search

robert-w-gries / rxinu

Rust implementation of Xinu educational operating system
Apache License 2.0
33 stars 4 forks source link

Base pointer is zero in the process_ret function and causing PROTECTION_VIOLATION #61

Closed robert-w-gries closed 6 years ago

robert-w-gries commented 6 years ago

Error

In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!
In test process!

Error code: PROTECTION_VIOLATION
ExceptionStack {
    instruction_pointer: 0x2160e1,
    code_segment: 0x8,
    cpu_flags: 0x206,
    stack_pointer: 0x400042d8,
    stack_segment: 0x10
}
InterruptDescription {
    vector: 14,
    mnemonic: "#PF",
    description: "Page Fault",
    irqtype: "Fault",
    source: "Any memory reference."
}

Page fault while accessing 0xffffffffffffffe8

Root Cause

When a process is finished and jumps to the process_ret function, the rbp value is 0x0.

The process_ret function has the following generated assembly:

00000000002160e0 <_ZN5rxinu10scheduling7process11process_ret17hc68f08b81b5fa6b7E>:
  2160e0:   58                      pop    %rax
  2160e1:   48 89 45 e8             mov    %rax,-0x18(%rbp)
  2160e5:   48 8b 7d e8             mov    -0x18(%rbp),%rdi
  2160e9:   e8 f2 f2 ff ff          callq  2153e0 <_ZN35_$LT$alloc..boxed..Box$LT$T$GT$$GT$8from_raw17hfba216aa9a4cbfcdE>
  2160ee:   48 89 45 f0             mov    %rax,-0x10(%rbp)
  2160f2:   48 8b 45 f0             mov    -0x10(%rbp),%rax
  2160f6:   48 8b 38                mov    (%rax),%rdi
  2160f9:   48 8b 40 08             mov    0x8(%rax),%rax
  2160fd:   ff 50 20                callq  *0x20(%rax)
  216100:   48 89 45 f8             mov    %rax,-0x8(%rbp)
  216104:   48 8b 45 f0             mov    -0x10(%rbp),%rax
  216108:   48 8b 38                mov    (%rax),%rdi
  21610b:   48 8b 40 08             mov    0x8(%rax),%rax
  21610f:   48 8b 75 f8             mov    -0x8(%rbp),%rsi
  216113:   ff 50 28                callq  *0x28(%rax)
  216116:   48 8d 7d f0             lea    -0x10(%rbp),%rdi
  21611a:   e8 d1 60 ff ff          callq  20c1f0 <_ZN4core3ptr13drop_in_place17h3f6ea748fd98a16cE>
  21611f:   c3                      retq

The page fault happens at instruction 0x2160e0 because we attempt to access memory located at -0x18(%rbp), which translates to value stored at (0x0 - 0x18).

Using gdb, we can see that this value is:

(gdb) p/x 0x0 - 0x18
$2 = 0xffffffffffffffe8

Note: This is a Day 1 scheduling error that is being revealed now that our bootloader properly protects this memory location.

robert-w-gries commented 6 years ago

Fixed in #60