Skip to content
Advertisement

Tag: x86

Why does the Linux Kernel copy implementation use the AC flag?

The implementation of copy_user_enhanced_fast_string in the Linux Kernel copy routine uses stac/clac in the epilog and prolog. perf annotate shows the following code: AC is “Alignment check (or access control) flag”. What is the reason stac/clac are used in the routine? What would be the consequences if we simply remove them? Answer Normally all page access checks are disabled in

Loop Never Ends in Assembly?

Basically, I have below assembly code: I am trying to loop through 0-50 and print the variable pas or probably buf from input box. But this loop keeps printing pas endlessly. I Presume the issue is the re-assignment of ecx, but otherwise without putting my string into ecx how would I print it? or even execute any thing within my

What are the correct permissions while “sys_open”ing a file?

I am trying to read the contents of a file using x86 assembly on Linux. The question is, what we should put into edx – the “permissions” register for sys_open. I’ve used open() of C before; but there wasn’t any “permissions” field. I am trying to read a file belongs to the same owner of the executable. The file’s permissions

Segmentation fault when using memory with custom ELF file

I am trying to program a small ELF program with a custom ELF header but have a segmentation fault whenever i am writing to memory. Why would that code trigger a segmentation fault ? %assign LOAD_ADDRESS 0x08048000 BITS 32 org LOAD_ADDRESS ; load address ehdr: ; Elf32_Ehdr db 0x7F, “ELF”, 1, 1, 1 ; e_ident times 9 db 0 ;

How to read stale values on x86

My goal is to read in stale and outdated values of memory without cache-coherence. I have attempted to use prefetchnta to perform a non-temporal load, but it failed to fetch outdated values. I am looking into performing some kind of Streaming Memory-to-Memory Direct-Memory-Access, but am having a little trouble due to the overwhelming amount of background knowledge required to proceed

Explain Linux commit message that patches/secures POP SS followed by a #BP interrupt (INT3)

This is in reference to CVE-2018-8897 (which appears related to CVE-2018-1087), described as follows: A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer’s Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as

Linux page table of the process

I’m reading about the memory paging here and now trying to experiment with it. I wrote a simple assembly program for getting Segmentation Fault and ran in gdb. Here it is: I assemble and link this into a 64-bit ELF static executable. As far as I read each process has its own Page Table which cr3 register points to. Now

Advertisement