Linus Torvalds writes: (Summary)
On Powerpc, for example, when you pass an "int" argument, the ABI
specifies that you have to sign-extend the register in the caller to
64 bits.
64 bits.
And the generated code actually depends on that behavior, in that maybe it first tests the 32 bit value, but then _uses_ the full 64 bits, knowing that the caller sign-extended it properly. This is a problem with the system call interface, since the caller isn't a trusted entity, and user space could pass an "int" value with the high bits set to something that _isn't_ the sign-extended thing, so then the compiler generates unsafe code.
so then the compiler generates unsafe code.
On x86, this never happens, since x86 doesn't have that "hidden higher bits matter" ABI model.
64 bits.
And the generated code actually depends on that behavior, in that maybe it first tests the 32 bit value, but then _uses_ the full 64 bits, knowing that the caller sign-extended it properly. This is a problem with the system call interface, since the caller isn't a trusted entity, and user space could pass an "int" value with the high bits set to something that _isn't_ the sign-extended thing, so then the compiler generates unsafe code.
so then the compiler generates unsafe code.
On x86, this never happens, since x86 doesn't have that "hidden higher bits matter" ABI model.