZE 4096
uint32_t phys_zalloc_start() {
    uint32_t pg = phys_alloc();
    if (!pg) return 0;
    *MAKE_PGD_ADDR(PGD_TEMP, 0) = pg | 3;
    memset(TEMP_ADDR, 0, PAGE_SIZE);
    return pg;
}
void phys_zalloc_end() {
    *MAKE_PGD_ADDR(PGD_TEMP, 0) = 0;
    uint32_t ta=(uint32_t)TEMP_ADDR;
    asm("invlpg %0" :: "m"(ta) : "memory");
}
sed4906h
Posts: 17
Joined: Thu Nov 25, 2021 7:11 pm

Re: Switching CR3 to new page directory triple faults

Post by sed4906h »

I peeked at the memory at TEMP_ADDR, and it never got written to?
I know I needed to have that asm("" ::: "memory") because GCC was reordering the statements below phys_zalloc_end(), but it looks like those statements still have no effect. They should, here's GDB's disassembly.

Code: Select all

0x100640 <mkpdir>:           sub    $0x1c,%esp
0x100643 <mkpdir+3>:         call   0x100220 <phys_zalloc_start>
0x100648 <mkpdir+8>:         test   %eax,%eax
0x10064a <mkpdir+10>:        je     0x100698 <mkpdir+88>
0x10064c <mkpdir+12>:        mov    0xfffff000,%edx
0x100652 <mkpdir+18>:        and    $0xfffff000,%edx
0x100658 <mkpdir+24>:        or     $0x3,%edx
0x10065b <mkpdir+27>:        mov    %edx,0xff800000
0x100661 <mkpdir+33>:        mov    0xfffffff8,%edx
0x100667 <mkpdir+39>:        and    $0xfffff000,%edx
0x10066d <mkpdir+45>:        or     $0x3,%edx
0x100670 <mkpdir+48>:        mov    %edx,0xff800ff8
0x100676 <mkpdir+54>:        mov    %eax,%edx
0x100678 <mkpdir+56>:        or     $0x3,%edx
0x10067b <mkpdir+59>:        mov    %edx,0xff800ffc
0x100681 <mkpdir+65>:        movl   $0x0,0xffffe000
0x10068b <mkpdir+75>:        movl   $0xff800000,0xc(%esp)
0x100693 <mkpdir+83>:        invlpg 0xc(%esp)
0x100698 <mkpdir+88>:        add    $0x1c,%esp
0x10069b <mkpdir+91>:        ret
User avatar
neon
Member
Member
Posts: 1567
Joined: Sun Feb 18, 2007 7:28 pm
Contact:

Re: Switching CR3 to new page directory triple faults

Post by neon »

Hi,

Are we to assume then based on previous posts that this question is for switching to a new task address space and that the initial paging setup code is fine now and kernel space is in place? Or is this post still about setting up kernel space initially and paging is disabled?
OS Development Series | Wiki | os | ncc
char c[2]={"\x90\xC3"};int main(){void(*f)()=(void(__cdecl*)(void))(void*)&c;f();}
sed4906h
Posts: 17
Joined: Thu Nov 25, 2021 7:11 pm

Re: Switching CR3 to new page directory triple faults

Post by sed4906h »

Yes, this is about switching to a new task address space, and paging is enabled.
Octocontrabass
Member
Member
Posts: 5563
Joined: Mon Mar 25, 2013 7:01 pm

Re: Switching CR3 to new page directory triple faults

Post by Octocontrabass »

sed4906h wrote:

Code: Select all

0x100693 <mkpdir+83>:        invlpg 0xc(%esp)
That doesn't look right. Try this instead:

Code: Select all

asm("invlpg %0" :: "m"(*(char *)TEMP_ADDR) : "memory");
Post Reply