The answers to 1. and 'something' are the same: stale segment values.
You can't load any value into %ss, %ds, %es, %fs or %gs. They must be
valid references into the GDT or LDT, with the appropriote protection
level, or 0.
Usually the values stored in tss are ok, as they were valid values when
they were stored. However for programs that use modify_ldt, it's
possible for a valid LDT entry to be made invalid while some tss still
refers to that segment.
At the next attempt to load the segment value into a segment register,
you get a fault. The code in loadsegment traps this fault and loads
zero into the segment register instead when this happens. Zero is
always allowed. If the user program then tries to access data
referenced by that segment register, user space will get a
general_protection fault. As it's only user space that calls modify_ldt
to invalidate an LDT entry, that's reasonable.
There's one thing that confuses me: don't you get a segment_not_present
fault? If so, traps.c's do_segment_not_present doesn't appear to search
the exception table, and the code in loadsegment would not work.
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/