sysretq doesn't properly handle non-canonical addresses
|Assignee:||Robert Mustacchi||% Done:||
The syscall and sysret instruction expect to be given a canonical x86 address when called. On Intel processors it is the expectation of the operating system to verify that the address being is in fact canonical. If we find that the address is not canonical, instead of taking the normal fast path which would have us execute a sysret, we should instead go through the longer syscall path which we normally enter when we have to handle things like signals. This causes us to instead exit with an iretq which can handle the non-canonical address.
|duplicated by illumos gate - Bug #2890: SYSRET 64-bit operating system privilege escalation vulne...||Closed||2012-06-17|