3

In aarch32, more precisely the ARM-OABI, the immediate value of swi was still used to transfer the syscall number. In ARM-EABI, on the other hand, a register is used instead. swi #0 then indicates that a register should be used.

This option is no longer available in aarch64, so I use this combination all the time:

mov  x8, syscall_number
svc  #0

Why do I have to add an additional 4 bytes of code size here and the immediate value remains unused this time?

According to the ARM Programmer's Guide, the immediate value is stored in the Exception Syndrome Register ESR_EL and should therefore be readable with mrs. Or is that already a too big loss of performance?

References:

fcdt
  • 2,371
  • 5
  • 14
  • 26
  • 1
    perhaps because it didnt make sense in aarch32. or perhaps because it is easier to set a register than hardcode the instruction immediate. (have a single helper function than many helper functions) – old_timer Jul 07 '20 at 14:09
  • It can't have anything to do with `ESR_ELx` - that register needs to be read anyway just to tell apart syscalls from other synchronous exceptions like data aborts. – Siguza Jul 07 '20 at 16:15
  • It depends on the OS's choices, really. ARM64 Windows uses the immediate value on the SVC instruction to select which system call. I would argue that putting the system call number as an immediate is slightly better for security, because it limits ROP gadget opportunities. – Myria Jul 08 '20 at 20:55

0 Answers0