Non-canonical linear addresses and general protection exception
https://stackoverflow.com/questions/10358634
-
04-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPergunta
The Intel Manuals say the following about canonical addresses and general protection exception:
From (Vol 1, Pg. 3-13):
"If a linear-memory reference is not in canonical form, the implementation should generate an exception. In most cases, a general-protection exception (#GP) is generated. ..."
From (Vol 3A, Pg. 6-52):
"The following conditions cause general-protection exceptions in 64-bit mode:
- If the memory address is in a non-canonical form.
- If a segment descriptor memory address is in non-canonical form. ..."
I am interested to know whether the contents of the RIP are also classified as a "memory address", as mentioned in the above quote. Or is it the case that the RIP can contain a non-canonical address but #GP will not be raised till the RIP is used to refer to a location in the memory?
[EDIT]
I read the manuals more carefully now, especially the pseudocode for the CALL, RET and JMP instructions (since they are at liberty to change the RIP). I noticed that in 64-bit mode, the check of canonicity of an address is done before it is stored in the RIP, as a result of which #GP is raised before RIP gets a non-canonical address. So, the answer to my question is that the RIP can never contain an non-canonical address.
The situation I was concerned about --- that #GP will be raised because the RIP containing a non-canonical address is used to refer to a memory location --- does not arise at all.
Solução
RIP has to contain canonical addresses as well, not just, say RSP or RBX when accessing memory.
EDIT: you can see that RIP isn't excluded from the requirement in:
- the description of SYSENTER/SYSEXIT and SYSCALL/SYSRET
- section "Interrupt 13—General Protection Exception (#GP)":
If the target offset in a destination operand of a call or jmp is in a non-canonical form.
Outras dicas
What would the difference be? If you try to set RIP via a jump or call instruction, the processor will try to load that address and trap. Does it matter whether or not the trap is specified as being on the register set or load from icache?
