flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
revolution 04 Sep 2009, 03:41
Azu wrote: Where is a website or manual that I can find a description of this instruction? All I could find searching is that it does something to the gs register that is somehow important for ring0->ring3 transitions in FreeBSD. ![]() |
|||
![]() |
|
MazeGen 04 Sep 2009, 06:58
Get either Intel manual, 253667.pdf, or AMD manual, 24594.pdf.
|
|||
![]() |
|
Azu 04 Sep 2009, 07:22
revolution wrote:
![]() MazeGen wrote: Get either Intel manual, 253667.pdf, or AMD manual, 24594.pdf. ![]() |
|||
![]() |
|
revolution 04 Sep 2009, 07:31
Your google-foo is not so strong
![]() |
|||
![]() |
|
Azu 04 Sep 2009, 07:35
Right.. coming from the guy who couldn't find it either.
![]() Thanks again MazeGen! ^^ |
|||
![]() |
|
Feryno 04 Sep 2009, 08:30
Knowing this instruction is usefull if you do kernel programming.
when ring3 executes code, GS base points to ring3 GS base (under windows x64, its name is ThreadLocalBase, the name of ring0 GS base under win x64 is KPRCB = processor control block, K means perhaps kernel, KPRCB is unique constant per every CPU in SMP system, every CPU has its own) at that point, e.g. keyboard interrupt (or timer interrupt, or harddisk interrupt, ...) may hit, or ring3 code calls ring0 code (e.g. the SYSCALL instruction) when it is the SYSCALL instruction, then kernel knows about ring3-ring0 transition and the kernel executes the SWAPGS instruction very early (usually the first instruction) and then ring3 and ring0 GS bases are swapped, so now GS base points to ring0 data. When then ring0 passes control back to ring3, this is typically by instruction pair SWAPGS + SYSRETQ when it is e.g. timer interrupt, then the interrupt could hit when ring0 code was executing, or when e.g. ring3 code was executing the kernel handler typically tests qword [rsp+8*1] where CS is pushed, it tests low 2 bits of the code selector (ms windows tests only the lowest bit, bit 0.), so then kernel is able to determine whether interrupt occured from ring0 or from ring3. If the interrupt was from ring0, then there is no need to execute SWAPGS (kernel doesn't execute it), when the interrupt was from ring3, then kernel executes SWAPGS. CS for ring3 has bit 0., 1. set to 1 CS for ring0 has bit 0., 1. set to 0 so int handler skeleton should begin with something like: ; qword [rsp+8*4] = SS ; qword [rsp+8*3] = RSP ; qword [rsp+8*2] = RFLAGS ; qword [rsp+8*1] = CS ; qword [rsp+8*0] = RIP test byte [rsp+8*1],11b jz L0 swapgs L0: on the way back, when kernel is going to pass control to thread, it checks whether it is ring0 thread or ring3 thread if it is ring0 thread, then there is no need to execute SWAPGS if the control is going to pass to ring3 thread, then the typical code sequence to do that is: swapgs iretq the swapgs instruction was implemented into CPUs because when there is a transfer into ring0 (no matter it is from ring0 or ring3), then GS base may be efficiently loaded and immediatelly give a valid pointer into ring0 data even in case ring0 stack would be destroyed, pointer into valid ring0 stack may be loaded from GS base, e.g. mov rsp,[gs:xxxx] |
|||
![]() |
|
revolution 04 Sep 2009, 10:32
Azu wrote: Right.. coming from the guy who couldn't find it either. |
|||
![]() |
|
Azu 04 Sep 2009, 10:34
Ah. I thought you were referring to Google as the manual (since you made a link to Google called TFM), and suggesting I search for the instruction in it.
![]() I got kind of frustrated by that since I already searched for the instruction in it. I'm sorry for misinterpreting you. |
|||
![]() |
|
revolution 04 Sep 2009, 10:42
Even so Google can find it for you:
http://www.google.com/search?hl=en&q=swapgs+filetype%3Apdf+site%3Aintel.com&btnG=Search First result! |
|||
![]() |
|
Azu 04 Sep 2009, 10:45
I'll search longer before asking here next time.
![]() |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.