[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Re: 32bit binaries on x86_64/Xen segfaults in syscall-vdso
On 09/03/09 15:36, Bastian Blank wrote: > This function looks weird. It tries to restores the user code segment. > But the documentation from AMD explicitely stat that the CS and SS are > restored from the STAR register. And STAR is always set with: wrmsrl(MSR_STAR, ((u64)__USER32_CS)<<48 | ((u64)__KERNEL_CS)<<32); so when using sysret to return to 32-bit, it: The CS selector value is set to MSR IA32_STAR[63:48]. The SS is set to IA32_STAR[63:48] + 8. so CS is __USER32_CS and SS is __USER32_DS. The code for xen_sysret32 is: ENTRY(xen_sysret32) /* * We're already on the usermode stack at this point, but * still with the kernel gs, so we can easily switch back */ movq %rsp, PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack), %rsp pushq $__USER32_DS pushq PER_CPU_VAR(old_rsp) pushq %r11 pushq $__USER32_CS pushq %rcx pushq $VGCF_in_syscall 1: jmp hypercall_iret The iret frame is: ss rsp rflags cs rip <-- rsp so this constructs a frame of: __USER32_DS user_esp user_eflags __USER32_CS user_eip <-- kernel rsp and then it does the iret hypercall. But for some reason that's triggering a failsafe callback, which invokes a GP. J _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |