diff options
| author | Luca Barbieri <ldb@ldb.ods.org> | 2003-01-08 21:26:09 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@penguin.transmeta.com> | 2003-01-08 21:26:09 -0800 |
| commit | 989467d1ea36a753ba358cb4e20a3226b4682282 (patch) | |
| tree | c10ea6c6bf4dcb77b23d39d85c80bb918ea6994a /include | |
| parent | 077fbc21ab5273356576556a0c48d634646d814b (diff) | |
[PATCH] Remove all register pops before sysexit
This patch, which depends on the previous %ebx -> %ebp patch, removes
all pop instruction in the sysenter return path.
This leaks the thread_info address to user mode but this shouldn't be
a security problem.
This is what happens to the various registers:
%eax: return value from system call: already in place
%ebx, %esi, %edi: saved by the C compiler
%ecx, %edx, %ebp: restored by user mode, fixed values by kernels
%esp, eip: copied to %ecx/%edx and restored by sysexit
%ds, %es: initialized to __USER_DS on kernel entry
%cs, %ss: restored by sysexit based on msr
%fs, %gs: not modified by the kernel (saved around context switch)
eflags: not preserved, iopl saved around context switch
FP, XMM: any code that modifies them must save/restore them
Note that while it is possible to change %ebx, %esi, %edi, %ecx, %edx
or %ebp via struct pt_regs, anything that does should set TIF_IRET or
another work flag (and it hopefully already does).
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions