[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [MiNT] Corruption of high TPA

To: Vincent Rivière <vincent.riviere@freesbee.fr>
Subject: Re: [MiNT] Corruption of high TPA
From: Alan Hourihane <alanh@fairlite.co.uk>
Date: Fri, 12 Jun 2009 10:24:23 +0100
Cc: mint@lists.fishpool.fi
In-reply-to: <4A321C86.6000608@freesbee.fr>
List-help: <mailto:ecartis@lists.fishpool.fi?Subject=help>
List-id: <mint.lists.fishpool.fi>
List-owner: <mailto:tjhukkan@fishpool.fi>
List-post: <mailto:mint@lists.fishpool.fi>
List-subscribe: <mailto:mint-request@lists.fishpool.fi?Subject=subscribe>
List-unsubscribe: <mailto:mint-request@lists.fishpool.fi?Subject=unsubscribe>
References: <4A2ED03D.1090600@freesbee.fr> <alpine.BSF.2.00.0906101033540.29737@antyk.ibi.uw.edu.pl> <4A2F7B9F.3010100@freesbee.fr> <4A30FE49.3050404@freesbee.fr> <1244725809.15756.100.camel@jetpack.demon.co.uk> <4A310791.2020709@freesbee.fr> <1244728568.15756.106.camel@jetpack.demon.co.uk> <4A311332.90806@freesbee.fr> <1244731278.15756.109.camel@jetpack.demon.co.uk> <1244748327.4731.8.camel@joy> <4A316B4E.7020303@freesbee.fr> <1244788520.12354.27.camel@petr> <4A320C47.5090909@freesbee.fr> <1244794878.12354.35.camel@petr> <4A321C86.6000608@freesbee.fr>
Sender: mint-bounce@lists.fishpool.fi

On Fri, 2009-06-12 at 11:14 +0200, Vincent Rivière wrote:
> Petr Stehlik a écrit :
> > I thought it was the same story - copying more bytes from the original
> > stack than necessary thus reading from memory the process does not own.
> > Luckily it was easy to fix EmuTOS.
> 
> Yes, we are confused ;-)
> 
> You are right, the problem is the same in the FreeMiNT trap #1 handler 
> as it was in the EmuTOS one. The OS reads too much data from the stack. 
> Thus it crashes when the address space after the stack is not readable.
> 
> But the reason why the "memory" after the stack is not readable is 
> different in the 2 scenarios.
> In EmuTOS, it crashes because there is nothing valid after the stack, it 
> is the end of the FastRAM.
> In FreeMiNT with memory protection, it crashes because the memory after 
> the stack is made unreadable by the MMU.
> 
> 2 different scenarios, but the same kind of bug in the trap handler.
> 
> > Sorry but this sounds like the 64 bytes adjustment is still not enough
> > and the program keeps crashing on FreeMiNT? But if it was crashing you
> > couldn't read the numbers.... I am confused :)
> 
> If I initialize the stack to the end of the TPA minus 64 bytes, it does 
> not crash anymore. By doing this, we ensure that if some buggy os reads 
> too much data from the stack, it will stay in the process TPA area, so 
> it will not crash.
> By looking quickly at the FreeMiNT sources, we can see that on trap #1 
> it always reads 36 bytes from the stack. EmuTOS was reading only 2 or 4 
> additional bytes, I don't remember.
> 
> So if in the MiNTLib startup code we keep 64 unused bytes at the top of 
> the stack inside the TPA area, it will probably be enough as a 
> workaround for any buggy OS.
> 
> Adding a workaround in the MiNTLib is good, but fixing FreeMiNT like 
> EmuTOS would be even better !

Sure. We're going to need to fix MiNTlib anwyay for buggy kernels. So
please go ahead with this Vincent.

I'll take a look at FreeMiNT on my next pass.

Alan.

Follow-Ups:
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

References:
- [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: "Konrad M. Kokoszkiewicz" <draco@obta.uw.edu.pl>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Alan Hourihane <alanh@fairlite.co.uk>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Alan Hourihane <alanh@fairlite.co.uk>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Alan Hourihane <alanh@fairlite.co.uk>
- Re: [MiNT] Corruption of high TPA
  - From: Petr Stehlik <pstehlik@sophics.cz>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Petr Stehlik <pstehlik@sophics.cz>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>
- Re: [MiNT] Corruption of high TPA
  - From: Petr Stehlik <pstehlik@sophics.cz>
- Re: [MiNT] Corruption of high TPA
  - From: Vincent Rivière <vincent.riviere@freesbee.fr>

Prev by Date: Re: [MiNT] Corruption of high TPA
Next by Date: Re: [MiNT] Corruption of high TPA
Previous by thread: Re: [MiNT] Corruption of high TPA
Next by thread: Re: [MiNT] Corruption of high TPA
Index(es):
- Date
- Thread