Presentation is loading. Please wait.

Presentation is loading. Please wait.

EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode."— Presentation transcript:

1 EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode

2 Privilege-levels Although the x86 processor supports four distinct privilege-levels in protected-mode, only two are actually used in the popular Windows and Linux operating-systems Ring3 (for applications) Ring0 (for the OS kernel) Ring2 (not used) Ring1 (not used)

3 Opportunity for optimization Just as the suppression of ‘segmentation’ in 64-bit memory-addressing has offered extra execution-speed and programming simplicity, there is opportunity for faster privilege-level transitions by eliminating references to system-tables in memory application program kernel services system-call ring3ring0 return

4 Sacrifice ‘flexibility’ for ‘speed’ The ‘syscall’ and ‘sysret’ instructions allow much faster ring-transitions during normal system-calls – by keeping all the required information in special CPU registers – but accepting some limitations: –Transitions are only between ring3 and ring0 –Only one ‘entry-point’ to all kernel-services –Some formerly ‘general-purpose’ registers would have to acquire a dedicated function

5 Layout of GDT descriptors Use of ‘syscall’ requires a pair of global descriptors to be adjacently placed: Use of ‘sysret’ requires a triple of global descriptors to be adjacently placed: GDTR 64-bit code DPL=0 ring0 data DPL=0 GDTR 16/32-bit code DPL=3 ring3 data DPL=3 64-bit code DPL=3

6 Model-Specific Registers Some MSRs must be suitably initialized: 0xC0000080: IA32_MSR_EFER 0xC0000081: IA32_MSR_STAR 0xC0000082: IA32_MSR_LSTAR 0xC0000083: IA32_MSR_CSTAR 0xC0000084: IA32_MSR_FMASK The Intel processor must be executing in 64-bit mode to use ‘syscall’ and ‘sysret’

7 Extended Feature Enable Register This Model-Specific Register (MSR) was introduced in the AMD64 architecture and perpetuated by EM64T (for compatibility) SCESCE LMELME LMALMA NXENXE 63 11 10 8 0 Legend: SCE = SysCall/sysret is Enabled (1=yes, 0=no) LME = Long-Mode is Enabled (1=yes, 0=no) LMA = Long-Mode is Active (1=yes, 0=no) NXE = Non-eXecutable pages Enabled (1=yes, 0=no) NOTE: The MSR address-index for EFER = 0xC0000080, and this register is accessed using RDMSR or WRMSR instructions

8 The MSR_STAR register unused selector for 64-bit ring0 code-descriptor 63 48 47 32 31 0 selector for ‘compatibility’ ring3 code-descriptor This selector is for the first in a pair of adjacently-placed GDT descriptors for the CS and SS registers, respectively, upon the transition from ring3 to ring0 This selector is for the first in a triple of adjacently-placed GDT descriptors for the CS and SS (or SS and CS) registers, respectively, upon the transition from ring0 to ring3 (depending on whether ‘sysret’ or ‘sysretq’ is used) for ‘syscall’for ‘sysret’

9 The MSR_LSTAR register Linear-address of the system-call entry-point 63 0 This is the 64-bit address which will go into the RIP register when the ‘syscall’ instruction is ececuted by ring3 code The former value from the RIP register (i.e., the ‘return-address’) will be saved in the RCX general-purpose register, to be used later by the ‘sysret’ instruction (so therefore it must be preserved)

10 The MSR_CSTAR register The function of this register is unknown 63 0 This register is observed to exist – Linux x86_64 writes a value into this register in fact – although current Intel documentation omits mention or explanation of this Model-Specific Register (We did find an obsolete Intel document online which referred to this register, but did not make clear its past purpose or function) It’s a mystery …

11 The MSR_FMASK register Reserved (unused) 63 31 0 This register can be programmed by an Operating System with a bitmask that will be used by the processor to automatically ‘clear’ a specified selection of bits in the RFLAGS register when ‘syscall’ is executed (the former value of RFLAGS is saved in the general-purpose R11 register) Flags Mask

12 ‘fastcall.s’ We created a demo-program that shows the use of ‘syscall’ and ‘sysret’, indicating what setup-steps are needed: Page-mapping tables (user-accessible frames) Global Descriptor Table layout Task-State Segment (needs ESP0 value) EFER (needs LME=1 and SCE=1) CR4 needs PAE=1, CR3 needs physical address of page-map level4 CR0 needs PE=1 and PG=1

13 Transitions in ‘fastcall.s’ real mode Ia-32e compatibility mode 64-bit mode (Ring3) 64-bit mode (Ring0) 64-bit mode (Ring3) real mode Ia-32e compatibility mode 64-bit mode (Ring0) syscall sysret lcall ljmp lretmov The main purpose of this demo-program is to illustrate the use of ‘syscall’ and ‘sysret’ (but we have to get to 64-bit mode to do it)

14 In-class exercise In our ‘fastcall.s’ demo-program there are two transitions from ring3 to ring0 (in one case via ‘syscall’ and in the other via ‘lcall’ through a call-gate Can you measure which of these is faster? (for example, by using the processor’s TimeStamp Counter, accessible with the ‘rdtsc’ instruction)

15 TimeStamp Counter 64-bit register automatically increments with every cpu clock-cycle 63 0 The ‘rdtsc’ instruction returns this register’s current value: rdtsc # EAX = least-significant 32-bits from TSC # EDX = most-significant 32-bits from TSC (This 64-bit register is initialized to zero at system-startup)

Download ppt "EM64T ‘fast’ system-calls A look at the requirements for using Intel’s ‘syscall’ and ‘sysret’ instructions in 64-bit mode."

Similar presentations

Intermediate x86 Part 3 Xeno Kovah – 2010 xkovah at gmail.

Intermediate x86 Part 3 Xeno Kovah – 2010 xkovah at gmail.
Processor Privilege-Levels

Processor Privilege-Levels
Using VMX within Linux We explore the feasibility of executing ROM-BIOS code within the Linux x86_64 kernel.

Using VMX within Linux We explore the feasibility of executing ROM-BIOS code within the Linux x86_64 kernel.
Computer Organization and Assembly Languages Yung-Yu Chuang

Computer Organization and Assembly Languages Yung-Yu Chuang
Intel 80386 MP.

Intel MP.
Ring-transitions for EM64T How the CPU can accomplish transitions among its differing privilege-levels in 64-bit mode.

Ring-transitions for EM64T How the CPU can accomplish transitions among its differing privilege-levels in 64-bit mode.
CSC 221 Computer Organization and Assembly Language

CSC 221 Computer Organization and Assembly Language
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
Task-Switching How the x86 processor assists with context-switching among multiple program-threads.

Task-Switching How the x86 processor assists with context-switching among multiple program-threads.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.

IA32 Paging Scheme Introduction to the Pentium’s support for “virtual” memory.
IA-32 Processor Architecture

IA-32 Processor Architecture
Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.

Interrupts in Protected-Mode Writing a protected-mode interrupt-service routine for the timer-tick interrupt.
The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.

The various x86 ‘modes’ On understanding key differences among the processor’s several execution-architectures.
Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.

Processor Privilege-Levels How the x86 processor accomplishes transitions among its four distinct privilege-levels.
Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure.

Venturing into protected-mode A first look at the CPU registers and instructions which provide the essential supporting infrastructure.
1 Hardware and Software Architecture Chapter 2 n The Intel Processor Architecture n History of PC Memory Usage (Real Mode)

1 Hardware and Software Architecture Chapter 2 n The Intel Processor Architecture n History of PC Memory Usage (Real Mode)
X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT

X86 segmentation, page tables, and interrupts 3/17/08 Frans Kaashoek MIT
Model-Specific Registers

Model-Specific Registers

Similar presentations

Ads by Google