On 06/20/2011 07:43 AM, H.J. Lu wrote:
> On Mon, Jun 20, 2011 at 7:33 AM, H. Peter Anvin <h...@zytor.com> wrote:
>> On 06/20/2011 07:01 AM, H.J. Lu wrote:
>>> On Mon, Jun 20, 2011 at 6:53 AM, Bernd Schmidt <ber...@codesourcery.com>
>>> wrote:
>>>> On 06/20/2011 03:51 PM, H.J. Lu wrote:
>>>>> Promote pointers to Pmode when passing/returning in registers is
>>>>> a security concern.
>>
>> No. Promoting *NON*-pointers (or rather, requiring non-pointers to
>> having already been zero extended) is a security concern. I thought I'd
>> made that point clear already. This is a hideously critical distinction.
>
> I can promote pointers then.
>
Yes. The issue comes when promoting non-pointers, like "unsigned int".
Pointers are the opposite because pointers in the kernel are 64 bits
and we'd like them to be pre-promoted.
>>> Peter, do you think it is safe to assume upper 32bits are zero in
>>> user space for x32? Kernel isn't a problem since pointer is 64bit
>>> in kernel and we don't pass pointers on stack to kernel.
>>
>> As I have already stated, if we *cannot* require pointers to be
>> zero-extended on entry to the kernel, we're going to have to have
>> special entry points for all the x32 system calls except the ones that
>> don't take pointers.
>
> 32bit pointers are zero-extended to 64bit when passing in registers to
> kernel.
Excellent, sounds like we have converged.
I saw you posted something about pointers on the stack, but it sounds
like you already realized that we don't point any stack arguments
whatsoever to the kernel.
-hpa
--
H. Peter Anvin, Intel Open Source Technology Center
I work for Intel. I don't speak on their behalf.
