The implementation of copy_user_enhanced_fast_string in the Linux Kernel copy routine uses stac/clac in the epilog and prolog. perf annotate shows the following code: AC is “Alignment check (or access control) flag”. What is the reason stac/clac are used in the routine? What would be the consequen…
Tag: x86
Loop Never Ends in Assembly?
Basically, I have below assembly code: I am trying to loop through 0-50 and print the variable pas or probably buf from input box. But this loop keeps printing pas endlessly. I Presume the issue is the re-assignment of ecx, but otherwise without putting my string into ecx how would I print it? or even execute…
SYS_READ call only works once, seemingly skips over code when ran again
I’m trying to rewrite a little text game in assembly for fun, and I noticed that I’m only able to run the following code successfully once. If I run it again elsewhere, it will seemingly skip over the code. I am compiling using the following command: nasm -f elf64 -o test.o textgame.s && l…
What are the correct permissions while “sys_open”ing a file?
I am trying to read the contents of a file using x86 assembly on Linux. The question is, what we should put into edx – the “permissions” register for sys_open. I’ve used open() of C before; but there wasn’t any “permissions” field. I am trying to read a file belongs t…
Segmentation fault when using memory with custom ELF file
I am trying to program a small ELF program with a custom ELF header but have a segmentation fault whenever i am writing to memory. Why would that code trigger a segmentation fault ? %assign LOAD_ADDRESS 0x08048000 BITS 32 org LOAD_ADDRESS ; load address ehdr: ; Elf32_Ehdr db 0x7F, “ELF”, 1, 1, 1 ;…
How to read stale values on x86
My goal is to read in stale and outdated values of memory without cache-coherence. I have attempted to use prefetchnta to perform a non-temporal load, but it failed to fetch outdated values. I am looking into performing some kind of Streaming Memory-to-Memory Direct-Memory-Access, but am having a little troub…
Explain Linux commit message that patches/secures POP SS followed by a #BP interrupt (INT3)
This is in reference to CVE-2018-8897 (which appears related to CVE-2018-1087), described as follows: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting…
Is it possible to use both 64 bit and 32 bit instructions in the same executable in 64 bit Linux?
A 64 bit CPU (amd64) supports 32 bit Intel instructions in the compatibility mode. Also, a 64 bit Linux installation allows running ELFs containing 32 bit instructions if the ELF header says it is a 32 bit executable. I was wondering if it is possible to put some assembly instructions inside the ELF which swi…
Why can’t I mmap(MAP_FIXED) the highest virtual page in a 32-bit Linux process on a 64-bit kernel?
While attempting to test Is it allowed to access memory that spans the zero boundary in x86? in user-space on Linux, I wrote a 32-bit test program that tries to map the low and high pages of 32-bit virtual address space. After echo 0 | sudo tee /proc/sys/vm/mmap_min_addr, I can map the zero page, but I don…
Linux page table of the process
I’m reading about the memory paging here and now trying to experiment with it. I wrote a simple assembly program for getting Segmentation Fault and ran in gdb. Here it is: I assemble and link this into a 64-bit ELF static executable. As far as I read each process has its own Page Table which cr3 registe…