摘要 |
Robust system call RBSTCALL and return RBSTRET instructions are executed by processors including execution circuitry and registers storing pointers to data structures in memory. The registers comprise segment registers, e.g. GS. For RBSTCALL the execution circuitry receives system call instructions from requesters which transfer control from a privilege level of the requester, e.g. ring 3 (user mode) or ring 0, to a privilege level of an operating system kernel, e.g. ring 0 (step 611). In response, the execution circuitry swaps the data structures that are pointed to by the registers between the requester and the operating system kernel in one atomic transition (step 612). Use of a SWAPGS instruction following a SYSCALL/SYSRET instruction is no longer needed. Privilege escalation attacks are avoided because using one single atomic instruction instead of a sequence prevents occurrence of faults in the middle. Faster RBSTCALL/RBSTRET assumes target ring is zero and removes segment validations. |