Re: [hppa-linux] Gateway instructions

Linux PARISC architecture development
 help / color / mirror / Atom feed

From: Cary Coutant <cary@cup.hp.com>
To: <hppa-linux@thepuffingroup.com>
Subject: Re: [hppa-linux] Gateway instructions
Date: Thu, 18 Mar 1999 10:43:44 -0800	[thread overview]
Message-ID: <199903181840.KAA25312@cllmail.cup.hp.com> (raw)

The PSW B bit is set to indicate that an instruction is executing in the 
delay slot of another branch. Gateway instructions trap if the B bit is 
set to prevent a malicious process from using sequence like the following 
to gain a higher privilege level:

     B    gateway
     B    my_routine

Without this protection, the first branch to the gateway instruction 
would promote the privilege level, but control would immediately be 
transferred to the user's own code. 

Branches in delay slots are tricky; here's what's really happening in the 
hardware:

                                       PC offset queue after instruction
    PC           Instruction           head         tail

    user+0       ...                   user+4       user+8
    user+4       B gateway             user+8       gateway
    user+8       B my_routine          gateway      my_routine
    gateway      B,GATE syscall        my_routine   syscall
    my_routine   B my_routine+4        syscall      my_routine+4
    syscall      ...                   my_routine+4 my_routine+8
    my_routine+4 ...

When a page's access rights are 4, 5, 6, or 7, a gateway instruction on 
that page causes the privilege promotion. Most HP-UX system calls are 
branches to a common gateway instruction on a gateway page in the fourth 
quadrant. This gateway instruction then branches to a common syscall 
entry sequence that ultimately switches on the syscall number passed in a 
GR. Some "lightweight" syscalls may be implemented with their own 
gateways.

The B bit is not a problem as long as the delay slot of the branch to the 
gateway is either nullified or filled in with a non-branch instruction. 
For example,

    LDIL L'GATEWAY,%r1
    BLE  R'GATEWAY(%sr7,%r1)
    LDO  sycallnum,%r22

Cary Coutant
Hewlett-Packard Co.
Application Delivery Lab

next             reply	other threads:[~1999-03-18 18:40 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1999-03-18 18:43 Cary Coutant [this message]
1999-03-18 21:51 ` [hppa-linux] Gateway instructions Mike Shaver
1999-03-19 15:40   ` Kumar
  -- strict thread matches above, loose matches on Subject: below --
1999-03-19  1:38 Cary Coutant
1999-03-19  6:10 ` Mike Shaver
1999-03-19  6:58   ` Mike Shaver
1999-03-18 17:34 Bjorn Helgaas
1999-03-18 14:35 Christopher Neufeld
1999-03-18 16:55 ` Mike Shaver
1999-03-18 18:05   ` Alan Cox

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=199903181840.KAA25312@cllmail.cup.hp.com \
    --to=cary@cup.hp.com \
    --cc=hppa-linux@thepuffingroup.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox