On 03.02.19 13.24, Andi B. wrote:
> Dave Yeo wrote:
>> Lars Erdmann wrote:
>>> I therefore believe that your problem is that you are using these 2
>>> different kernels. It has nothing to do with ACPI.PSD.
>>
>> In a round about way it does. If ArcaOS installs with APM support
>> instead of ACPI, it will
>> install the W4 kernel and the T42 works much better with APM.
>>
>> Dave
>
> Thanks both of you. Last night during two REM phases the kernel
> difference came up to my mind too ;-) But I still wondering why the SMP
> kernel behaves different here. Does that expose some security/stability
> issues with SMP kernels compared to the W4?
I think now I remember. It has something to do with the CLI and STI
instructions.
For the SMP kernel (but NOT the W4 kernel), there is something called
IPIs (interprocessor interrupts). These are used to synchronize multiple
CPUs.
For example, they are needed when you want to hand over execution of a
thread from one CPU to another.
Now, there is a CLI spinlock. Every processor that wants to issue a CLI
needs to acquire this spinlock. This spinlock is needed by the kernel to
keep track of if an IPI can be issued or not because if CLI is issued on
a CPU it cannot receive an IPI (after all, an IPI is a normal interrupt
source like a HW interrupt).
So how can the OS ensure that the CLI spinlock is acquired if a
processor issues a CLI (from an application) ?
Solution: it needs to trap this instruction. In the OS exception
handler, it can then ensure that on a CLI the OS will acquire the CLI
spinlock.
Likewise, the STI instruction will then release the CLI spinlock.
Unfortunately, the set of IN/INS/OUT/OUTS/CLI/STI are all trapped if the
CPL (current privilege level) has a higher number than the IOPL.
But according to the trap address the kernel will be able to find out
what instruction caused the trap. And then it will allow IN/INS/OUT/OUTS
to execute normally while it will do the special processing for CLI and STI.
When you look at the W4 kernel and the SMP kernel you will realize that
the IOPL flag will be set to 2 for the W4 kernel and to 0 for the SMP
kernel. And that's why regardless if you have an IOPL segment for your
IN and OUT instructions or not, the kernel will trap in any case on an
SMP kernel (and do the aforementioned). On the W4 kernel, if you run the
IN and OUT instructions from an IOPL segment, the CPL will be 2 and
therefore it will be <= IOPL and therefore it will NOT trap.
And yes, it is a security flaw in the SMP kernel because as you
realized, you can execute IN and OUT from a normal application on the
SMP kernel without going through any special fuzz.
I don't know why the kernel does not prevent IN and OUT from being
executed in the exception handler. It would have been possible to
prevent that. Maybe IBM forgot :-)
Lars