Laszlo Ersek [mailto:lersek@redhat.com] wrote:
[snip]
]Can you hex-dump the guest memory too, in both cases, starting from ]0xf4b78+0x18, and from 0x1ffec000+0x18, respectively, for 0x8 bytes? ]This would provide the segment descriptor in each case that the selector ]value 0x18 references.
I thought of the same, but then saw that gdb is actually dumping those:
0018 000f0000 0000ffff 00009b00 DPL=0 CS16 (causes reset) 0018 00000000 ffffffff 00c09300 DPL=0 DS (works)
]In the resetting case, the segment descriptor referenced by selector ]value 0x18 is probably suitable for data segments, but inappropriate for ]the stack segment.
Exactly. In the passing case the selector is for a r/w data segment. In the failing case, the selector is for an execute/read code segment. While a code segment selector is valid for some segments, the stack segment has some special checks:
IF SS is loaded THEN IF segment selector is NULL THEN #GP(0); FI; IF segment selector index is outside descriptor table limits or segment selector's RPL ≠ CPL or segment is not a writable data segment<========= or DPL ≠ CPL THEN #GP(selector); FI;
... So a GP fault. Weird that the load of the new GDT is getting skipped, but stranger things have happened. Thanks, Scott
]Thanks ]Laszlo ]/ducks