Bug #2873
sysretq doesn't properly handle non-canonical addresses
| Status: | Resolved | Start date: | 2012-06-14 | |
|---|---|---|---|---|
| Priority: | Immediate | Due date: | ||
| Assignee: | Robert Mustacchi | % Done: | 100% |
|
| Category: | kernel | |||
| Target version: | - | |||
| Difficulty: | Hard | Tags: |
Description
The syscall and sysret instruction expect to be given a canonical x86 address when called. On Intel processors it is the expectation of the operating system to verify that the address being is in fact canonical. If we find that the address is not canonical, instead of taking the normal fast path which would have us execute a sysret, we should instead go through the longer syscall path which we normally enter when we have to handle things like signals. This causes us to instead exit with an iretq which can handle the non-canonical address.
Related issues
| duplicated by illumos gate - Bug #2890: SYSRET 64-bit operating system privilege escalation vulne... | Closed | 2012-06-17 |
History
Updated by Rich Lowe over 2 years ago
- Status changed from New to Resolved
- % Done changed from 90 to 100
Resolved in r13724 commit:7740792727e0