[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Race condition in Mach/Hurd?

On Tue, 2011-05-10 at 13:34 +0200, Samuel Thibault wrote:

> > 
> > It's not so simple as you say: I have now found out where the
> > mach_port_deallocate_debug variable is in gnumach-1.3.99-486-dbg (copied
> > from boot and uncompressed). I have two alternatives:
> > 
> > 1) Write a one into that address without using the kernel debugger, how?
> That's an option. Use objdump -d gnumach-1.3.99-486-dbg to determine the
> file offset of the variable, and use a hex editor. It's really not the
> simplest way.

Well objdump gave a lot of hits for mach_port_deallocate but
mach_port_deallocate_debug was not found. And the addresses are
different from the hex editor. Anyway using objdump -D I found it:

002c10c0 <mach_port_deallocate_debug>:
  2c10c0:       00 00                   add    %al,(%eax)
002c10c4 <boot_device_port>:
  2c10c4:       00 00                   add    %al,(%eax)

In emacs :-) I can see the hex code. But from there I cannot see where
to replace a 0 with a 1:
002c10c0: 2318 0614 1600 000a etc.

Where to write? (It's been a long time since I even touched assembly or
binary code)

> > 2) Uncompress it at /boot
> > Start the debugger with C-A-d. Does this work on an uncompressed image?
> > w 002c10c0 1
> > cont
> There's a misunderstanding: w writes in the living kernel and has
> immediate non-permanent effect, not in /boot.

Partly understood, does this command apply to the -dbg version of
gnumach in the running kernel? The ordinary kernel is stripped from

> > and then, how to exit the debugger?
> That's what cont is for.


> > When should I start the kernel debuggger, before or after triggering:
> > 5040ee18 deallocating an invalid port 340, most probably a bug.
> Before.


> > Is there any help available for the kernel debugger?
> There are documentations on the net, the debugger is BSD's ddb.


Reply to: