flat assembler
Message board for the users of flat assembler.

Index > OS Construction > [x86] double faults in double process

Author
Thread Post new topic Reply to topic
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
Let's have a program running when a Page fault causes because of reading "too-old" memory. While reading from the hard disk, interruption keeping still on, an interrupt causes. Now the interrupt got another Page fault. So will a Double fault rise?
Post 08 Sep 2015, 13:44
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17624
Location: In your JS exploiting you and your system
revolution
If I understand your question then the answer is no. Double fault is when the first fault can't be taken because the fault handler is not present or can't be accessed. If you are already in an interrupt and the first fault handler is running then the next fault is also a first fault as far as the CPU is concerned. The status of being in a interrupt routine is purely a software context, the hardware of the CPU doesn't distinguish this from normal code.
Post 08 Sep 2015, 13:57
View user's profile Send private message Visit poster's website Reply with quote
l4m2



Joined: 15 Jan 2015
Posts: 648
l4m2
I tried to test it but it always goes to 0000:0001(I wonder which interrupt takes it here)
Code:
Code:
org 0x7c00
cli
mov di, 0
mov es, di
mov ds, di
mov eax,justiret
mov cx, 32
rep movsd

mov al, 0x11
out 0x20, al
mov al, 0x10
out 0x21, al
mov al, 0x04
out 0x21, al
mov al, 0x01
out 0x21, al

sti
mov [4*8], dword int8
mov [4*0], dword int0
mov [4*17], dword intkey
div dx

justiret: iret
int8:   mov ax, 0xb800
        mov ds, ax
        mov [0], byte '1'
        jmp $
int0:   sti
        mov ax, 0xb800
        mov ds, ax
        mov [2], byte '2'
        jmp $
intkey: div dx
db 0x7dfe-$ dup 0
dw 0xaa55    
debuging information:
Code:
Next at t=2092628
(0) [0x00007c5a] 0000:7c5a (unk. ctxt): jmp .+0xfffe (0x00007c5a) ; ebfe
<bochs:423> s
Next at t=2092629
(0) [0x00007c5a] 0000:7c5a (unk. ctxt): jmp .+0xfffe (0x00007c5a) ; ebfe
<bochs:424> s
Next at t=2092630
(0) [0x00007c5a] 0000:7c5a (unk. ctxt): jmp .+0xfffe (0x00007c5a) ; ebfe
<bochs:425> s
Next at t=2092631
(0) [0x00007c5a] 0000:7c5a (unk. ctxt): jmp .+0xfffe (0x00007c5a) ; ebfe
<bochs:426> s
Next at t=2092632
(0) [0x00000001] 0000:0001 (unk. ctxt): jl .+0x0000 (0x00000003)  ; 7c00
<bochs:427> s
Next at t=2092633
(0) [0x00000003] 0000:0003 (unk. ctxt): add byte ptr ds:[bx+si], al ; 0000
<bochs:428> s
Next at t=2092634
(0) [0x00000005] 0000:0005 (unk. ctxt): add byte ptr ds:[bx+si], al ; 0000
<bochs:429> s
Next at t=2092635
(0) [0x00000007] 0000:0007 (unk. ctxt): add byte ptr ds:[bx+si], al ; 0000
<bochs:430> s
Next at t=2092636    
Post 09 Sep 2015, 00:09
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17624
Location: In your JS exploiting you and your system
revolution
If you want to initiate a double fault then you have to make the fault handler code inaccessable in some way. Either enable paging and mark the pages as not present, or set the pages to not executable/readable/writeable, or set the limit of the IDT to some small value so that there is no entry for the handler. But be careful about causing a triple fault which will reset the CPU. I'm not sure how you could do this in real mode although it may be possible. However it is much easier to control in protected mode so perhaps you could start there and once you have it working port it back to real mode.

BTW: The triple fault was used as a hack on the 80286 to exit protected mode by resetting the CPU and having the BIOS jump back into the OS code to continue executing from where it left off.
Post 09 Sep 2015, 02:41
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.