Skip to content

Tag: x86

Counting L3 cache access event on Amd Zen 2 processors

I am trying to figure out the event to use with the perf stat command to count L3 cache accesses on an AMD Zen 2 processor. As per the PPR (, section, page 168, the event is x01 and the umask is x80 for “[L3 Cache Accesses] (L3RequestG1)”. From what I understand, the event to use in perf stat

The implementation of Linux kernel current macro

Generally speaking, if we want to use current macro in Linux kernel, we should: but there is a asm-generic version: the asm version implements the current macro through per-cpu variable, but asm-generic version implements the current macro through thread_info, these two are totally different. Linux kernel headers’ organization says we should use asm version, which include asm/current.h, but so many

Understanding ELF64 text/data segment layout/padding

I’m trying to brush up on UNIX viruses and one text I’m reading mentions that parasitic code can be inserted in the padding between the text and the data segment, supposedly up to 2MB in size on x86-64 systems. But when I compile a simple hello world program with gcc -no-pie… …and inspect its segment headers with readelf -W -l

assembly, how to use mprotect?

I am trying to make self modifying code in Linux. I thought it would works but didn’t. I used nasm on ubuntu 18.04. INT 0x80 return value is -22 0xffffffea I don’t know what is wrong. Answer Run your program under strace, like strace ./a.out to decode system call args and return values. Probably your base address isn’t page-aligned, or

Why does the Linux Kernel copy implementation use the AC flag?

The implementation of copy_user_enhanced_fast_string in the Linux Kernel copy routine uses stac/clac in the epilog and prolog. perf annotate shows the following code: AC is “Alignment check (or access control) flag”. What is the reason stac/clac are used in the routine? What would be the consequences if we simply remove them? Answer Normally all page access checks are disabled in