[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 5/5] x86_64: add 64-bit syscall entry point

From: Luca Dariz
Subject: Re: [PATCH 5/5] x86_64: add 64-bit syscall entry point
Date: Wed, 1 Mar 2023 07:44:16 +0100

Il 28/02/23 15:14, Sergey Bugaev ha scritto:
On Tue, Feb 28, 2023 at 4:26 PM Luca Dariz <luca@orpolo.org> wrote:
+    /* check if we need to place some arguments on the stack */
+    mov     EXT(mach_trap_table)(%rax),%r10 /* get number of arguments */
+    subq    $6,%r10                 /* the first 6 args are already in place */
+    jl      _syscall64_call         /* skip argument copy if >6 args */


Right, I didn't test a 6-args syscall.

+    movq    R_UESP(%rbx),%r11       /* get user stack pointer */
+    addq    $8,%r11                 /* Skip user return address */
+    mov     $USER_DS,%r12           /* use user data segment for accesses */
+    mov     %r12,%fs
+    lea     (%r11,%r10,8),%r11      /* point past last argument */

Do I understand it right that for the most interesting syscall (which
takes 7 args!), I *am* supposed to pass the 7th arg on the stack (in
mem[rsp + 8]) -- unlike on Linux?

I think on Linux all syscalls have <= 6 arguments, so they will never use the stack for the 7th arg. This use of the stack is due to x86_64 calling conventions, and since we have a syscall with 11 args (syscall_vm_map) I don't see currently a better way to pass the extra args. (but I don't exclude there is one :))

Or in other words: do I understand it right that the ABI here is:

- syscall number in rax
- arguments are passed just as per x86_64 calling convention, except
the 4th arg is in r10 and not rcx
- return value is in rax


- rcx and r11 are additionally clobbered -- or not?

They will still contain RIP and EFLAGS on return, so they have a special treatment compared to the usual calling conventions, but they can probably be considered clobbered for this purpose.

- nothing else is clobbered, in particular not rflags (or is the
"reserved" half of rflags clobbered?) and not the registers that
contain args

if we follow the usual calling conventions, the registers containing args are clobbered. In fact, in the code I set them to 0 before sysret, to avoid the risk of them containing sensitive information from the syscall execution.

In the syscall invoker in syscall_sw.h the special syscall conventions should be masked in a regular function, so from userspace the mach_msg() or syscall_vm_allocate() or any other syscall should be just like a regular function. I've done some testing but I didn't test it with glibc, so this stub might need to be improved.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]