C bug causes double fault
Dick Dunn
rcd at ico.ISC.COM
Thu Mar 23 03:49:25 AEST 1989
In article <9900 at smoke.BRL.MIL>, gwyn at smoke.BRL.MIL (Doug Gwyn ) writes:
> In article <27245 at cci632.UUCP> tvf at ccird7.UUCP (Tom Frauenhofer) writes:
> >On Microport V/AT, what he wrote causes a kernel panic. That doesn't seem
> >to be reasonable behavior for an OS/library routine/whatever.
>
> Of course nobody would call it "reasonable", but it's not too surprising.
> Incorrect user-mode code on a nonprotected multitasking system (forced by
> limitations of the PC/AT architecture) can easily crash the entire system.
What, more specifically, are the "limitations of the PC/AT architecture"?
Microport runs the 286 in protected mode. Each process has its own memory,
protected via the LDT, and the GDT entries <should> be set so that user-
level code can't get outside its playpen. The memory protection in the 286
is a fairly serious nuisance to work with, but it is there.
Exceptions occurring in user mode go through a call gate into system mode
where you can straighten out the mess. You change stacks when you change
privilege levels; in the kernel you're in an environment as safe (and as
insulated from user-code screwups) as you care to make it.
Is there some problem with the 287 interaction with the 286 in protected
mode that can't be made safe? Specifically, what can a user-mode program
on the AT do, when running in protected mode, that the OS couldn't protect
against?
--
Dick Dunn UUCP: {ncar,nbires}!ico!rcd (303)449-2870
...Never offend with style when you can offend with substance.
More information about the Comp.unix.microport
mailing list