Re: [ros-diffs] [ion] 20911: - Fix some nasty context switch bugs: - Ros-dev

16 Jan 2006

ion(a)svn.reactos.org wrote:
...
  - Fix some nasty context switch bugs:
   * We did not update the KPCR's stacklimit/initialstack with the new thread's
stacklimit/initialstack.
   * We always assumed V86 frame bias in KeInitializeThreadContext.
   * We did not properly update ESP0 during context switch, to make space for the NPX
frame and V86 bias.
   * We did not update fs:18h to point to the new TEB.
   * We did not clear out GS when switching processes, nor update the TSS's cr3.
   * If a new LDT was being updated, we over-wrote EBP (which was supposed to point to the
TSS) by the GDT pointer.
   * We used a push/pop esp0 hack which hid the fact we never updated esp0.
 Modified: trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S
 Modified: trunk/reactos/ntoskrnl/ke/i386/thread.c
   
 ------------------------------------------------------------------------
 *Modified: trunk/reactos/ntoskrnl/ke/i386/ctxswitch.S*
 @@ -114,10 +114,6 @@
   
   *--*/
  .globl @KiSwapContextInternal@0
  @KiSwapContextInternal@0:
   
 -#ifdef KDBG
 -    //jmp SaveTrapFrameForKDB
 -SaveTrapFrameForKDB_Return:
 -#endif
   
  
      /* Get the PCR. It's faster to use ebx+offset then fs:offset */
      mov ebx, [fs:KPCR_SELF]
 @@ -132,24 +128,36 @@
   
      cli
  
      /* Save the initial stack in EAX */
   
 -    mov eax, [edi+KTHREAD_INITIAL_STACK]
   
 +    mov eax, [esi+KTHREAD_INITIAL_STACK]
    Now eax points to the trap frame of the thread we will switch to.

...
   
   
 +    /* Save the stack limit in ecx */
 +    mov ecx, [esi+KTHREAD_STACK_LIMIT]
 +
 +    /* Make space for the NPX Frame */
 +    sub eax, NPX_FRAME_LENGTH
 +
 +    /* Set the KPCR stack values */
 +    mov [ebx+KPCR_INITIAL_STACK], eax
 +    mov [ebx+KPCR_STACK_LIMIT], ecx
 +
   
  #ifdef CONFIG_SMP
      /* Save FPU state if the thread has used it. */
   
 +    mov ecx, [edi+KTHREAD_INITIAL_STACK]
 +    sub ecx, NPX_FRAME_LENGTH
   
      mov dword ptr [ebx+KPCR_NPX_THREAD], 0
      test byte ptr [edi+KTHREAD_NPX_STATE], NPX_STATE_DIRTY
      jz 3f
      cmp dword ptr _KeI386FxsrPresent, 0
      je 1f
   
 -    fxsave [eax-SIZEOF_FX_SAVE_AREA]
   
 +    fxsave [ecx]
   
      jmp 2f
  1:
   
 -    fnsave [eax-SIZEOF_FX_SAVE_AREA]
   
 +    fnsave [ecx]
   
  2:
      mov byte ptr [edi+KTHREAD_NPX_STATE], NPX_STATE_VALID
  3:
  #endif /* CONFIG_SMP */
   
 -    
   
 +
   
      /* Save the stack pointer in this processors TSS */
      mov ebp, [ebx+KPCR_TSS]
  
 @@ -158,12 +166,17 @@
   
      jnz NoAdjust
    The compare operation uses eax which points to the thread we will switch
to. We must use the trap frame from the thread we will switch from.
...
       /* Bias esp */
   
 -    //sub dword ptr ss:[ebp+KTSS_ESP0], KTRAP_FRAME_V86_GS - KTRAP_FRAME_SS
   
 +    sub eax, KTRAP_FRAME_V86_GS - KTRAP_FRAME_SS
    Eax points to the wrong stack. See above.

...
   
  NoAdjust:
   
 -    /* Push ESP0 Value */
 -    push ss:[ebp+KTSS_ESP0]
   
  
 +    /* Set new ESP0 */
 +    mov [ebp+KTSS_ESP0], eax
    Now, we are using the wrong kernel stack on the next exception.


- Hartmut