sysenter / sysexit: Inconsistent manual + ring 3 access rights

sysenter / sysexit: Inconsistent manual + ring 3 access rights

Hi all,

As part of my research project, I am currently implement my own security kernel. One of the key parts is, naturally, a user/kernel separation. For this I intended to use the sysenter/sysexit combination. Sysenter seems to work correctly, but sysexit causes problems. Digging through the manual I even found an inconsistency. In the developer's manual 3.A chp 5.8.7.1. It states that sysexit causes the use of the following stack segment: IA32_SYSENTER_CS + 40 (in ia32e mode). The manual 2.A at page 4.500 however, states that IA32+SYSENTER_CS + 8 is used.

Trying to resolve the issue, I looked at how Linux implements system calls. Unfortunately it uses syscall/sysret instructions. Surprisingly however, it sets the SYSRET CS value to 0x13. The two least significant bits are set to allow user mode to access the code and stack segments. How is this resolved with the sysenter/sysexit instructions?

Thanks in advance,
Raoul

2 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi
I believe you are referring to the 4th bullet item on page 4-455 of rev 37 of Vol 2B, which said
"Stack segment - Computed by adding 8 to the value of CS selector."

What it meant, was, add 8 to the target code segment address, which was stated in the 1st bullet as IA32_SYSENTER_CS+32.

Leave a Comment

Please sign in to add a comment. Not a member? Join today