Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Descriptor::tss_segment too restrictive? #423

Open
SamZhang3 opened this issue Jun 5, 2023 · 2 comments
Open

Descriptor::tss_segment too restrictive? #423

SamZhang3 opened this issue Jun 5, 2023 · 2 comments

Comments

@SamZhang3
Copy link
Contributor

I'm trying to implement multitasking in user mode with the following setup:

  • Each task has a user-mode and kernel-mode stack
  • The kernel-mode stack pointer is placed in the privilege stack table of the TSS (so it is switched to on interrupts, exceptions, and system calls)
  • On a context switch, the privilege stack table is updated to point to the kernel-mode stack for the new task

But with this crate, there is a problem. To add the TSS, the Descriptor::tss_segment function should be called with the TaskStateSegment structure, to create a Descriptor that can be added to the GDT. But the function expects a &'static reference to the TaskStateSegment, which means that, once called, no further modifications are possible to the TSS (the &'static reference cannot coexist with any mutable references), so it is not possible to update the TSS on context switching.

Would it be a good idea to loosen the requirements for calling this function?

@Freax13
Copy link
Member

Freax13 commented Jun 5, 2023

I'm trying to implement multitasking in user mode with the following setup:

  • Each task has a user-mode and kernel-mode stack
  • The kernel-mode stack pointer is placed in the privilege stack table of the TSS (so it is switched to on interrupts, exceptions, and system calls)
  • On a context switch, the privilege stack table is updated to point to the kernel-mode stack for the new task

But with this crate, there is a problem. To add the TSS, the Descriptor::tss_segment function should be called with the TaskStateSegment structure, to create a Descriptor that can be added to the GDT. But the function expects a &'static reference to the TaskStateSegment, which means that, once called, no further modifications are possible to the TSS (the &'static reference cannot coexist with any mutable references), so it is not possible to update the TSS on context switching.

Would it be a good idea to loosen the requirements for calling this function?

The way I see it, there are two ways to solve this:

  1. Add an unsafe function that makes the caller responsible for ensuring that the TSS is valid while the entry is in use.
  2. Make it possible to modify the TSS fields atomically.

Option 2 will likely require breaking changes, so I tend towards option 1 for now (though we were planning on releasing a new breaking version anyways, so option 2 should also be good).

@phil-opp
Copy link
Member

I think it makes sense to implement both option 1 and option 2. There will always be cases where our safe abstractions are not a good fit, so we should allow users to plug in their own abstractions if desired. So starting with option 1 sounds good to me!

@SamZhang3 If you have time, it would be great if you could create a PR to add an unsafe Descriptor::tss_segment_unchecked function that takes a *const TaskStateSegment as argument.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants