SYSENTER strategies

Question about which tools to use, bugs, the best way to implement a function, etc should go here. Don't forget to see if your question is answered in the wiki first! When in doubt post here.
Post Reply
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

SYSENTER strategies

Post by jal »

A question for those that use SYSENTER (or SYSCALL): how do you pass the return address to the kernel? Not that I cannot think of a few ways, it's just that I'd like to know how you solved it. Btw, I think it's rather weird for SYSENTER/CALL to be a kind of double JMP, since 99.99% of the time you'd want SYSEXIT to return to right after the SYSENTER...


JAL
Top
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

Re: SYSENTER strategies

Post by jal »

So, can I safely assume nobody has ever used SYSENTER, or that it is just not worth commenting on?
Top
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:
Contact Brendan

Re: SYSENTER strategies

Post by Brendan »

Hi,
jal wrote:A question for those that use SYSENTER (or SYSCALL): how do you pass the return address to the kernel? Not that I cannot think of a few ways, it's just that I'd like to know how you solved it. Btw, I think it's rather weird for SYSENTER/CALL to be a kind of double JMP, since 99.99% of the time you'd want SYSEXIT to return to right after the SYSENTER...
SYSENTER automatically stores the return EIP in ECX and the return ESP in EDX (where they need to be for SYSEXIT).

SYSCALL also automatically stores the return EIP in ECX (where it needs to be for SYSRET). However, SYSCALL doesn't modify ESP and neither does SYSRET. I think the assumption here is that the CPL=0 kernel code uses the CPL=3 caller's stack (which is a bad assumption IMHO - be careful if using the CPL=3 stack might cause a page fault or something).

Also note that these 4 instructions (SYSENTER, SYSCALL, SYSEXIT and SYSRET) all do strange things to EFLAGS. Exactly what happens depends on whether you're in long mode or protected mode and a few other things (there's a mask in an MSR too, and R11 can be involved)...
jal wrote:So, can I safely assume nobody has ever used SYSENTER, or that it is just not worth commenting on?
You can safely assume that the question would have been answered by the relevant programming manual... ;)


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Top
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

Re: SYSENTER strategies

Post by jal »

Brendan wrote:SYSENTER automatically stores the return EIP in ECX and the return ESP in EDX (where they need to be for SYSEXIT).
This must be incorrect. 2A says: "The procedure does not save a return IP or other state information for the calling procedure" and "When executing a SYSENTER instruction, the processor does not save state information for the user code".
You can safely assume that the question would have been answered by the relevant programming manual...
Yeah, ditto! So this leaves still my question: how do you provide SYSEXIT with the return address and ESP?


JAL
Top
User avatar
Brendan
Member
Member
Posts: 8561
Joined: Sat Jan 15, 2005 12:00 am
Location: At his keyboard!
Contact:
Contact Brendan

Re: SYSENTER strategies

Post by Brendan »

Hi,
jal wrote:
Brendan wrote:SYSENTER automatically stores the return EIP in ECX and the return ESP in EDX (where they need to be for SYSEXIT).
This must be incorrect. 2A says: "The procedure does not save a return IP or other state information for the calling procedure" and "When executing a SYSENTER instruction, the processor does not save state information for the user code".
Doh - you're right.

SYSEXIT loads the return EIP from EDX and the return ESP from ECX, but SYSENTER doesn't put them in those registers to start with.

So, let's see - SYSEXIT expects these values to be in ECX and EDX, so these values need to get in these registers somehow. Maybe you could provide a software interrupt that sets the return EIP and the return ESP to be used for a subsequent SYSENTER instruction?

For example:

Code: Select all

   push ebp        ;Save EBP, because it'll get trashed

   mov ebp,esp
   push .returnEIP ;Param1
   push ebp        ;Param2
   int 0x80        ;Set the return EIP and return ESP for the next SYSENTER

   sysenter        ;Do the syscall, and return using the previously set return EIP and return ESP
.returnEIP:

   pop ebp         ;Restore EBP
Yeah, that looks fairly good to me.... :roll:
jal wrote:
You can safely assume that the question would have been answered by the relevant programming manual...
Yeah, ditto! So this leaves still my question: how do you provide SYSEXIT with the return address and ESP?
Hmm - I meant the right manual, which doesn't include using AMD's manual for Intel's SYSENTER, because (at least my copy of) AMD's manual doesn't include the pseudo-code for the SYSENTER or SYSEXIT instructions (even though it does include the pseudo-code for almost every other instruction). :oops:


Cheers,

Brendan
For all things; perfection is, and will always remain, impossible to achieve in practice. However; by striving for perfection we create things that are as perfect as practically possible. Let the pursuit of perfection be our guide.
Top
jal
Member
Member
Posts: 1385
Joined: Wed Oct 31, 2007 9:09 am

Re: SYSENTER strategies

Post by jal »

Brendan wrote:Maybe you could provide a software interrupt that sets the return EIP and the return ESP to be used for a subsequent SYSENTER instruction?
That would kinda defeat the purpose, as SYSENTER is used to prevent the overhead of int-calling :). Currently, I do it similar to what Linux does (so I found out), i.e. call a function that does the sysenter, so you know where you want to return to (the instruction right after the sysenter), and set that before sysentering. Something like:

Code: Select all

    ...
    mov ecx, esp
    mov edx, KernelCallSysEnterReturn
    sysenter
KernelCallSysEnterReturn:  
    ...

JAL
Top
Post Reply

Return to “OS Development”