Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syscall entry/exit register save / restore (general purpose and FPU/MMX/SSE/AVX) #9

Closed
kuqin12 opened this issue Aug 19, 2022 · 0 comments · Fixed by #20
Closed

Syscall entry/exit register save / restore (general purpose and FPU/MMX/SSE/AVX) #9

kuqin12 opened this issue Aug 19, 2022 · 0 comments · Fixed by #20
Assignees
@kuqin12
Labels
impact:security Has a security impact type:bug Something isn't working

Comments

@kuqin12
Copy link
Contributor

kuqin12 commented Aug 19, 2022

SyscallCenter implemented in SysCallEntry.nasm is called as the supervisor entry point when user space issues a SYSCALL instruction. This function is responsible for proper setup, calling the dispatcher, and then returning to user space properly.

Except, it doesn't seem to restore all registers. It restores a subset of the general-purpose registers (r11, rbx, rdi, r12, rsi, r9, r8, rdx, rbp rcx and rsp), clearly leaving out r10, r13, r14, and r15. If the dispatcher uses any of these registers, they would get returned to user space.

In addition to the general-purpose registers, it doesn't seem to restore any of the FPU/MMX/SSE/AVX registers. Optimizing compilers tend to use the SIMD registers and instructions for things like memcpy().

Fix Recommendation:
Consider saving/restoring all general-purpose registers.

Acknowledgement:
Thanks to @iljavs for reporting this issue.
@kuqin12 kuqin12 added the impact:security Has a security impact label Aug 19, 2022
@kuqin12 kuqin12 mentioned this issue Aug 19, 2022
Merged
@spbrogan spbrogan added the type:bug Something isn't working label Aug 20, 2022
kuqin12 added a commit that referenced this issue Aug 20, 2022
@kuqin12
Syscall entry/exit register save / restore (general purpose and FPU/M…
05b8628 
…MX/SSE/AVX) (#20)

Bug Description:
SyscallCenter implemented in SysCallEntry.nasm is called as the supervisor entry point when user space issues a SYSCALL instruction. This function is responsible for proper setup, calling the dispatcher, and then returning to user space properly.

Except, it doesn't seem to restore all registers. It restores a subset of the general purpose registers (r11, rbx, rdi, r12, rsi, r9, r8, rdx, rbp rcx and rsp), clearly leaving out r10, r13, r14, and r15. If the dispatcher uses any of these registers, they would get returned to user space.

In addition to the general purpose registers, it doesn't seem to restore any of the FPU/MMX/SSE/AVX registers. Optimizing compilers tend to use the SIMD registers and instructions for things like memcpy().

Fix:
In the syscall interface:
- Adding saving/restoring all general purpose registers.
- Saving/restoring MMX/SSE/FPU registers with FXSAVE and FXSTOR.
- AVX operations are prohibited by not enabling OSXSAVE in CR4.

The instructions addition is measured to have <100ms slowdown for 1M syscall calls.

fixes #9
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kuqin12 kuqin12

Labels
impact:security Has a security impact type:bug Something isn't working
Projects
None yet
Milestone
No milestone
2 participants
@spbrogan @kuqin12