Re: SYSENTER and libraries

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am also studing the code of OpenSolaris now days and just wanted to share and just wanted to share about it ....  Solaris libraries uses a better mechanism for invoking the system call, which make the library independent of the kernel. Library have an invalid instruction for invliking the system call. So when first system call is done on the system, invalid OPCode exception is generated and in the handler of this, solaris kernel do chaeck if it is a specific invalid instruction as mentioned in the lib, then it simply replaces that invalid instruction with the valid instruction for making system call (either through SYSENTER, if processor supports it, else through INT instruction). I think on OpenSoalris INT 0x91 is used rather than INT 0x80 as done on Linux .....

In this way the library is more independent of the kernel and need not to be changed, if we change the mechanism of invoking the system call. We give ful control to kernel to decide how to invoke the system call and kernel decides it in a better way .....

regards,
Gaurav


On 1/24/07, Mulyadi Santosa <mulyadi.santosa@xxxxxxxxx> wrote:
Hi Ramagudi

> Very interesting. Thank you for that.
>
> What about the "int $80" directive ? that one IS embedded in the code
> itself.
> is it possible because it is supported on all cpus ?

I guess that is just the developer that thinks it is better to hard code
that int 80h or he/she just doesn't aware that SYSENTER/SYSCALL are
there. You'll see lots like this if you observe hacker's shellcode
spreading on Net, right Arjan? ;)
> would you happen to know why static libraries do not use the VDSO ?
maybe because static lib assumes it can be used in non VDSO environment?
thus, to prevent jumping into address of VDSO that doesn't exist, it
simply use int 80h... just a guess...

> (maybe they just can't assume they will run under the dynamic linker ?
> Is the VDSO is mapped by the dynamic linker ?)
Yes, VDSO is linked by ld.so. The actual address of VDSO is passed by
the loader to the executable, thus the jump to the VDSO is determined at
run time, not at linking/compile. This was once made permanent into
certain address, but AFAIK Arjan and other security hacker thinks this
made cracker easier to break into VDSO, thus it is later placed at
dynamic address.


Does this answer your doubt?

regards,

Mulyadi


--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/




--
Gaurav
Email: gauravd.chd@xxxxxxxxx
--------------------------------------------
Read my articles at: http://lkdp.blogspot.com
--------------------------------------------
Easy to get air tickets at affordable price,
US to India Air Tickets: www.Ritz-Travel.com
Call at 001-503-848-2299 or mail at info@xxxxxxxxxxxxxxx
--------------------------------------------
[Index of Archives]     [Newbies FAQ]     [Linux Kernel Mentors]     [Linux Kernel Development]     [IETF Annouce]     [Git]     [Networking]     [Security]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux SCSI]     [Linux ACPI]
  Powered by Linux