%si register
Closed this issue · 1 comments
iihihiuh commented
Hi I am reading your kprobe code and I am wondering how you guys make sure that register si contains the address of evicted virtual address?
Thanks,
envy commented
We put kprobes on the driver functions sgx_eldu and sgx_ewb.
Per x86_64 calling convention, the second argument (struct sgx_encl_page *) is passed in the rsi register.
The first member of that struct is the page address.
That's why it's +0(%si), we dereference the pointer and then access the first struct member.
I don't really know why it's only %si in the probe and not %rsi, but writing %rsi (or even %esi) does not work and results in EINVAL.