Bug#544145: 32bit binaries on x86_64/Xen segfaults in syscall-vdso
- To: Jeremy Fitzhardinge <jeremy@goop.org>
- Cc: linux-kernel@vger.kernel.org, xen-devel@lists.xensource.com, 544145@bugs.debian.org, Keir Fraser <keir.fraser@eu.citrix.com>
- Subject: Bug#544145: 32bit binaries on x86_64/Xen segfaults in syscall-vdso
- From: Bastian Blank <waldi@debian.org>
- Date: Fri, 4 Sep 2009 19:46:05 +0200
- Message-id: <[🔎] 20090904174605.GA8396@wavehammer.waldi.eu.org>
- Mail-followup-to: Bastian Blank <waldi@debian.org>, Jeremy Fitzhardinge <jeremy@goop.org>, linux-kernel@vger.kernel.org, xen-devel@lists.xensource.com, 544145@bugs.debian.org, Keir Fraser <keir.fraser@eu.citrix.com>
- Reply-to: Bastian Blank <waldi@debian.org>, 544145@bugs.debian.org
- In-reply-to: <[🔎] 4AA13B4B.7020101@goop.org>
- References: <20090830181637.GA7155@wavehammer.waldi.eu.org> <[🔎] 4AA02C57.30106@goop.org> <[🔎] 20090903220252.GA19309@wavehammer.waldi.eu.org> <[🔎] 4AA03DE8.40706@goop.org> <[🔎] 20090903223603.GA19945@wavehammer.waldi.eu.org> <[🔎] 4AA13B4B.7020101@goop.org>
On Fri, Sep 04, 2009 at 09:07:39AM -0700, Jeremy Fitzhardinge wrote:
> On 09/03/09 15:36, Bastian Blank wrote:
> > This function looks weird. It tries to restores the user code segment.
> > But the documentation from AMD explicitely stat that the CS and SS are
> > restored from the STAR register.
>
> And STAR is always set with:
> wrmsrl(MSR_STAR, ((u64)__USER32_CS)<<48 | ((u64)__KERNEL_CS)<<32);
No. This is the normal kernel setup. But the Xen setup (the relevant
one) looks different:
| #define FLAT_RING3_CS32 0xe023
| wrmsr(MSR_STAR, 0, (FLAT_RING3_CS32<<16) | __HYPERVISOR_CS);
But this does not match my observation either.
And even the native Linux kernel uses "iret" to jump out of a compat
(32bit) syscall. No, I don't want to understand this, but it looks
highly broken.
Bastian
--
Captain's Log, star date 21:34.5...
Reply to: