1. Field of the Invention
This invention relates generally to computer systems and, more particularly, to methods that provide security for a computing system.
2. Description of the Related Art
FIG. 1 is a diagram of an exception stack frame 100 produced by an x86 processor, such as when running the Windows® operating system (Microsoft Corp., Redmond, Wash.). On entry to an exception handler, all registers of the application program in which the exception occurred (i.e., the “faulting application”) are preserved except the code segment (CS), instruction pointer (EIP), stack segment (SS), stack pointer (ESP) registers, and EFLAGS. The contents of these registers are made available in the exception stack frame 100.
The exception stack frame 100 begins at segmented address SS:ESP. The error code resides in the exception stack frame 100 at segmented address SS:ESP+00h. The contents of the instruction pointer (EIP) register of the faulting application resides in the exception stack frame 100 at segmented address SS:ESP+04h. The contents of the code segment (CS) register of the faulting application resides in the exception stack frame 100 at segmented address SS:ESP+08h. The contents of the flags (EFLAGS) register of the faulting application resides in the exception stack frame 100 at segmented address SS:ESP+0Ch. The contents of the stack pointer (ESP) register of the faulting application resides in the exception stack frame 100 at segmented address SS:ESP+10h. The contents of the stack segment (SS) register of the faulting application resides in the exception stack frame 100 at segmented address SS:ESP+14h. Note that the ESP and SS values appear in the exception stack frame 100 if the associated control transfer to the exception handler involves a change of privilege level.
The contents of the instruction pointer (EIP) register of the faulting application, at segmented address SS:ESP+04h, points to the instruction in the faulting application that generated the exception. The contents of the stack pointer (ESP) register of the faulting application, at segmented address SS:ESP+10h, is the address of (i.e., points to) the faulting applications' stack frame at fault time.
The error code for segment-related exceptions is very similar to a protected mode selector. The highest-ordered 13 bits (bits 15:3) are the selector index, and bit 2 is the table index. However, instead of a requestor privilege level (RPL), bits 0 and 1 have the following meeting: bit 0 (EXT) is set if the fault was caused by an event external to the program, and bit 1 (IDT) is set if the selector index refers to a gate descriptor in the IDT.
FIG. 2 is a diagram of a SYSCALL/SYSRET target address register (STAR) 200 used in x86 processors manufactured by Advanced Micro Devices, Inc. The SYSCALL/SYSRET target address register (STAR) 200 includes a “SYSRET CS Selector and SS Selector Base” field, a “SYSCALL CS Selector and SS Selector Base” field, and a “Target EIP Address” field.
At some point prior to execution of a SYSCALL instruction, the operating system writes values for the code segment (CS) of the appropriate system service code to the SYSCALL CS Selector and SS Selector Base field of the SYSCALL/SYSRET target address register (STAR) 200. The operating system also writes the address of the first instruction within the system service code to be executed into the Target EIP Address field of the SYSCALL/SYSRET target address register (STAR) 200. The STAR register is configured at system boot. The Target EIP address may point to a fixed system service region in the operating system kernel.
During execution of a SYSCALL instruction, the contents of the SYSCALL CS Selector and SS Selector Base field is copied into the CS register. The contents of the SYSCALL CS Selector and SS Selector Base field, plus the value ‘1000b’, is copied into the SS register. This effectively increments the index field of the CS selector such that a resultant SS selector points to the next descriptor in a descriptor table, after the CS descriptor. The contents of the Target EIP Address field are copied into the instruction pointer (EIP) register, and specify an address of a first instruction to be executed.
At some point prior to execution of a SYSRET instruction corresponding to the SYSCALL instruction, the operating system writes values for the code segment (CS) of the calling code to the SYSRET CS Selector and SS Selector Base field of the SYSCALL/SYSRET target address register (STAR) 200. The SYSRET instruction obtains the return EIP address from the ECX register.