Chris Wright wrote: > * Zachary Amsden (zach@xxxxxxxxxx) wrote: > >> ENTRY(sysenter_entry) >> movl TSS_sysenter_esp0(%esp),%esp >> sysenter_past_esp: >> STI >> pushl $(__USER_DS) >> pushl %ebp >> pushfl >> pushl $(__USER_CS) >> pushl $SYSENTER_RETURN >> >> SYSENTER_RETURN is a link time constant that is defined based on the >> location of the vsyscall page. If the vsyscall page can move, this can >> not be a constant. The reason is, this "fake" exception frame is used >> to return back to the EIP of the call site, and sysenter does not record >> the EIP of the call site. >> > > It's only real issue for something like execshield. For this it's easy > to do the fixed math since it's still at fixed address. > > + DEFINE(VSYSCALL_BASE, (PAGE_OFFSET - 2*PAGE_SIZE)); > Ok, I'm confused. What fixed math? The return EIP that is pushed here is used when sysenter is active and you have to IRET back to userspace. If that EIP is dynamically relocatable, you can't do fixed math unless you patch the pushl site dynamically. Notable reasons for returning via IRET on this fake exception frame were (until my recent submission) IOPL changes, but I believe there were more. I will have to inspect the source to determine if that is still the case. Zach
