Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.
1103 Discussions

sysenter / sysexit: Inconsistent manual + ring 3 access rights

Raoul
Novice
‎02-08-2011 05:48 AM
649 Views
Hi all,

As part of my research project, I am currently implement my own security kernel. One of the key parts is, naturally, a user/kernel separation. For this I intended to use the sysenter/sysexit combination. Sysenter seems to work correctly, but sysexit causes problems. Digging through the manual I even found an inconsistency. In the developer's manual 3.A chp 5.8.7.1. It states that sysexit causes the use of the following stack segment: IA32_SYSENTER_CS + 40 (in ia32e mode). The manual 2.A at page 4.500 however, states that IA32+SYSENTER_CS + 8 is used.

Trying to resolve the issue, I looked at how Linux implements system calls. Unfortunately it uses syscall/sysret instructions. Surprisingly however, it sets the SYSRET CS value to 0x13. The two least significant bits are set to allow user mode to access the code and stack segments. How is this resolved with the sysenter/sysexit instructions?

Thanks in advance,
Raoul
0 Kudos

Link Copied

1 Reply
SHIH_K_Intel
Employee
‎04-06-2011 08:39 AM
649 Views
Hi
I believe you are referring to the 4th bullet item on page 4-455 of rev 37 of Vol 2B, which said
"Stack segment - Computed by adding 8 to the value of CS selector."

What it meant, was, add 8 to the target code segment address, which was stated in the 1st bullet as IA32_SYSENTER_CS+32.
0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.