-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix load_tss
and GlobalDescriptorTable
#323
Conversation
`ltr` atomically writes to memory when it changes the referenced tss entry's type to Busy 64-bit TSS. This means that the inline assembly in `load_tss` should not have the `nomem` option and that the `table` field in `GlobalDescriptorTable` must use a type that is interiorly mutable.
I also think that we should reevaluate some of the safety comments on |
Good catch!
AFAIK, the segment registers are reloaded on every I don't think that it's a good idea to share the same TSS across cores (even in 64-bit mode) because it contains tables of stack pointers, to which the CPU automatically switches (e.g. on certain interrupts or on privilege switches). By sharing the same TSS across cores, we risk that they share the same stack pointer in some situations, which is a very bad idea. |
Oops, fair enough,
I agree that it's probably not the best idea, but if a kernel was mapping the same pages for the stack with different backing physical frames, it should be possible to share a TSS safely. |
Perhaps I've been approaching this the wrong way then: If we consider the GDT a per core structure, we can make |
Fair, but I don't think that this is a common approach. And the GDT isn't that large, so the overhead of duplicating should be negligible.
I like the approach, but we then need an easy and safe way to create a |
Personally I just use |
Yeah,
I think they rely on the fact that most (all?) cortex m CPUs only have a single core. So we shouldn't do it this way.
The constructor functions of |
Co-authored-by: Philipp Oppermann <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good now!
ltr
atomically writes to memory when it changes the referenced tss entry's type toBusy 64-bit TSS
. This means that the inline assembly inload_tss
should not have thenomem
option and that thetable
field inGlobalDescriptorTable
must use a type that is interiorly mutable.Unfortunately this is a breaking change because I changed the type of
GlobalDescriptorTable::table
to[AtomicU64; 8]
andGlobalDescriptorTable::as_raw_slice
exposes this field to the public api. Returning&[u64]
wouldn't be safe anyways because[u64]
isn't interioly mutable.Technically this means that the old code was probably UB, but my guess is it's unlikely that anyone was actually affected by this.
#322 initially brought up that
load_tss
changes the GDT. This pr does not fix #322, but #322 should be easy to fix in a follow up pr once this pr is merged.