Tim Hentenaar's Blog

Jul 24, 2015 19:30

Patch for the Solaris 2.5.1 (i386) Paging Bug

Recently, I decided just for the hell of it to install the i386 version of Solaris 2.5.1 (SunOS 5.5.1) in VirtualBox just to screw around with it. It's been quite some time since I was greeted by Open Windows and the classic korn shell. Much to my dismay, however, the OS would not boot.

Thankfully, Michal Necasek wrote an article describing the issue, as he debugged it with kadb. His analysis was spot on, and most helpful with getting Solaris to install and run. Since there was no patch available, I decided it was damn sure time to write one.

A binary version of this patch, which runs on Solaris 2.5.1, can be found here. You can download the source code also. I suppose the next logical step would be to use this patch, and then make a boot disk with the patched kernel, and maybe even and install CD with a patched kernel. :P

So, without further ado, here's the patch. It simply adds a couple of instructions to read/write CR3, effecting a TLB flush. Thankfully, the target address being .text + 2 and the fact that .text is mapped to the beginning of the page allowed me to save enough bytes to cleanly add the TLB flush.

Expect a couple more Solaris 2.5.1-related articles here soon. ;)